Friday, November 3, 2017

editor - Editing user permissions within a group?


I am creating a user management tool for scientific labs where there are three sets of groupings. Users on their own, Groups of users, and then Labs, where Users and Groups are given one of three levels of permissions: Runner, Editor, and Admin.


I currently have two concepts for how an Admin can edit what users are part of the group and what level of permissions that user has. The first concept requires the user to click through to edit the members of a specific level of permissions. For example, I want to edit the Editors, so I click the "Edit Editors" button, and can add/remove users from that level of permissions. The second option is a mass "Edit Members" button. This button opens a user table where each member has an add/remove button and a drop down with the permissions level to attach to that user.


Are there any methods for creating this type of function within an interface? Does anyone know of a real world example that I could look at to use as a reference/inspiration?


Thanks in advance for the help!



Answer



First of all I'll do some assumptions about unspecified requirements, whenever possible I'll spot when suggested solution may be different if requirements aren't these.



  • (1) Users may have access to labs outside any group. Let's say you have users [1...5] and one group Group1 which includes users from 1 to 4. Lab1 has Runner privileges for Group1 and Admin privileges for User5 (outside any group).

  • (2) Users may be part of a group and have specific privileges outside that group. From previous example let's imagine User4 is part of Group1 but for Lab1 it has specific Editor privileges.


  • (3) Each lab has specific privileges for groups, unlisted groups have no privileges.

  • (4) Privileges are mutually exclusive (user/group may be Runner, Editor, Admin or nothing but only one of them for each lab).

  • (5) All not expressly given permissions are denied.

  • (6) You do not want to administrate users, groups and their privileges in the same window.


Let's first see how it's usually done in some applications. For example in SharePoint:


SharePoint example


As you can see there is a list of users/groups and their given permissions for an element. To add a new permission you have to click a button (Grant Permissions) where you can pick user or group. Users and groups not in this list have no permissions for selected element.


In Oracle:


Oracle example



Also here we have a list but all groups are listed and for each one you grant permissions you want. All users/groups are always visible.


In Windows:


Windows example


Different user interface but same principle of SharePoint. Note that you can change inherited permissions (for example to override a granted permission) but it doesn't apply in your case.



What you can do? I'd organize your form in two lists: one for labs and one for groups/users for that lab:


Suggested mockup


Right columns is for labs, if you want to manage users and groups you should have a separate interface (with quick links also from this form). Each item contains multiple informations:



  • An optional icon to quickly identify labs (by content, location or access).


  • Lab name, it's what you use to identify each lab.

  • An optional lab location line to understand where lab is (if often name alone isn't enough because it has to be short for displaying purposes).

  • Summary of permissions: 3 groups, 3 users means there are rules for 3 groups and 3 exceptions for specific users. If you always list every group then you may indicate here only groups with access permissions. This small text alone may be material for another question...


Right column lists rules for selected lab. Here you may have all groups (like in this example) and for each one you indicate its permissions. Rule of thumb (IMO) is number of groups: for a reasonable low number of items this is simpler to use than the other approach.


In the same list there are also specific exceptions (in this case single users) with different permissions. These exceptions override group settings (then, for example, Smart Guy should have Runner permissions but it has Editor).


There is an icon to expand each group to list its members, this will quickly give you the ability to add an exception:



  • Expand Students group.

  • Search student you need to give a special access.


  • Click button "Make Editor" to give him special permissions.


Exceptions may be quickly removed using × button on the top right corner of each list item.


For each column there is a search box. It's definitely important if you have a long list of items. Do not forget to use it also to search inside an expanded group (see also Search Results in a TreeTable for more details):


Search within a group example


What if you have a very low number of groups? You may simply use a tabular layout:


Tabular layout example


For a larger number of groups if you do not have very complicate setups and a fairly number of labs you may use a simpler approach:


Single list layout example


-

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

technique - How credible is wikipedia?

I understand that this question relates more to wikipedia than it does writing but... If I was going to use wikipedia for a source for a res...