Toast - Access Design Vision
Case study - UX & Research
“I want to manage access control across my restaurant(s) efficiently, enhancing permissions as my business evolves and gains insights”
My longest-lasting project and most significant contribution to Toast was my involvement in their complete overhaul of the user access management experience. I supported the Identity Platform from initial concept ideation, to technical exploration, user research, and eventually to initial implementation. The core of my contribution was the insistence we understand the wide range of use cases as soon as possible, so the technical exploration can be focused entirely on users’ Jobs-To-Be-Done, and allow for product representatives to consider the segmenting of new functionality with sales and marketing for various customer business sizes.
The following case study examines the Permission Design Vision project, showcasing my process of simplifying complex data models into a streamlined access management UX for users, in the shift to a significantly more powerful and granular permissioning engine:
The following case study examines the Permission Design Vision project, showcasing my process of simplifying complex data models into a streamlined access management UX for users, in the shift to a significantly more powerful and granular permissioning engine:
Outcome
Reduced job creation friction
12 down to 5 minimum clicks
Enhanced Toast Platform connectivity
3 connected Toast apps
Introduced detailed access reporting
Reducing support volume
Context
Why switch our permission platform now?
The current architecture has reached its limits, hindering efficient addition of new products and acquisitions, leading to multiple authentication systems and increased operational workload. Customer pain points include grouped and "hidden" permissions, lack of transparency, and difficulty in self-diagnosing issues. The system acts as a blocker for critical customer features, and extending it would be impractical, necessitating a shift to address limitations, improve user experience, and meet evolving legal, security, and compliance requirements.
Why switch our permission platform from RBAC to ABAC?
Role-Based Access Controls (RBAC)
Limited, flat permission management at scale“My access is granted directly from job assignment”
I am a chef (Job:Chef)
= I get chef access everywhere my business uses Toast
Attribute-Based Access Controls (ABAC)
Flexible + granular permission management at scale
“My access is based on the sum of my parts”
“My access is based on the sum of my parts”
I am a chef (Job:Chef)
+ I am scheduled right now (Time:OnSchecule)
+ I work at only one location (Location:Here)
= I get chef-related access, on schedule, at my location
+ I am scheduled right now (Time:OnSchecule)
+ I work at only one location (Location:Here)
= I get chef-related access, on schedule, at my location
Complex Use Case illustrating ABAC’s power is Restaurant Franchises:
As a Corporate Admin, I want my Franchisees (Attribute: Employee group) to only be able to edit specific fields (Attribute: Menu, Attribute: Menu Object) within the Menu Editor (Page access rule) at the locations they manage (Attribute: Location).
ABAC allows employees to be viewed holistically by both the user and the platform
︎ User attributes
Franchisee
Location manager
(Who is this person, what do they do?)
Franchisee
Location manager
(Who is this person, what do they do?)
︎ Resource and action attributes
Franchise menus
Menu prices
(What data/action is being accessed?)
Franchise menus
Menu prices
(What data/action is being accessed?)
︎ Access rule
Edit menus
Edit menu prices
(What rules determine grant/deny?)
Edit menu prices
(What rules determine grant/deny?)
Attributes are associated with users to help describe, to our system, who they are:
- Jobs assigned
- Locations assigned
- Shifts scheduled
- Tenure at company
- Age
- Sensitive access
- Anything else a business wants to configure!
With these attributes and rules, our platform determines what a user can interact with in Toast...
Project goals
Preserve mental models
Increasing efficiency in the functions users already perform and preserving mental models even with added functionality
Centralize access management
Ensuring access management encompasses all products within the Toast Platform, in a single location
Make access more clear
Maintain clarity in access assignments to instill confidence in user choices and trust in the platform
Research
Research process
Initial research for overhauling access management at Toast was focused on both technical limitations and opportunities presented by our tech upgrade. We conducted Toast Customer and Customer Success Manager interviews to gather a consensus on current issues, then I personally organized and ran subject matter expert workshops where we rapidly iterated on design solutions.
16 Customer interviews
Direct feedback collected from restaurant owners, people managers, and IT workers at a range of experience levels and restaurant complexities
4 CSM interviews
Collaborated with Customer Success Managers representing every customer segment and helped distill their historical feedback into the themes below
3 Subject matter expert workshops
Stakeholder review in combination with customer engagement allowed for design concepts to be validated and built upon in a rapid yet engaged manner
Historic customer feedback
Collected and distilled with help from Toast Customer Success Managers
Transparency + Visibility
I want to quickly understand who has what access across my business
Accountability
I want to see what was changed, in detail, within my business and by whom
Urgency
I want to respond to emergency access needs immediately if they are needed
Existing experience
Ingrained experiences
Existing experiences have not drastically shifted in the past 5 years and users won’t expect the approach to doing their work to change either.
