← Work

Case study

Trickest · Workspaces, Access & Navigation

One project with two fronts: introducing workspaces as the unit of access (a role model people could actually reason about), and reworking a flat sidebar into workspace-aware navigation so you always know which context you're in.

Role
Design Engineer
Timeframe
2025
Focus
SaaS, Access Management, Navigation

Design engineer across the whole project — the workspace-scoped role model, the invite / teams / access flows, and the navigation rework it triggered. I shaped the IA and interaction, prototyped in code through several rounds, and built the final screens alongside the PM and the backend engineers who built the permissions system.

app.trickest.io/settings/users

Users

Manage user access, roles, and team memberships

Invite User
Search users…/ Statuses

Active Users (5/10)

MV
Mira VuletićSuper Admin
mira@acme-sec.com
Active2 days ago
DR
Dario RossiWorkspace Admin
dario@acme-sec.com
Operators
Active1 week ago
AP
Ana PetrovićMember
ana@acme-sec.com
Operators
Active3 days ago
MR
Marcus ReedMember
marcus@acme-sec.com
Leadership
Active5 days ago
JK
Jonas KellerMember
jonas@acme-sec.com
Contractors
Activeyesterday

Invitations (1)

LB
Lena BrandtMember
lena@client-fintech.com
Contractors
Invitedinvited 2d ago

Everything below is mock data — names, teams, workspaces, pages and counts. The design and reasoning are real.

01

The problem

Trickest is a security-automation platform where a workflow can actively scan a client’s production systems. So who can touch what isn’t a nicety — it’s the deal. When I picked it up, access was just two org-wide buckets, admin and member: a member saw everything, an admin controlled everything.

settings / users — legacy
3 of 3 users
Mira Vuletićmira@acme-sec.com
Admin
Jonas Kellerjonas@acme-sec.com · contractor
Member
Marcus Reedmarcus@acme-sec.com · CISO
Member

A contractor, an operator and a C-level viewer all got the same label. No way to say “this contractor can only run workflows in one workspace” — and no least-privilege story. It wasn’t hypothetical: coarse access was flagged as a blocker in 4 of the last 6 enterprise security reviews, stalling deals in procurement.

Fixing that needed a unit to scope access to — a workspace. But introducing workspaces had a second, unavoidable consequence: the product’s flat-list navigation had no way to express which workspace you were in, or to separate account-wide pages from workspace-scoped ones.

sidebar — legacy (flat)

DashboardWorkflowsRunsLibrarySettings

So it was really one project with two intertwined fronts: a role model scoped to workspaces, and navigation that makes workspace context legible. Building the access model without fixing the nav would have hidden it; fixing the nav without a real scoping unit would have had nothing to navigate between. (Signals reconstructed from the real project — procurement questionnaires asking for role-based access, and recurring “give someone access to just one project” requests — for this write-up.)

02

Workspaces & the role model

Two ideas make access tractable. First, the thing access is scoped to: a workspace — a group of workflows (a red-team engagement, a client project) that people navigate into from the switcher up top.

app.trickest.io/workspace/red-team

Red Team

Offensive engagements — external pentests & red-team ops

24 workflows5 projects 3 running

Projects

Client — FintechContinuous ReconAd-hoc

Workflows

Subdomain Enumerationedited 2h agoScheduled
Port Scan → Nucleiedited yesterday · 12 runs
Cloud Recon (AWS)edited 3 days ago
Phishing Infra Checkedited 1 week agoDraft
Full External Reconedited 2 weeks ago · 40 runs

Instead of one org-wide label, everyone gets a role inside each workspace — and that role can be granted to a single person or a whole team. So access became two levels: a light org role, and a per-workspace role.

Second, the roles themselves. Per-user permission toggles, or a small set of named roles? I tested both against one task — “give a contractor execute access to one workspace”.

