Wednesday, June 19, 2019

usability - UX best practice for role based access?


I am creating the information architecture for Enterprise software and currently putting in place Hierarchical Role based Access in order to personalise the user journey and allow my users to perform specific tasks based on the responsibilities attached to their role.


I am faced with a dilemma…


One of the roles has overarching permissions and privileges (HR Manager) but this role is also an Employee, which has limited set of permissions. I don’t see any contradiction between these two roles and the approach I am taking is to allow the HR role to freely view other employee details and simply have access to extended menu options.


I have been challenged on this approach and the team suggested that we should not allow the HR manager to view their own details as well as other employee details in the same view. Instead the approach suggested involves identifying the HR role at login and then providing a switch between HR Role and Employee role to accommodate a different navigation menu and access to different features.


Any thoughts or advise on this?


Has anyone encountered similar design challenge and how was this resolved?



Is there any UX best practice when it comes to role based access implementation?


Happy to clarify further if needed.



Answer



I have been challenged with kind of the same problem. To make a decision you should first of all observe the internal working/privileges of the company. I suppose a HR-manager can easily access the details of employees because it is part of his job.


But than you should determine if a HR-manager can view his own details, and which details. Maybe some fields shouldn't be for his eyes.


The approach of a switch between roles makes the process pretty difficult for the user (HR-manager). If you compare it to real life, can a HR-manager switch himself from normal employee to HR-manager? Not really, and why should he. His function gives him certain privileges and if the software you are developing aims to mirror the internal structure of the company these privileges should be mirrored.


Maybe not the answer you'd expected, but i hopes it helps a bit


No comments:

Post a Comment

technique - How credible is wikipedia?

I understand that this question relates more to wikipedia than it does writing but... If I was going to use wikipedia for a source for a res...