Designing an Enterprise Permission & Profile Architecture for a Talent Intelligence Platform.
Redesigning the system foundation to support enterprise-grade security, granular role management, and data visibility control.
- Enabled enterprise-grade permission architecture.
- Increased client trust through visibility transparency.
- Reduced sensitive data exposure risk.
- Established a scalable foundation for future workforce products.
From ATS to Talent Intelligence Platform.
The product had to evolve beyond hiring - into a platform that carries a person across their entire workforce lifecycle. That meant rebuilding the underlying identity model from the ground up.
- Application tracking
- Single candidate record
- Linear hiring funnel
- Recruitment data only
= 1 Profile
= All Recruitment Data
- Internal mobility
- Workforce planning
- Reskill / upskill
- Cross-department visibility
- Future opportunities
= Multiple Applications
= Multiple Opportunities
Legacy architecture could not meet enterprise security requirements.
One profile carried every piece of data about a person - and every role with profile access could see all of it. Enterprise customers, especially in Japan, would not sign without structural separation and verifiable controls.
- ①Personal Information
- ②Resume
- ③Interviews
- ④Feedback
- ⑤Notes & Emails
- ⑥Offer & Compensation
- ⑦Documents
- Hiring managers saw sensitive compensation data.
- No separation between global talent data and job-specific data.
- No scalable permission model.
- High risk of data leakage across roles.
- Could not support enterprise compliance & trust.
Separate resources. Separate purpose. Separate visibility.
We split the monolithic profile into two distinct resources - Talent (the person, evergreen) and Application (the job-specific process, time-bound) - each with its own permission contract.
- Core profile
- Skills & experiences
- Resume
- Certifications
- Global notes & activities
- Application history
- Job information
- Interviews
- Evaluations & feedback
- Hiring workflow
- Offer process
- Job-related notes & emails
Control access at every level.
Six layers of permission, evaluated in sequence - from the highest-level "what resource can you touch" down to the field-level "can you export this value." Every screen reads from the same contract.
Backend enforces. Frontend renders safely.
Permission decisions happen server-side, then the API returns only what the user is allowed to see. The frontend never holds data it shouldn't render - so there is no hidden-but-loaded data to leak.
One layout. Different visibility.
The same Application Detail page renders differently depending on the viewer's role. Sections, fields, and tabs disappear at the contract layer - not the component layer.
- Personal Information visible
- Experience visible
- Skills visible
- Compensation visible
- Offer Letter visible
- Internal Notes visible
- Personal Information visible
- Experience visible
- Skills visible
- Compensation not visible
- Offer Letter not visible
- Internal Notes visible
- Personal Information visible
- Experience visible
- Skills visible
- Compensation hidden
- Offer Letter hidden
- Notes hidden
Compensation field in Application detail.
A worked example for a single high-sensitivity field - compensation - across five enterprise roles. Each role has its own view, edit, and export rights, evaluated independently.
| Role | Can view | Can edit | Can export |
|---|---|---|---|
| Recruiter | ✓ | ✓ | ✓ |
| Hiring Manager | ✗ | ✗ | ✗ |
| Interviewer | ✗ | ✗ | ✗ |
| HRBP | ✓ | ✗ | ✓ |
| Executive Viewer | ✓ | ✗ | ✗ |
Where the contract meets the interface.
Four surfaces that translated the permission architecture into something administrators and end users could actually operate day to day.
Role Management
Field Visibility Settings
Application Detail (Restricted)
Senior Product Designer
Notes Visibility
visible to: HR, Recruiter
visible to: Manager, HR
Built a foundation for future talent solutions.
Every product on this list inherits the same identity model and permission contract. New surfaces no longer rebuild visibility from scratch - they extend it.
This project was not just about building a feature - it was about designing a secure, scalable system foundation that enterprises can trust with their most sensitive data. By aligning UX, system architecture, and permissions, we unlocked the next chapter of our product and won the trust of leading enterprises.