A — permission toggles

jonas — permissions
View workflows
[x]
Edit workflows
[ ]
Execute workflows
[x]
Manage files
[ ]
View insights
[ ]
Manage members
[ ]

B — role hierarchychosen

jonas — role in Red Team
ExecuteView, create and execute workflows
✓ chosen
ReadView everything; can't run
WriteView and create workflows

Toggles fail the predictability test — thousands of states, and “can Jonas execute in Red Team?” needs a whole panel to answer. Roles win: a strict ladder that maps cleanly onto the people who actually use the product.

workspace roles → who they're for
OwnerTeam leads & admins
full
ExecuteOperators who run workflows
run
WriteBuilders who create workflows
build
ReadStakeholders following along
view
Databases & AppsC-level & clients
data only

Each level contains the ones below it, so one sentence answers any question: “Execute and above can run workflows.” The C-level case is its own scoped role — Databases & Apps sees dashboards and data, never the workflows.

03

Managing access

The access lifecycle is one flow: invite → organize into teams → grant workspace access → maintain.

Invite users

Send invitations to new team members.

Enter emails, separated by commas or new lines…

Separate multiple emails with commas or new lines.

Cancel Send invites

The invite is deliberately thin — just emails. Placement happens next, where you can see the whole person.

app.trickest.io/settings/teams

Teams

Organize users into teams for streamlined access management and collaboration

Create team

Teams

Search teams…/
Contractors3
External partners with scoped, time-boxed access
Operators8
In-house red team
Leadership4
C-level · dashboards only
SOC Analysts6
Blue team monitoring
Clients5
Read-only project access

Contractors

External partners with scoped, time-boxed access.

Created Feb 27, 2026 · 3 members

Workspace access Add workspace
Red TeamExecute
Threat IntelRead
Client — FintechRead
Members Add users
JK
Jonas Keller
jonas@acme-sec.com
RS
Raj Singh
raj@contract.io
LB
Lena Brandt
lena@vendor.io

Teams group people so access scales: members on one side, workspace access on the other. Grant a workspace to the team once and every member inherits it.

Add workspace access

Select a workspace to give Contractors access

Search workspaces…

8 workspaces available to add to this team

Purple Team
Threat Intel
Blue Team

Select role

Read
Write
Execute
Owner
Databases & Apps
SOC Dashboard
Client — Fintech
Read → Blue TeamCancelAdd workspace access

Granting a workspace — to a person or a whole team — is a single pick-and-role step, using the same five-role ladder, with a running summary (Read → Blue Team) so the outcome is legible before you commit.

JK
Jonas Keller
jonas@acme-sec.com
ActiveMember
JoinedSep 12, 2024
MFAEnabled
Vault RoleMember

Teams

Contractors

Workspace Access

Add
Red TeamExecute
Threat IntelRead
Deactivate User

The person view closes the loop: every workspace someone can touch, direct or inherited from a team, in one panel. Onboarding is one pass; offboarding is one screen, not a hunt through every workspace.

Before rollout, I validated the five-role ladder with 3 pilot customers’ admins and contractors — running the “give a contractor execute access to one workspace” task end-to-end and adjusting labels until each role read unambiguously.

04

The navigation it triggered

Workspaces solved scoping — but the moment they existed, the flat sidebar broke. Pages now split into global pages that belong to the whole account (library, billing, account settings) and workspace-scoped pages that only make sense inside one workspace (its workflows, runs, variables). Navigation had to answer three questions at once: which context am I in, how do I switch workspaces, and how do I move between global and workspace-scoped pages — without turning the sidebar into a maze. I ran at it three times.

Iteration 1 — Bundled flyout. One popover that combined current-workspace nav, the workspace switcher list, and global nav items in a single menu.

workspace ▾ — flyout popover

▾ workspace···

This workspace

OverviewWorkflowsRuns

Switch workspace

Red TeamBlue Team+ Create

Global

LibrarySettings

Why it didn’t work: compact, but it loads a transient menu with three different jobs at once. Worse, it collapses on select — so every workspace navigation means reopening the same popover. Frequent actions were buried behind a menu that kept closing.

Iteration 2 — Persistent sidebar with switcher header. Keep the nav items always visible; condense the switcher into a single header row at the top.

sidebar — switcher as header

▾ Red TeamOverviewWorkflowsRunsVariablesLibrarySettingsBilling

Why it didn’t work: this fixed the frequency-of-use problem — nav is one click, always there. But it left the second half unresolved: workspace-scoped pages (Workflows, Runs) and global pages (Library, Billing) sat in one undifferentiated list. You still couldn’t tell what belonged to the workspace and what belonged to the account.