Permissions represent “trust” and “oversight” to restaurant owners/managers
Decentralized access management
Navigating the hierarchy of access structures across Toast products and management levels was drastically slowing down management activities.
Unclear inheritance structure UI
The inheritence and overriding of access lacked clarity which led to inappropriate or inaccurate customer access management. Managers face friction for any operation that needs to be done at scale: reviewing access, editing access for groups, and general navigation across the access hierarchy.
The inheritence and overriding of access lacked clarity which led to inappropriate or inaccurate customer access management. Managers face friction for any operation that needs to be done at scale: reviewing access, editing access for groups, and general navigation across the access hierarchy.
This was NOT CLEAR to our users ︎︎︎
Stakeholder workshop
I led a design workshop for internal stakeholders to best understand both the experiential and business needs regarding access management. The workshop included representatives from engineering, product, sales, customer support, and enterprise teams.
The result of the workshop was our identification and clear illustration of customer Jobs-To-Be-Done, Current pains, and the Potential gains our users make if improvements are made:
The result of the workshop was our identification and clear illustration of customer Jobs-To-Be-Done, Current pains, and the Potential gains our users make if improvements are made:
So what are the access management Jobs-To-Be-Done?
1. Navigate business growth and changes seamlessly
“I want to be able to extend my existing configurations, as my business grows, to other employees, jobs, etc to ease in managing a changing workforce”
“I want to be able to extend my existing configurations, as my business grows, to other employees, jobs, etc to ease in managing a changing workforce”
2. Tailor access permissions for specific employees, roles and contexts
“I want to be able to specify the sensitive access employees hold based on their responsibilities, so I can ensure people don’t have inappropriate access”
“I want to be able to specify the sensitive access employees hold based on their responsibilities, so I can ensure people don’t have inappropriate access”
3. Quickly add employees to my team to begin onboarding
“I want to quickly set up jobs and permissions within Toast so I can jump into my tasks, so I don’t have to waste time doing repetitive data entry”
“I want to quickly set up jobs and permissions within Toast so I can jump into my tasks, so I don’t have to waste time doing repetitive data entry”
4. Access management and assignment for operational efficiency
“I want to configure permissions for groups of people that hold similar responsibilities, so I can reduce the level of manual effort of permission management”
“I want to configure permissions for groups of people that hold similar responsibilities, so I can reduce the level of manual effort of permission management”
5. Conditionally assign or revoke permissions based on specific roles or circumstances
“I want to review and assign access to employees who don’t typically require certain permissions, so I can ensure that operations run smoothly and employees don’t hold irrelevant access”
“I want to review and assign access to employees who don’t typically require certain permissions, so I can ensure that operations run smoothly and employees don’t hold irrelevant access”
6. Discover permissions allowing specific actions without the need for extensive searching
“I want to be able to find specific permissions quickly so I don’t waste time reading every permission to find what I need”
“I want to be able to find specific permissions quickly so I don’t waste time reading every permission to find what I need”
How does access management scale with business size?
Our design research strategy delves into the distinct needs of Small-Medium Businesses (SMBs) and Enterprise Businesses within the global restaurant industry. Through customer interviews and rigorous observations, we identify core user experiences and variations needed for varying business sizes, informing product suite tiering. Utilizing iterative testing and feedback loops, we tailor our approach to create restaurant software that maximizes efficiency for both SMBs and enterprises.
![]()
Small-medium businesses
1-100 employees
Closely managed by few
Enterprise businesses
100+ employees
Distributed management, often franchised
100+ employees
Distributed management, often franchised
This understanding helped inform the design choices for the two initial product tiers: Basic Access Management and Enterprise Access Management, with little strategic need for a middle-ground product offering.
Design results
Team Management Dashboard
The Team Management Dashboard displays (in addition to team status and performance data) an overview of access across your organization, including:
- Employees
- Jobs
- Access profiles
- Access requests
- Access reporting
- Access configurations
Changes:
Centralizing team management dashboard, to include all things access, jobs, and employees across different Toast offerings.
