Improve usability of ACL Editor for Event and Series

Description

Opencast uses Access Control Lists (ACL) for both Events and Series. Those ACLs are used to determine the set of access rights a given user has on the object (e.g. none, read, write, ...).

From a technical perspective, think of an ACL being a table the looks like the following:

Role

Read Access

Write Access

(Other Access Permission)

ROLE_USER_A

true

false

(Values of other Access Permission)

ROLE_GROUP_A

true

false

(Values of other Access Permission)

The current implementation of the ACL editor is a one-to-one representation of a technical implementation details which causes a number of problems:

1. Hard to understand for non-technical users (need to know technical concepts)
2. Tedious to use even for technical users

So if you want to allow a user to access Event XYZ, you will need:

1. Go to Organizations->Users
2. Find the User in the Users table
3. Be able to recognize which of the roles is the user role (ROLE_USER_<username>)
4. Go to Recordings->Events
5. Find the Event in the Events table
6. Open Event Details->Access Policy
7. Add a new Access Control Entry (ACE) for the user role found in step 3
8. Set the permissions

A more intuitive way to do the same thing would be:

1. Go to Recordings->Events
2. Find the event in the Events table
3. Open Event Details->Access Policy
4. Add a new Access Control Entry (ACE) for the user (instead the user role) or group (instead the group role)
8. Set the permissions

With other words, we suggest that the ACL editor for Events and Series does not present roles to the end-user. Instead of selecting a role, the end-user will select a User or Group.

Advantages:

1. Easy to understand by non-technical users
2. Not tedious for technical users

Note:
Since this change (user/group selection instead role selection) will reduce the functionality of the ACL editor, we suggest to add an "Advanced" link that can be used to open the current version of the ACL editor that allows ACLs to be edited on low-level.

Activity

Show:
Sven Stauber
January 25, 2017, 3:02 PM

Dear all,

Since UCT has started a discussion on the topic of users, roles and groups, I would like to join in with another related aspect that is on our radar.

While we won't start to work on this within the next few weeks, we likely will within the next few months.

Therefore, I would like to ask the community for feedback.

Opencast uses Access Control Lists (ACL) for both Events and Series. Those ACLs are used to determine the set of access rights a given user has on the object (e.g. none, read, write, ...).

From a technical perspective, think of an ACL being a table the looks like the following:

[Role, Read Access, Write Access, (Other Access Permission)]
[ROLE_USER_A, true, false, (Values of other Access Permission)]
[ROLE_GROUP_A, true. false. (Values of other Access Permission)]

The current implementation of the ACL editor is a one-to-one representation of a technical implementation details which causes a number of problems:

1. Hard to understand for non-technical users (need to know technical concepts)
2. Tedious to use even for technical users

So if you want to allow an user to access Event XYZ, you will need to:

1. Go to Organizations->Users
2. Find the User in the Users table
3. Be able to recognize which of the roles is the user role (ROLE_USER_<username>)
4. Go to Recordings->Events
5. Find the Event in the Events table
6. Open Event Details->Access Policy
7. Add a new Access Control Entry (ACE) for the user role found in step 3
8. Set the permissions

Note that a non-technical user has not much chance to do this without being trained. In particular, step 3 seems crazy considering the usability of Opencast.

A more intuitive way to do the same thing would be:

1. Go to Recordings->Events
2. Find the event in the Events table
3. Open Event Details->Access Policy
4. Add a new Access Control Entry (ACE) for the user (instead the user role) or group (instead the group role)
8. Set the permissions

With other words, we suggest that the ACL editor for Events and Series does not present roles to the end-user. Instead of selecting a role, the end-user will select a User or Group.

Advantages:

1. Easy to understand by non-technical users (no training needed)
2. Not tedious for technical users

Note:
Since this change (user/group selection instead role selection) will reduce the functionality of the ACL editor, we suggest to add an "Advanced" link that can be used to open the current version of the ACL editor that allows ACLs to be edited on low-level.

What do you think about this idea to improve the usability of Opencast?

Best,
Sven


You received this message because you are subscribed to the Google Groups "Opencast Development" group.
To unsubscribe from this group and stop receiving emails from it, send an email to dev+unsubscribe@opencast.org.

Your pinned fields
Click on the next to a field label to start pinning.

Assignee

Unassigned

Reporter

Sven Stauber

Criticality

High