For a long time we had users complain that our Rights system is very confusing and would need some improvements.
I’ve created some ideas of the things we could improve and I would like your feedback on them:
Rights: compact listing and default/inherited/implied values display
Check: summary of applied rights and recursive level display of set rights
Roles: simpler descriptive rights-groups
Read more about the proposal and sub-proposals at http://design.xwiki.org/xwiki/bin/view/Proposal/RightsUI9x
I’m curious what changes you find to be necessary and also I want usage feedback and other ideas of the things we could improve.
Some questions I would have:
1.1 How often do you change your rights? Is it a step done only in the beginning when making the configurations, or is something done on a regular basis?
1.2 What are your strategies in trying to debug the current rights inheritance?
1.2.1 Do you use any particular extension to help you with the debugging?
1.2.2 Are there any particular tricks you developed on your instance to help you with the rights? Like to share?
1.3 How many of you added their own custom rights on top of the default ones?
1.4 How many of you are using XWiki as a farm? a.k.a the rights on the subwikis are totally different and those users are isolated from the global wiki.
1.5 How often did you have the need to set rights only on a page level and not allow those changes propagate on the children?
1.6 Where do you have the most rights set: at the Global, Wiki or Page level?
2.1 What were the biggest problems you had with the inheritance, implied rights or with the multitude of levels you can set rights to?
2.2 Are you most concerned with “which users have access to a particular location”? or with “which locations a particular user has access to”?
3.1 What changes did you made on the defaults rights? What group names did you use? Could we identify some common patterns that we could integrate by default as roles (like content creators, moderators, developers, public/private/intranet wikis, etc. and how are these groups translated into individual rights)? Would love some configuration/usages examples from your instances to have as inspiration.
3.2 Do we really need roles or are we good using just groups?
Other questions / ideas?
The Rights topic is something we could talk for a long time, but ideally we could identify small / rapid changes that will bring the most benefits for us all.