Segment — User Management
Scalable user management with role-based access, granular permissions, and full system visibility.
Product Design
—
Role Product Designer
Industry SaaS
Duration 15 day
About Company — People Ops Teams Scale User and Access Management
Segment helps People Ops teams scale user and access management for growing companies. It acts as a central hub for all your user data, where you can seamlessly push and pull information between Segment and your internal tools or directories.
Case Results — Scalable, Flexible Permissions for Growing Teams
Segment’s previous permission model was too rigid admins couldn’t assign access by dimensions like region or business unit, and once roles were created, they couldn’t be adjusted. It didn’t support the needs of larger teams.
I redesigned the system to align with how modern go-to-market and operations teams work. Admins can now set granular read/write access by dimension (for example, EMEA Workspace – View Only), update existing roles at any time, and duplicate roles to speed up onboarding new users.
To make the transition easier, we kept the familiar default roles but made them fully editable. We also simplified the overall process into a quick 3-step flow: Choose Role → Set Dimensions → Apply Permissions.
The result is a permissions model that scales with the business. Small teams can onboard quickly, while larger organizations get the flexibility and control they need and permission-related support requests have dropped significantly.
Adding team members
Reduced to 3 clicks
Permission setup time
Reduced by ~70%
New feature for clear UX
Reusable roles
The Problem — People-ops teams enable organizations to grow by streamlining user onboarding, role assignments, and access permissions.
Segment’s permission model had been designed for small teams offering only a handful of fixed roles and shallow access controls. As Segment moved upmarket and attracted larger mid-market customers, this approach started to break down. These teams often resorted to risky workarounds like granting admin rights to everyone just to keep operations moving. This created security and compliance risks and became a recurring source of friction, affecting nearly a quarter of Segment’s most strategic accounts. More critically, the system lacked the flexible, multidimensional access logic needed for large organizations to scale securely and confidently.
HMW design a permissions framework that stays lightweight for small teams yet scales into a powerful, multidimensional system for larger organizations without adding complexity?
The Solution — Redesigned, flexible permissions model that allows teams to scale securely and efficiently with customizable roles, multidimensional access, and simplified workflows.
At Segment, I led the redesign of the permissions model into a flexible, multidimensional system tailored for scaling finance teams. The new approach gave admins the ability to assign precise read/write access across dimensions like region or department, all through a lightweight workflow that could be completed in just a few clicks. To maintain the fast onboarding experience, we preserved the familiar role structure but made roles fully customizable and easy to duplicate, allowing teams to adapt them as their needs grew. We also introduced streamlined bulk onboarding and simplified post-setup edits, reducing administrative overhead while strengthening security, improving scalability, and delivering a much smoother experience for customers.
01.Empathize — Interviews with 4 users, 2 support reps, and insights from our feature request board all revealed the same underlying issues.
UXR Summary
User-level permission makes bulk changes impossible
Users needed an easier way to assign or update permissions for multiple accounts at once. Manual edits were time-consuming and error-prone, especially as teams grew. They wanted the ability to copy existing roles, apply default presets, and make bulk updates with minimal effort.
Immature role system
I learned that users lack clarity around what each role actually permits. Beyond that, they want to create custom roles tailored to their teams something not possible with today’s static, canned roles.
Painful permission management
The existing experience is cumbersome: users face a long, unsorted checklist that creates friction and significantly slows them down.
Not enough control
A recurring need was finer control over access: teams wanted to grant external users or junior members only read-only permissions or restrict specific actions such as publishing, editing data, or viewing sensitive dashboards.
Competitive Analysis
Company
Approach
Pros
Cons
Takeaways
Workday
Role based
Domain and business level roles
Highly configurable
Setup is challenging
Requires specialization
High error risk
Too complex for Segment’s mid-market users
Custom roles likely necessary for FP&A
DataRails
Canned roles + groups
Data and feature roles
Flexible roles and access control
Steep learning curve
Time consuming
Poor UXUI
As our main competitor, we need to have parity or better
Our needs good UX simple yet robust.
Jira
Roles for features and data are one.
Add people via search
Project based permission settings
Easy to manage
Canned roles with option for custom ones
Project based roles can get confusing
Redundant
Not relevant to FP&A
Interesting UXUI decisions but overall not very relevant to our user-base
Pigment
Object-level roles, pages, metrics, charts etc.
Data based permissions - dimensions
Most robust, having 3 levels of permission: object, feature, and data
Steep learning curve
Hard setup and requires training
Segment would benefits with something similar but more simple.
02.Define — From these insights, I defined the key user needs and business requirements that would guide the redesign.
Levelset Workshop
I began by aligning the team on core business goals, known pain points, and key success metrics. This helped frame the problem space and ensured we were addressing both user needs and strategic priorities.
Problem
Existing permission is too rigid, often requiring engineering support to adjust. This creates bottlenecks for teams managing sensitive financial data and increases security risks when access is over-granted for simplicity.
Business Goals
Get larger mid-market companies using Segment.
Increase security around dimensions so our product sells better.
Security as a differrenetiator.
KPI’s
Implementation team setup time reduced by 20%.
Reduced time on task for users managing their teams.
Facts
Questions
Assumptions
Risks
Hypothesis
This hypothesis came out of workshops with product and engineering, where we mapped key unknowns and risks, then aligned on a shared direction focusing on groups, granular controls, and user management as critical to scaling permissions.
Permissions lack flexibility
If we improve our permissions by addressing the following areas, we can dramatically improve usability and user satisfaction:
Groups
Flexible, stackable structure
Controls both content and features
Easily added or removed
Granular Permission Controls
Simple, intuitive hierarchy
Standardized roles: Read, Write/Read, None
Group-based assignment
User Management
Clear UI for viewing and managing users
Override permissions
Outcome
Improved permissioning will lead to higher usability, better security, and user confidence.
We’ll know this is true when:
Key Success Metrics
30% decrease in permission-related support tickets.
2x faster average time to assign and manage user roles.
03.Ideate — In this phase, we generated multiple solution directions, from lightweight role customization to advanced bulk-edit workflows, and evaluated them against user needs and business priorities.
Story Mapping
I mapped the end-to-end journey of admins managing permissions, from onboarding new users to updating roles at scale. This helped visualize pain points, such as bulk edits, unclear role definitions, and rigid workflows—and guided us in prioritizing features that delivered the most impact quickly.
Bob Dylan
Finance Department
Goal: Wants to create a group to quickly his sales USA team.
User Actions
In order to left to right
Bob needs to create a new group in Segment.
Bob add users optionally.
Bob clicks new group and gives it a name.
User reviews their group decisions and saves.
Bob selects the feature set he wants the group to access.
Bob selects the feature set he wants the group to access.
Solutions
Each feature set has sub features. Has content and files.
Read, write, none for features to get granular
Users can be part of multiple groups, which will be additive
Easy to edit changes at the group/user level
View user and their group permission breakdown
Group table with group actions. (Edit, Delete)
Branded assets to fill out empty space
Disabling some data affetcs features
Duplicate group
Add On vs Portal Features
Full screen modal
View permission breakdown
User can search, filter, and add user in this step
Select user table
Steps: Features, Data, Files
Wizard-stepper UI
AI chat that creates group from a prompt
Group tab in the user management section
Snapshot of permission decisions by feature set