Identity & Access Management
Overview
In 2015 Google Cloud did not have a robust permission system. There were 3 roles, Owner, Editor, Viewer to control and allocate all cloud resources. I was hired to research, design and build a system that would support the robust needs of Cloud and its customers. For the project, I partnered with User Researcher, Product Management, Engineering to deliver and evangelize the IAM system for Google Cloud Platform.
Skills demonstrated: Brainstorming, Interaction Design, SW Prototyping, Research, Business Rationale and Consensus Building, Evangelizing.
How do permissions work?
The fundamental scenario for IAM is about allowing access to resources. This simple yet highly accurate statement was used across Google to evangelize and explain the basics of IAM.
A simple and familiar example of giving permissions is allowing someone to comment on a document.
Research gave us a clear understanding of customer needs
As the lead designer I partnered with research to define and perform multiple research studies.
Foundational research informed the product team of the existing user needs and products space
Cognitive UI walkthroughs that I designed and prototyped in response to the foundational work, were tested over the course of product development
These represent a set of three highly requested permission scenarios.
- First, involves not only granting specific access, but also maintaining compliance for another entity.
- Second, creating a physical of location based access was of high value to many customers.
- Third, time based access - critical for many EU companies.
Each of those scenarios leverages roles which are a collection of granular permissions that allow the actor granted them to perform those actions.
We used research to understand what roles customers found the highest value in and we created and added those first.
Prototyping, iteration and testing generated a refined solution
Granting role based access
This video shows the scenario of granting a specific role - "Storage Admin" so that the new user will only have permission to perform administration actions associated with Storage in the project "Cats".