Access requests integrated into the existing requests panel, bringing urgent requests to the attention of managers from the context of their dashboard or the Toast Operator app (used by admins/owners).
Improved navigation clarity in sub-nav through consolidation of orphaned pages contained under the employees and jobs sub-navs. This resulted in the removal of two entire sub-nav pages which aligned with new product strategy standards.
Employee management
Employee, Job, and Access changes are core to the management experience, and the changes made maintain this importance while adding efficiency.
Changes:
Added contextual information and color coding system for increased understanding of employees at a glance.
Access overview allows for a quick view of an employee’s jobs and the sensitive access they hold before diving into the full, complex list of permissions.
Consolidated permissions list contains new contextual information to reduce the friction in locating specific permissions or features.
Sensitive access overview was added to give quick insight into the most concerning access permissions.
Sensitive access overview was added to give quick insight into the most concerning access permissions.
Permission change review modal allows users to ensure changes made are appropriate before committing updates.
Job management
Jobs are the essential entity for determining what an employee does within Toast and the changes made to the job creation flow reduced both friction and mental load:
Changes:
Toast Recommended quick start templates reduced friction during employee creation by prepopulating permission assignment based on common industry jobs.
Auto-populated fields from previous “job type” selection reduces the friction of job creation because the system knows exactly which configurations similar jobs require.
Sensitive info overview was added to give quick insight into the most concerning access permissions.
Bulk access management
Access profiles are assigned at the job-level and allow for bulk management of sensitive permission across jobs in the user’s respective management level. This allows for sweeping edits and highly granular configuration that flexibly caters to a range of restaurant sizes.
Toast provides a collection of premade access profiles that cover the most common access roles, while strategically offering custom access profiles within Team Management Pro for larger enterprise customers.
Changes:
Access profiles were more clearly defined to make a streamlined inheritence structure that enables large-scale, accurate sensitive permission assignment.
Sensitive access summary allows for a quick understanding of access without diving into the full list of permissions.
Access reporting
Historic view of all access changes within the respective user’s management level. Allows for a deep understanding of access activity and accountability to be held for both employees and business auditing
Changes:
Access reports tool with the ability to filter employees, access profiles, changes made, and impact of changes.
“View access report” throughout the Toast Platform makes reporting accessible from anywhere objects are named/displayed: employee profiles, permissions, jobs, and access profiles.
Save and export reports for future reference allowing customers to maintain regulatory documentation.
User reception
Small-medium businesses
“I love that I can rely on presets and dive deeper if needed, I’m not a power user and this is simple for me”
- Sandra, Restaurant owner
“Oh, this is much faster, both creating and managing access”
- Nico, Restaurant manager
“It is nice to see everywhere access is coming from, without having to zoom in and out repeatedly”
- Richard, Restaurant owner
Enterprise businesses
“Access profiles now make me more confident managing access in bulk”
- Enrique, Regional manager
“The new reporting tool let’s me both troubleshoot and routinely review my customer’s employee access”
- Michael, Customer success manager
“I am excited to start using ABAC, being able to configure my own attrributes and access rules will solve almost all my problems”
- Lee, Restaurant IT admin
In collaboration with
︎ Toast Teams
Ensured proper handling of disparate data models, crucial for access and permissions, especially with sensitive info like payroll, PII, and private business data.
Ensured proper handling of disparate data models, crucial for access and permissions, especially with sensitive info like payroll, PII, and private business data.
︎ Enterprise Growth
Ensured comprehensive consideration of customer needs, balancing the core access management experience for both small businesses and larger organizations.
Ensured comprehensive consideration of customer needs, balancing the core access management experience for both small businesses and larger organizations.
︎ UX Research
Challenged and validated design assumptions, relying on customer feedback for insights and ensuring choices aligned with user research and business goals.
Challenged and validated design assumptions, relying on customer feedback for insights and ensuring choices aligned with user research and business goals.
︎ Security
Ensured no oversight was made for the UX of managing highly sensitive access. Empowering users to trust the decisions they make regarding their data access.
Ensured no oversight was made for the UX of managing highly sensitive access. Empowering users to trust the decisions they make regarding their data access.
︎ Content Design
Consulted for common language usage and historical language feedback. Moved away from engineering-led language, and advocated user-driven nomenclature.
Consulted for common language usage and historical language feedback. Moved away from engineering-led language, and advocated user-driven nomenclature.