Case study
Trickest · Workspaces, Access & Navigation
One project with two fronts: introducing workspaces as the unit of access (a role model people could actually reason about), and reworking a flat sidebar into workspace-aware navigation so you always know which context you're in.
Design engineer across the whole project — the workspace-scoped role model, the invite / teams / access flows, and the navigation rework it triggered. I shaped the IA and interaction, prototyped in code through several rounds, and built the final screens alongside the PM and the backend engineers who built the permissions system.
Users
Manage user access, roles, and team memberships
Active Users (5/10)
Invitations (1)
Everything below is mock data — names, teams, workspaces, pages and counts. The design and reasoning are real.
The problem
Trickest is a security-automation platform where a workflow can actively scan a client’s production systems. So who can touch what isn’t a nicety — it’s the deal. When I picked it up, access was just two org-wide buckets, admin and member: a member saw everything, an admin controlled everything.
A contractor, an operator and a C-level viewer all got the same label. No way to say “this contractor can only run workflows in one workspace” — and no least-privilege story. It wasn’t hypothetical: coarse access was flagged as a blocker in 4 of the last 6 enterprise security reviews, stalling deals in procurement.
Fixing that needed a unit to scope access to — a workspace. But introducing workspaces had a second, unavoidable consequence: the product’s flat-list navigation had no way to express which workspace you were in, or to separate account-wide pages from workspace-scoped ones.
sidebar — legacy (flat)
So it was really one project with two intertwined fronts: a role model scoped to workspaces, and navigation that makes workspace context legible. Building the access model without fixing the nav would have hidden it; fixing the nav without a real scoping unit would have had nothing to navigate between. (Signals reconstructed from the real project — procurement questionnaires asking for role-based access, and recurring “give someone access to just one project” requests — for this write-up.)
Workspaces & the role model
Two ideas make access tractable. First, the thing access is scoped to: a workspace — a group of workflows (a red-team engagement, a client project) that people navigate into from the switcher up top.
Red Team
Offensive engagements — external pentests & red-team ops
Projects
Workflows
Instead of one org-wide label, everyone gets a role inside each workspace — and that role can be granted to a single person or a whole team. So access became two levels: a light org role, and a per-workspace role.
Second, the roles themselves. Per-user permission toggles, or a small set of named roles? I tested both against one task — “give a contractor execute access to one workspace”.
A — permission toggles
B — role hierarchychosen
Toggles fail the predictability test — thousands of states, and “can Jonas execute in Red Team?” needs a whole panel to answer. Roles win: a strict ladder that maps cleanly onto the people who actually use the product.
Each level contains the ones below it, so one sentence answers any question: “Execute and above can run workflows.” The C-level case is its own scoped role — Databases & Apps sees dashboards and data, never the workflows.
Managing access
The access lifecycle is one flow: invite → organize into teams → grant workspace access → maintain.
Invite users
Send invitations to new team members.
Separate multiple emails with commas or new lines.
The invite is deliberately thin — just emails. Placement happens next, where you can see the whole person.
Teams
Contractors
External partners with scoped, time-boxed access.
Created Feb 27, 2026 · 3 members
Teams group people so access scales: members on one side, workspace access on the other. Grant a workspace to the team once and every member inherits it.
Add workspace access
Select a workspace to give Contractors access
8 workspaces available to add to this team
Granting a workspace — to a person or a whole team — is a single pick-and-role
step, using the same five-role ladder, with a running summary (Read → Blue Team)
so the outcome is legible before you commit.
Teams
ContractorsWorkspace Access
AddThe person view closes the loop: every workspace someone can touch, direct or inherited from a team, in one panel. Onboarding is one pass; offboarding is one screen, not a hunt through every workspace.
Before rollout, I validated the five-role ladder with 3 pilot customers’ admins and contractors — running the “give a contractor execute access to one workspace” task end-to-end and adjusting labels until each role read unambiguously.
The navigation it triggered
Workspaces solved scoping — but the moment they existed, the flat sidebar broke. Pages now split into global pages that belong to the whole account (library, billing, account settings) and workspace-scoped pages that only make sense inside one workspace (its workflows, runs, variables). Navigation had to answer three questions at once: which context am I in, how do I switch workspaces, and how do I move between global and workspace-scoped pages — without turning the sidebar into a maze. I ran at it three times.
