Rights Improvements

For a long time we had users complain that our Rights system is very confusing and would need some improvements.

I’ve created some ideas of the things we could improve and I would like your feedback on them:

  1. Rights: compact listing and default/inherited/implied values display
  2. Check: summary of applied rights and recursive level display of set rights
  3. Roles: simpler descriptive rights-groups

Read more about the proposal and sub-proposals at http://design.xwiki.org/xwiki/bin/view/Proposal/RightsUI9x

I’m curious what changes you find to be necessary and also I want usage feedback and other ideas of the things we could improve.

Some questions I would have:

  1. Rights:
    1.1 How often do you change your rights? Is it a step done only in the beginning when making the configurations, or is something done on a regular basis?
    1.2 What are your strategies in trying to debug the current rights inheritance?
    1.2.1 Do you use any particular extension to help you with the debugging?
    1.2.2 Are there any particular tricks you developed on your instance to help you with the rights? Like to share?
    1.3 How many of you added their own custom rights on top of the default ones?
    1.4 How many of you are using XWiki as a farm? a.k.a the rights on the subwikis are totally different and those users are isolated from the global wiki.
    1.5 How often did you have the need to set rights only on a page level and not allow those changes propagate on the children?
    1.6 Where do you have the most rights set: at the Global, Wiki or Page level?

  2. Check:
    2.1 What were the biggest problems you had with the inheritance, implied rights or with the multitude of levels you can set rights to?
    2.2 Are you most concerned with “which users have access to a particular location”? or with “which locations a particular user has access to”?

  3. Roles:
    3.1 What changes did you made on the defaults rights? What group names did you use? Could we identify some common patterns that we could integrate by default as roles (like content creators, moderators, developers, public/private/intranet wikis, etc. and how are these groups translated into individual rights)? Would love some configuration/usages examples from your instances to have as inspiration.
    3.2 Do we really need roles or are we good using just groups?

  4. Other questions / ideas?

The Rights topic is something we could talk for a long time, but ideally we could identify small / rapid changes that will bring the most benefits for us all.

From a new user/admin perspective, I find it annoying that there is a popup when going to denied. That is frustrating as if I click one too many times, I can’t just click until I get to the permission I meant to implement. I’m interrupted by this popup. I like the toggle approach that you show above. It would be helpful if subpages taking inherited permissions could indicate from where those inherited permissions are coming from and what they are - rather than the blank checkboxes that seem to appear now.

@rreese.q Something like this http://design.xwiki.org/xwiki/bin/download/Proposal/RightsUI9xCheck/check_page2_expanded.png ?

It’s definitely nice to have a feature that allows me to check the permissioning being applied to a user; however, I’m thinking more along the lines of if you pick any page (most applicable to a page a few levels down in a tree) and it shows that it is using inherited permissioning, it should tell me from what parent page it is taking that permissioning from. Thereby I then have two options: override the inherited and assign individual permissions to the specific page and its children OR stop and go modify the permissions on the parent page of which is effecting the page I was originally editing.

Hi, I think these are great improvement. What I would see is an short text for evaluators that don’t have the time to read the manual, explaining how the rights system work @xwiki. Ie : add new users, add them in a group + the difference and intricacies when you give rights to a group + to a user.

We can have a “Learn more” link that takes to documentation, like here http://design.xwiki.org/xwiki/bin/download/Proposal/RightsUI9xRoles/roles_list.png
but I believe evaluators should have the requested information on the features presentation, on the website. Long term users won’t want to see a long text in the interface each time they use it and I don’t believe we can come up with a small text describing all the above mechanisms.

It all depends on how we are going to implement the feature. Currently I show that you can check for an user, but it should support also groups. Also we could have the ability to not enter users, just the page, but the display could get big very easily and hard to read, since we could have lots of users and groups with permissions. But that’s a possibility too.