Vareto Permissions — Chandler Tsai

Background

Vareto is a strategic finance platform that powers company planning, reporting, and operational decision-making for enterprise-scale businesses.
As one of the founding product designers, my responsibilities included partnering with cross-functional teams to define product requirements and designing key features for financial planning, reporting, and collaboration.

Context

During my time at Vareto, I worked on a significant permissioning project that involved a complete overhaul of the permissioning system for FP&A teams.
As part of this project, my team introduced the concept of Default Roles, which provided preset product permissions, simplifying the process for admins to set permissions for different users.
Additionally, I worked with my team to implement User Groups, which allowed Vareto users to be grouped together for easier and quicker sharing of Vareto content.
Overall, the project aimed to improve the efficiency and effectiveness of the FP&A teams by streamlining the permissioning process and enhancing collaboration within the Vareto platform.

Summary

Overall, the Vareto permissioning system was a success, meeting our goals of enhancing data security and integrity, providing flexibility and customization, ensuring ease of use, and facilitating collaboration. The project improved the efficiency and effectiveness of the FP&A teams and enhanced collaboration within the Vareto platform, ultimately leading to improved financial planning and decision-making for enterprise-scale businesses.

Goals

Enhance data security and integrity: Customers need to control access to sensitive financial data, ensuring that only authorized users can view, edit, or delete data.
Provide flexibility and customization: Vareto’s permissioning system should allow admins to define and manage user roles and permissions, tailoring access to the needs of the organization. This means providing a flexible and customizable system that can adapt to the changing needs of their business.
Ensure ease of use: Permissioning should be easy to use and understand, even for non-technical users. This means providing a simple and intuitive interface for managing user roles and permissions.
Facilitate collaboration: To promote collaboration, it should be easy to add new users, manage access, and share. This means ensuring that users have the necessary permissions to collaborate effectively and efficiently.

Role

Led the end-to-end design of a permissioning system (Default Roles & User Groups) across Vareto
Partnered with the product and engineering teams to define requirements and acceptance criteria
Defined a permissioning system that enhances data security, provides flexibility and customization, and ensures ease of use for new and existing Vareto users
Showcased the design process, key design decisions, and the overall impact on the user experience to stakeholders (Sales, Growth, Product Marketing) to create cross-team alignment

Tools

Figma
FigJam
Notion
Loom

Research & Problem Definition

I worked closely with my PM to define the scope of the problem by identifying key use cases and scenarios where permissions and access controls are critical.
Together we conducted customer calls with Customer Growth Managers to understand how users currently interact with Vareto and gathered feedback on potential quick-win solutions.
- This involved asking users about their experiences with permissions and access controls to understand their pain points, as well as their preferences for how these features should work.
Used the insights gathered from customer calls to validate the problem space with stakeholders.
- I then partnered with cross-functional team members to develop a set of requirements for how permissions and access controls should work in Vareto while taking into account our current technical limitations.

Customer Pain Points

“Collaboration is a nightmare without proper permissions. We have team members with different responsibilities, and if we can't set permissions based on roles, we end up wasting time trying to figure out who's supposed to do what.”
“It’s difficult and tedious to add new members to Vareto.”
“Giving access to the right content to the right groups of people is incredible slow in Vareto. You need to go into each report or planning model and hit the Share button, then enter in the user you want to share it to. Imagine having to do this a bunch of times when someone new gets added to Vareto.”

Findings

FP&A teams are often tasked with collaborating with those outside of the finance department.
- This was a clear signal that whatever solution we came up with we needed to to allow for different types of non-finance business roles to also have controlled access.
Today (Nov 2022) when adding a new user on the User Management page every single user must have 5 separate permissions set.
- This is time consuming and oftentimes many users have the same exact setup e.g. the permissions business user A has probably are the same as business user B.
Bulk sharing of content is an area that’s really lacking in Vareto. There’s no quick way to share a report or planning model with a group of people all at once.
- It’s all very manual and cumbersome because it needs to be shared individually and when new members get added to Vareto they don’t immediately have access to the right content which slows down collaboration.

Framing the Problem

Following conversations with customers regarding their concerns and issues, we gained greater clarity about their pain points, and more significantly, the users we should concentrate on designing for. This provided us with a better understanding of the specific roles we should optimize our permissions experience for and where our current experience is lacking. As a result, this study helped us narrow down and define our problem into specific areas to focus on:

How can we create an enhanced permissioning experience that takes into account the requirements of not only FP&A teams but also other business users?
How might we make it easier to organize Vareto users into group and share content quickly?
How might we simplify the experience of setting up permissions when adding new members to Vareto?

Target Audience

Everyone that uses the Vareto platform will interact with this feature in some way or another. First and foremost, anytime anyone accesses content (and therefore data) will be subject to authorization checks to make sure that they have or do not have access to the resource they’re trying to access. But to be more specific:

FP&A users will be the power users of managing permissions and sharing.These users know and keep track of who should have access to what.
Business stakeholders and others will have restricted access to data but will be able to create net new content, edit and share content, and view shared content.
IT or System Admins will manage things like Integrations credentials to other source systems.
Internal Vareto users like CGMs, Solutions, and even engineers also need access to customer environments.

Competitive Analysis

Anaplan:

Advanced data modeling and forecasting capabilities with granular data access controls.
Seamless integration with other enterprise systems and sophisticated sharing options for efficient collaboration.

Mosaic:

Extensive financial analysis and modeling capabilities with granular data access controls.
Robust integration options with other enterprise systems and comprehensive sharing options for better business outcomes.