Iteration 3 — Icon rail + drill-in panel. A thin icon-only rail on the far left, opening a drill-in panel with a breadcrumb and grouped categories.

icon rail + settings drill-in

Settings / User Management

Fleet

Fleet

Team

User ManagementAudit Logs

Billing

Overview

Why it didn’t work: this one actually solved the global-vs- workspace separation — the breadcrumb answered “where am I,” and grouped categories (Fleet, Integration, Personal, Team, Billing) gave global pages a real home. But the icon-only rail traded label clarity for density, and the drill-in added a click of depth to everyday actions. Right idea, wrong ergonomics.

05

The final sidebar

The resolved model is one sidebar with two layers. The root layer is workspace-first: a switcher at the top (context always visible, changeable in one click), the four workspace pages as a flat labelled list, and below a divider the three drill-in categories — Global, Library, Settings.

Drilling into a category doesn’t open a second panel or an icon rail — the same sidebar slides to its second layer: workspace items give way to the category’s grouped items, with a back row (labelled with the category name) to return. One place to look, two levels deep, never both at once.

In context — the root layer inside a workspace, product-dark like the real app:

app.trickest.io/workspace/red-team

Red Team

Offensive engagements — external pentests & red-team ops

24 workflows5 projects 3 running

Projects

Client — FintechContinuous ReconAd-hoc

Workflows

Subdomain Enumerationedited 2h agoScheduled
Port Scan → Nucleiedited yesterday · 12 runs
Cloud Recon (AWS)edited 3 days ago
Phishing Infra Checkedited 1 week agoDraft
Full External Reconedited 2 weeks ago · 40 runs

The three states of the same sidebar, side by side:

Switcher pill — the active workspace is always visible; one click opens the list (state B).Divider — flat workspace pages above, the three drill-in categories below.Back row — labelled with the category name, so the drilled layer still answers "where am I."

And the mechanic in motion — the same panel opening the switcher, then sliding into Settings and back:

the mechanic in motion — switcher opens (B), then the panel slides into Settings (C) and back · looping

Each iteration’s lesson survives: nav stays persistent (iteration 2) — the drill-down is a layer of the same fixed sidebar, not a transient flyout (iteration 1’s failure). Global and workspace-scoped pages are cleanly separated (iteration 3’s goal) — but with full text labels and grouped section headers instead of an icon-only rail. And the back row names where you are (← Settings), so the drilled state answers “where am I” as clearly as the switcher does at root.

Before building it out, I validated the model in click-through prototypes — watching people switch workspaces and reach a global page cold. The two-layer slide tested clearest when the back row was labelled with the category name rather than a generic “back,” which is why it shipped that way.

06

Outcome

Figures below are illustrative — the mechanism and direction are real; the exact numbers are reconstructed, not measured.

Access & teams

  • Onboarding collapsed to one pass — a new contractor went from a ~9-step, multi-screen setup to a single invite-and-assign flow.
  • Offboarding became one screen — instead of hunting through 12+ workspaces to revoke access, everything a person can touch is revoked from one panel.
  • Enterprise deals unblocked — least-privilege went from a standing security-review blocker to a checkbox: 4 of 6 reviews that previously flagged access passed in the two quarters after launch.

Navigation

  • Switching context dropped to one click — the persistent switcher pill replaced a reopen-the-menu loop, cutting workspace changes from ~3 interactions to 1.
  • “Where am I” stopped being a question — with the pill always showing the active workspace and a clear global/scoped split, mis-navigation into the wrong workspace fell sharply in usability sessions (roughly 4 in 5 wrong-context slips disappeared).
  • The sidebar scaled with the product — new global pages have an obvious home in the Global section instead of lengthening one flat list.

What I’d change: design the audit view earlier (“who had access last quarter?” showed up within weeks), check hidden-vs-disabled against the API — a Write user briefly saw a delete control the server correctly refused — and re-test icon-rail density at higher workspace counts, where the switcher list gets long and the iteration-3 rail idea might earn its place back as a secondary index.