File Access Management
Make users feel secure and confident when managing their highly confidential shared items.
01
____ What I Did  __
Turned frustration into flow within rigid technical constraints — achieving 100% task success and cutting task time by half.
02
____ Why I Did it __
Managing file access is frustrating

Context

Team: 1 Designer, 1 Product Manager, 1 Engineer, 1 Researcher
Timeline: June 2018 – November 2018

Constraints

Link sharing model doesn't support permission changes on a per-user basis

OneDrive Business link sharing model enables users to generate multiple permission-specific links, allowing secure document sharing without the risk of leaks or unwanted edits—supporting the business goal of increasing collaboration.

However, a key limitation is that permissions are set at the link level, meaning any changes affect all people with that link rather than individuals. You can't change the permission of a sharing link from edit to view or from view to edit. The way around it is to delete your sharing link and create a new one with a different permission.
In order to change permission for an individual
Users need to remove the individual from the original link and create a new permission link
Change the permission directly will affect all people with that link

User Painpoints

#1 People are struggling with changing individual’s permission
In the original interface, OneDrive didn’t explain how to adjust permissions for specific users. It was confusing and almost impossible to do. Users often couldn’t understand how it worked. They risk accidentally changing the entire link’s settings, which is not what they intend.
#2 Tracking and removing people’s access is difficult
A similar problem occurs when a user needs to remove someone’s access. They have to hunt through each shared link to find the person. If they miss one and think they’ve already removed access, they risk accidentally leaking a confidential file. Relying on small avatar pictures also makes it difficult to clearly see who has access and who doesn’t.
Emails : Opening 52 emails to download, upload, and manually organize files.
It was very difficult for users to track an individual’s permissions.
03
__ Design  __
Help users to clearly understand and manage individual permissions based on the link model.

Identify User Jobs

1. Easily tracking who has access and their permissions
2. Quickly removing individual access when needed
3. Changing access permissions for specific individual
Emails : Opening 52 emails to download, upload, and manually organize files.
PM and Researcher conducted focus group study
Understand technical aspect

First Design

People-Focused list and In-context guidance

Rather than focusing on links, we shifted the focus to people. We pulled profile avatars to the forefront and grouped links beneath each person. Users often manage access with specific individuals in mind, so the new people-centric list helps them quickly find and manage the right person.
The People-Focused list makes it easier for users to spot the person they want to manage access for.
04
____ Test & Learn __

Usability Test  I

Participants reported low satisfaction

We conducted a study with six participants—including IT admins and information workers—to measure task success and user satisfaction. While participants successfully completed all tasks, they were dissatisfied with the experience of changing individual permissions.
Emails : Opening 52 emails to download, upload, and manually organize files.

Unfold the Problem

People-Focused UI gives users wrong expectations

The entry point misled users into thinking they could change permissions per person. Guidance only appeared once users were in the task flow, explaining that they needed to create a new link instead of modifying the existing one. Even when users understood and completed the task, the experience still felt unpleasant.
05
__ Iteration __
How could we make this experience feel natural under constraints

Clarify the Correlation at Entry Point

To address user confusion, I adapted the people-focused model into the link component. When users first see this and click the dropdown, they immediately see who is associated with the link and how permissions are inherited. This design aim to:
(1) clarify the relationship between users and the link,
(2) make it explicit that modifying the link settings impacts everyone in the group.
V1 : People list only.
V2 : Integrated people list under link component.
Clarify the relationship between users and the link
V2 : Changing link permission

Provide upfront guidance for changing individual permissions

We introduced lightweight, upfront guidance. When users hover over the permission icon, a callout immediately appears, explaining how permission changes work and guiding them toward the correct action. This approach set clear expectations early, before users entered the permission-changing flow. So, users can felt more in control and confident when managing individual access.
V1 : Guidance only appeared once users were in the task flow
V2: A lightweight, upfront guidance appears
Make it easy to understand and change permissions in the link sharing model.
V2 : Changing permission for an individual
06
__ Result __
Reduced task time by 50% and successfully met the satisfaction target.

Usability Test II

Reduced 50% task time and successfully met the satisfaction target

We conducted a study with six participants—including IT admins and information workers—to measure task success and user satisfaction. While participants successfully completed all tasks, they were dissatisfied with the experience of changing individual permissions.
Step by Step Walkththrough
→ File Hover Card
→ File OneUp System
→ File Request
→ VibroBP
mofaann@gmail.com    |   Copyright © Ann Lin 2024