From custom permissions to a role based system that truly scaled.

2020   ⸱   Senior Product Designer   ⸱   Travel-tech SaaS / B2B

“Other systems force you to define every permission from scratch. TravelPerk keeps it simple but effective [and] cover[s] all necessary use cases without overcomplicating things.” – G2 review, 2024

First step: influencing stakeholders to reconsider the high complexity of customisable roles and permissions.

The arguments came from experience, alignment and research:

• Given TravelPerk’s high focus on SMB, I pointed out custom permissions are a high maintenance feature that is more catered to enterprise customers.
• I engaged with CSMs, CSEs and Engineers to really understand the implications of roles in Integrations, especially with HRIS.
• I then conducted 12 user interviews to learn the struggles of TravelPerk admins and what type of access they would like their colleagues to have.

Insights from admin interviews gave us enough confidence to design 3 additional, predefined roles.

1. ‍Travel Manager. This role needs to plan trips for other employees, without the unnecessary (and potentially risky) admin functionality.
2. Analyst. For colleagues who literally just need to view and download invoices and financial reports, without any admin access.
3. Guest. A role for freelancers, candidates, family members... not all travellers are employees, and they need a more restricted temporary access.

I collaborated with engineers and other designers to ensure our solution worked within the existing platform.

• Quick time-to-value. We shipped the Analyst role first because it was mentioned by all interviewees. It got excellent early adoption and feedback.
• Embracing constraints. The roles were designed grouping existing back end permissions, which saved a lot of development time.
• Mindful UX/UI. Instead of entirely new flows, engineers could feature flag entire sections, making it easier to build and maintain.

‍

* * *

After the beta success, all roles were shipped. They all had 90%+ adoption and are still in use 5 years later.

“I didn’t want to give full admin access just to pull reports. The Analyst role was exactly what we needed” – Trustpilot review, 2023

“We used to create fake accounts in Concur to book for guests. TravelPerk actually lets us do it properly” – G2 review, 2023

“Egencia has more roles, but I’d rather have something easier like TravelPerk” – G2 review, 2023

‍

* * *

Bonus: different platforms required different approaches

I designed updated Document Library permissions for Beekeeper with a similar customer-centric process, but a very different UI and technical approach.

I modelled it after platforms such as Google Docs and Microsoft Sharepoint, which our admins were already familiar with.

‍

* *  *

More case studies