Iteration 1 — Bundled flyout. One popover that combined current-workspace nav, the workspace switcher list, and global nav items in a single menu.
workspace ▾ — flyout popover
This workspace
OverviewWorkflowsRunsSwitch workspace
Red TeamBlue Team+ CreateGlobal
LibrarySettingsWhy it didn’t work: compact, but it loads a transient menu with three different jobs at once. Worse, it collapses on select — so every workspace navigation means reopening the same popover. Frequent actions were buried behind a menu that kept closing.
Iteration 2 — Persistent sidebar with switcher header. Keep the nav items always visible; condense the switcher into a single header row at the top.
sidebar — switcher as header
Why it didn’t work: this fixed the frequency-of-use problem — nav is one click, always there. But it left the second half unresolved: workspace-scoped pages (Workflows, Runs) and global pages (Library, Billing) sat in one undifferentiated list. You still couldn’t tell what belonged to the workspace and what belonged to the account.
Iteration 3 — Icon rail + drill-in panel. A thin icon-only rail on the far left, opening a drill-in panel with a breadcrumb and grouped categories.
icon rail + settings drill-in
Settings / User Management
Fleet
FleetTeam
User ManagementAudit LogsBilling
OverviewWhy it didn’t work: this one actually solved the global-vs- workspace separation — the breadcrumb answered “where am I,” and grouped categories (Fleet, Integration, Personal, Team, Billing) gave global pages a real home. But the icon-only rail traded label clarity for density, and the drill-in added a click of depth to everyday actions. Right idea, wrong ergonomics.
The final sidebar
The resolved model is one sidebar with two layers. The root layer is workspace-first: a switcher at the top (context always visible, changeable in one click), the four workspace pages as a flat labelled list, and below a divider the three drill-in categories — Global, Library, Settings.
Drilling into a category doesn’t open a second panel or an icon rail — the same sidebar slides to its second layer: workspace items give way to the category’s grouped items, with a back row (labelled with the category name) to return. One place to look, two levels deep, never both at once.
In context — the root layer inside a workspace, product-dark like the real app:
Red Team
Offensive engagements — external pentests & red-team ops
Projects
Workflows
The three states of the same sidebar, side by side:
And the mechanic in motion — the same panel opening the switcher, then sliding into Settings and back:
Each iteration’s lesson survives: nav stays persistent (iteration 2) — the drill-down is a layer of the same fixed sidebar, not a transient flyout (iteration 1’s failure). Global and workspace-scoped pages are cleanly separated (iteration 3’s goal) — but with full text labels and grouped section headers instead of an icon-only rail. And the back row names where you are (← Settings), so the drilled state answers “where am I” as clearly as the switcher does at root.
Before building it out, I validated the model in click-through prototypes — watching people switch workspaces and reach a global page cold. The two-layer slide tested clearest when the back row was labelled with the category name rather than a generic “back,” which is why it shipped that way.
Outcome
Figures below are illustrative — the mechanism and direction are real; the exact numbers are reconstructed, not measured.
Access & teams
- Onboarding collapsed to one pass — a new contractor went from a ~9-step, multi-screen setup to a single invite-and-assign flow.
- Offboarding became one screen — instead of hunting through 12+ workspaces to revoke access, everything a person can touch is revoked from one panel.
- Enterprise deals unblocked — least-privilege went from a standing security-review blocker to a checkbox: 4 of 6 reviews that previously flagged access passed in the two quarters after launch.
Navigation
- Switching context dropped to one click — the persistent switcher pill replaced a reopen-the-menu loop, cutting workspace changes from ~3 interactions to 1.
- “Where am I” stopped being a question — with the pill always showing the active workspace and a clear global/scoped split, mis-navigation into the wrong workspace fell sharply in usability sessions (roughly 4 in 5 wrong-context slips disappeared).
- The sidebar scaled with the product — new global pages have an obvious home in the Global section instead of lengthening one flat list.
What I’d change: design the audit view earlier (“who had access last quarter?” showed up within weeks), check hidden-vs-disabled against the API — a Write user briefly saw a delete control the server correctly refused — and re-test icon-rail density at higher workspace counts, where the switcher list gets long and the iteration-3 rail idea might earn its place back as a secondary index.