Fivetran • 2021–2025

Scaling Fivetran's Enterprise Permissions

Strategic Challenge

Fivetran's lack of granular access controls was blocking enterprise deals and creating security risks.

We needed a system that could support complex permission structures beyond the basic admin/user model.

My role

Led the end-to-end vision and execution of Fivetran's enterprise data governance strategy as the sole designer. Guided cross-functional stakeholders through system architecture decisions and advocated for platform refactoring.

Key outcomes

  • Unlocked Fortune 500 deals through enterprise-ready permissions
  • +200% new users per enterprise account
  • Custom roles and team-based access at scale

Context

Fivetran's legacy permissions model wasn't built for enterprise scale. Permissions were tied to destinations, which meant any user with access to a destination could access every connector inside it. Large customers worked around this by spinning up new destinations to silo access. This was a brittle, manual workaround. As enterprise interest grew, the need for a real governance model became critical.

The original model didn't allow for the granular permissions needed for complex enterprise organizations. Couple that with vague role definitions and poor visibility and it just wasn't working.

Our goal was to support secure, scalable access across complex org structures. This would enable large customers to delegate ownership, restrict access to sensitive data, and onboard users efficiently. RBAC wasn't just a security fix. It was a foundational shift that enabled Fivetran to sell into larger, more regulated organizations.

The current permissioning model needed workarounds like duplicating destinations to assign the proper access.

Challenges

Fivetran's original permission model was simple: six generic roles with limited customization. That worked for small teams but collapsed under the complexity of enterprise organizations.

  • No way to assign access at a granular level
  • Vague role definitions and poor visibility
  • Inherited permissions led to confusion and over-granted access
  • Admins couldn’t delegate. Everything ran through them
“Right now the admin has to do everything.”
“I don't understand the relationship between account-level and destination-level access.”

To complicate the design challenge, I discovered that governance needs varied wildly. Some customers separated production and staging; others enforced connector-level restrictions, PII obfuscation, or SCIM/SAML integration. Contractors needed access to a single connector without visibility into anything else. Destination admins needed control without account-wide access. And usage had to be tracked not just per user, but per team. I wasn't designing for edge cases, I was designing for the reality of enterprise complexity.

Real governance models from enterprise customers — each with different needs for roles and visibility
There were multiple ways to communicate cascading permissions, each with its own pros and cons.

Solution

The real challenge wasn't designing a better screen. It was defining a permissioning system that could scale across hundreds of users, dozens of data sources, and highly segmented teams. The old model couldn't express what customers needed. We had to rethink how roles, resources, and organizational structures related to each other and build a system flexible enough to support all of them.

Cascading permissions explorations.
Working through default roles.
Collaborative white board session with the PM exploring how permissions would translate across the new Teams model.

We deliberately chose an explicit access model with no silent inheritance and no automatic escalation to match enterprise expectations around privacy and control. That meant solving for complex scenarios: contractors who could only touch one connector, team-level access without account-level privileges, and admins who needed visibility without overreach.

We modeled how roles and permissions should map to teams, connectors, destinations, and account-wide settings

The outcome wasn't just a new flow. It was a new foundation. We introduced clearer out-of-the-box roles, a custom role builder, and a new Teams feature that let admins group users and delegate access more efficiently. Once the system was in place, we redesigned the Add User experience to reflect it, making role and resource assignment easier, more predictable, and scalable.

We introduced clearer out-of-the-box roles and a custom role builder.
The new Teams feature that let admins group users and delegate access more efficiently
The new User pages with immediate resource visibility and the redesigned the redesigned Add User experience.

Impact

The new RBAC system launched in phases and quickly proved its value. Admin bottlenecks disappeared. Security reviews moved faster. Data governance felt native, not bolted on. Within the first year:

  • 300+ customers adopted the Teams feature
  • 200% increase in account-level user creation
  • 50% increase in overall account usage
Usage, users, and ARR were all up following the adoption of our new trust and governance framework.

More importantly, my RBAC design positioned Fivetran as a governance-ready platform, unlocking deals with highly regulated industries and security-conscious buyers. It became a core part of our Enterprise offering and a key enabler of governed data movement at scale. This work became a template for how we approached enterprise-scale features moving forward.

“Fivetran allows us to automate and formalize the process and give us an end-to-end audit trail. We also need to prove we have good data governance throughout our data lifecycle. Fivetran provides all of this and more.”
Sr. Manager of Data Engineering, WeWork
Previous Zen Planner
Next Fivetran Design System