Turning a "custom permissions" feature request into predefined roles that stood the test of time
“Other systems force you to define every permission from scratch. TravelPerk keeps it simple but effective [and] cover[s] all necessary use cases without overcomplicating things.”
G2 review, 2024
First important win: influencing stakeholders to reconsider the high complexity of customisable roles and permissions
📈
Given TravelPerk’s high focus on SMB, I pointed out custom permissions are a high maintenance feature that is more catered to enterprise customers.
🧩
I engaged with CSMs, CSEs and Engineers to really understand the implications of roles in Integrations, especially with HRIS.
🎙️
I then conducted 12 user interviews to learn the struggles of TravelPerk admins and what type of access they would like their colleagues to have.
The insights were surprisingly rich. They gave us enough confidence to design 3 additional, predefined roles. A bold move from the "custom roles" initial PRD.
🗓️
Travel Manager
Needs to plan trips for other employees, without the unnecessary (and potentially risky) admin functionality.
📊
Analyst
Literally just needs to view and download invoices and financial reports, without any admin access.
🕤
Guest
Freelancers, candidates, family members... not all travellers are employees, and they need a more restricted temporary access.
Simplified roles and permissions made audits and updates way easier:
We then took a gradual rollout approach and collaborated closely with engineers and other designers to ensure our solution worked within the existing platform.
📈
Quick time-to-value
We shipped the Analyst role first because it was mentioned by all interviewees. It got excellent early adoption and feedback.
💡
Embracing constraints
The roles were designed grouping existing back end permissions, which saved a lot of development time.
📐
Mindful UX/UI
Instead of entirely new flows, engineers could feature flag entire sections, making it easier to build and maintain.
Automating roles assignment through integrations became a breeze:
After the beta success, all roles were delivered. They all had 90%+ adoption and are still in use 5 years later.
“I didn’t want to give full admin access just to pull reports. The Analyst role was exactly what we needed”
Trustpilot review, 2023
“We used to create fake accounts in Concur to book for guests. TravelPerk actually lets us do it properly”
G2 review, 2023
“Egencia has more roles, but I’d rather have something easier like TravelPerk”
G2 review, 2023
Moment of delight – The Guest role is recommended for email addresses that aren't from your company:
Bonus: different platforms required different approaches
I designed updated Document Library permissions for Beekeeper with a similar customer-centric process, but a very different UI and technical approach. I modelled it after platforms such as Google Docs and Microsoft Sharepoint, which our admins were already familiar with.
