Alex Pugach
Product & Visual Designer
1200x800 IBM RBAC 2.png

UXUI Design - IBM Security RBAC

 

IBM QRadar Security - RBAC

IBM QRadar Security Suite is an industry leading cyber security product. As a product designer on the team, we’re tasked with improving complex tasks and experiences on the platform. One of those experiences in 2023 was improving the platform’s access control. Over the course of 8 sprints (4 months), my team and I proposed a new Role-based Access Control (RBAC) for the IBM QRadar Suite platform that enables granular control over user permissions.

My impact: Researched, designed and proposed a role-based access control that encompasses every application in QRadar Suite

Programs: Figma, Mural

My Roles: UX Researcher, UX Designer, UI Designer

 
 

Research Phase

QRadar Security Suite is a complex cyber security platform, with 12+ applications making up the whole Suite. There’s a single platform that handles user permissions, which a user can either be set as Admin or User. This is a fairly limited set of access control, given that some legacy products gave more granular control.

Problem: Our limited access control in QRadar Security Suite has prevented some users to convert from legacy and competitor products. A more robust access control is needed to address this.

Beginning with research, my team of 3 (UXUI designers) focused on our admin persona. We analyzed competitors and how they handle permissions on their own platforms. We also interviewed multiple Senior UX designers on other IBM products that had designed access control for their product. Utilizing a collaborative Mural board, we gathered this information and other secondary research. By the end of 4 sprints, we had hundreds of data points.

We then synthesized and identified patterns within our data to identify what users needed for access control. Multiple flows were found to be for the best experience on the platform. Through this research, we concluded that Role-based access control (RBAC) was the control our admin users needed. RBAC is the approach of assigning permissions to users based on their role within an organization instead of assigning them to users individually.

During these sprints, we consistently presented our progress to stakeholders. Our research phase concluded with a playback to stakeholders of our recommendations which lead to design explorations.

Exploration Phase (Low + Mid-fi)

Rolling into our exploration phase from Research, we could now confidently explore low and mid-fi designs for RBAC. This took 2 sprints. Utilizing the positive action flows we got from research, we designed iterations of the features and capabilities we found to be necessary for our users.

The flows we prototyped were key to an administrator:

  1. Adding a user and viewing a user.

  2. Adding a role to a user.

  3. Sharing a object/artifact across your team.

The link to see my mid-fi prototypes are here: Figma Prototype (Password same as this page)

Next Steps (Delivery)

Our next steps after proposing our mid-fi to our stakeholders is to deliver the experience in late 2024. Development is currently assessing backend limitations. And all 12 of the products in IBM QRadar Security Suite have been tasked to make sure to identify any limitations of access control for their products so that we could adjust accordingly.