Background

Teams were managing role-based access in a brittle, inconsistent way. Admin permissions were hardcoded per product. Every exception required engineering intervention. Ops teams were flying blind, support tickets were piling up, and the business had no audit trail. The potential for legal violations was high.

I was brought in to design access management across the platform for teams to manage themselves across brands, regions, and roles.

We needed to design trust into the system.

A scalable access model that:
• Worked across multiple brands and tools
• Was safe by default and explainable by design
• Could support nuanced access control without overwhelming users
• Wouldn’t break every time the org structure shifted

Roles alone doesn't work. Context matters.

Most role-based systems assume “Manager” or “Admin” is meaningful on its own.

But in our case, access depended on where and when someone worked — was this a property-level admin? A brand lead? A regional partner?

We shifted from hardcoded roles to a layered model:User → Role → Context → Permissions

This modular approach allowed for:
Granular control (e.g. edit access for Texas properties only)
‍• Scoped visibility (e.g. view-only access for a sub-brand)
‍• Reusable logic across tools

Granularity vs. complexity

Ops: “We need 30+ roles to reflect every team setup.”
Engineering: “That’s not maintainable.”

I reframed roles as permission sets + filters (like region, brand, and team type).

We modeled 90% of real-world needs with just 3 composable role types–cutting engineering complexity by more than half.

No one complained about access anymore. Because it just worked.

• Access logic became modular, reusable, and scalable
• Clients could finally manage teams without escalating tickets
• Engineering no longer had to rebuild access logic for each tool
• Internal teams re-used the model to solve downstream access issues
• Platform risk dropped without slowing product velocity