Causal:

Interactive and intuitive financial modeling capabilities with granular data access controls.
Ability to export models to other platforms and innovative sharing options for easy collaboration.

Airtable:

Flexible and customizable database with granular data access controls.
Robust integration options with other enterprise systems and customizable sharing options for efficient collaboration.

Overall, these competitors offer advanced permissions and content sharing capabilities, but differ in terms of their specific features and level of complexity. Anaplan and Mosaic are more suitable for larger organizations with complex financial needs, while Causal and Airtable are more flexible and customizable for smaller businesses.

What does this mean?

At Vareto, we need to focus on building a permissioning system that is advanced, flexible, and easy to use for our users. We want to make sure that our users can control access to their data by setting specific permissions for different roles, while also allowing for sharing data with non-finance business users.

Ultimately, we want to provide a permissioning system that is both powerful and intuitive, helping our users collaborate effectively while keeping their data safe and secure. By doing so, we can build a better experience for our users and ensure that Vareto remains a leading FP&A app in the market.

Product Requirements

Working closely with my PM we split up this problem space into three separate phases that would ultimately make up the bulk of the Permissions project. We decided early on to ship these features incrementally and work on them in parallel with the engineering teams.

The three main phases we decided on included:

UX/UI updates to the existing User Management page

Clean up the look and feel of the user management page and create more visual consistency with the rest of Vareto.
Improve the user flow for adding new members to Vareto by making it easier to add multiple users at once and assign them to roles and groups.

Introduce Default Roles

Every user in Vareto should be assigned a Role. Roles represent different preset permissions that grant them various levels of access to parts of Vareto.
Admins should still be able to set a custom Role and set individual permissions.

Allow Vareto members to be added to Groups

Admins should be able to add multiple users into Groups.
There should be a way to view and manage Groups as part of the updates to the User Management page.
Sharing content in Vareto should allow for sharing to groups as well as individual users in Vareto.

Design Process

As a product designer, I knew that designing a new permissioning system for Vareto was a critical task that required close collaboration with the Customer Growth Managers. I started by brainstorming and sketching out different design concepts that addressed the needs and pain points of our customers.
Once I had a few solid concepts, I presented them to the Customer Growth Managers for their feedback. They were able to offer valuable insights into how our customers were currently using Vareto, as well as the specific challenges they faced with the existing permissioning system. Their feedback helped me identify areas that needed further refinement and adjustments.

Early Design Concepts

Members Page - Version 1

This was an early version of the updates to the existing User Management Page which was meant to be a slight visual update without introducing any net-new features.

Member Permissions Modal - Version 1

This was a an early version of the Member Modal where users can adjust individual permissions across different product areas.

Member Permissions Modal - Version 2

Another version of the permissions modal, except this time with Roles. Roles are meant to bundle sets of permissions together under a single Role.

User Testing & Validation

Over the next few weeks, I worked on iterating on the designs and incorporating the feedback from the Customer Growth Managers. We had several discussions and meetings to go over the progress and discuss any further suggestions.
To ensure we were meeting the needs of our customers, we also shared some of the design concepts with a few of our most active and trusted customers. Their feedback helped us make sure that we were creating a permissioning system that met their needs and expectations.
After several iterations, we finally arrived at a final design that we were confident would meet the needs of our customers and make the lives of our Customer Growth Managers much easier.

Final Designs - Highlights

Members Tab

The Members tab allows users to see all Vareto members as well as their Roles and assigned Groups.

Member Modal - Default Roles

The Member Modal allows Vareto admins to set a Default Role for each user. Instead of having to make five separate selections (like the old experience), when adding a new user or editing an existing one, admins only have to select a single role, and the corresponding permissions are displayed below.

Member Modal - Custom Roles

There’s an option for a Custom role, which lets Vareto admins individually set permissions per product area if they want that level of control.

Improved Experience for Adding New Members

When new users are being added to Vareto, its easy to set their permissions by assigning them to a Default Role. New users can also be added to different User Groups for gaining access to content immediately.

Groups Tab

The Groups tab allows users to view and manage all the user groups that exist in Vareto.

Group Modal

This modal allows users to see a full list of members who belong to the group, and provides options to rename the group itself. Users can also add or delete members.

Bulk Assigning to Groups

On the Members tab, users can select multiple members and quickly add them to an existing user group or create a new one.

Updates to Existing Sharing Modal

In order to support User Groups, we needed to update the existing Sharing Modal in Vareto’s reporting and planning products.

“The new permissioning system will significantly reduced the number of support requests we receive from Vareto customers. They can now easily manage their own permissions and roles without needing our assistance.”

— Vareto Customer Growth Manager

Outcomes

Overall, the Vareto permissioning system was a success, meeting our goals of providing flexibility and customization, ensuring ease of use, and facilitating collaboration. The project improved the efficiency and effectiveness of the FP&A teams and enhanced collaboration within the Vareto platform, ultimately leading to improved financial planning and decision-making for enterprise-scale businesses.

Highlights

Reduced workload for admins
- The new design is a better experience for Vareto FP&A teams, especially for admins who will benefit the most when having to add new members and share content, freeing up time for other tasks.
Reduced onboarding time
- User groups and Default Roles will allow customers to onboard quicker and get access to the right content and permissions right away, making it easier for them to get started with Vareto.
Enhanced scalability
- Providing better permissions that can also scale allows Vareto to onboard more customers and expand its customer base without compromising the user experience or the workload of admins and Customer Growth Managers.