Improve usability of ACL Editor for Event and Series

Description

Opencast uses Access Control Lists (ACL) for both Events and Series. Those ACLs are used to determine the set of access rights a given user has on the object (e.g. none, read, write, ...).

From a technical perspective, think of an ACL being a table the looks like the following:

Role

Read Access

Write Access

(Other Access Permission)

ROLE_USER_A

true

false

(Values of other Access Permission)

ROLE_GROUP_A

true

false

(Values of other Access Permission)

The current implementation of the ACL editor is a one-to-one representation of a technical implementation details which causes a number of problems:

1. Hard to understand for non-technical users (need to know technical concepts)
2. Tedious to use even for technical users

So if you want to allow a user to access Event XYZ, you will need:

1. Go to Organizations->Users
2. Find the User in the Users table
3. Be able to recognize which of the roles is the user role (ROLE_USER_<username>)
4. Go to Recordings->Events
5. Find the Event in the Events table
6. Open Event Details->Access Policy
7. Add a new Access Control Entry (ACE) for the user role found in step 3
8. Set the permissions

A more intuitive way to do the same thing would be:

1. Go to Recordings->Events
2. Find the event in the Events table
3. Open Event Details->Access Policy
4. Add a new Access Control Entry (ACE) for the user (instead the user role) or group (instead the group role)
8. Set the permissions

With other words, we suggest that the ACL editor for Events and Series does not present roles to the end-user. Instead of selecting a role, the end-user will select a User or Group.

Advantages:

1. Easy to understand by non-technical users
2. Not tedious for technical users

Note:
Since this change (user/group selection instead role selection) will reduce the functionality of the ACL editor, we suggest to add an "Advanced" link that can be used to open the current version of the ACL editor that allows ACLs to be edited on low-level.

Status

Assignee

Unassigned

Reporter

Sven Stauber

Criticality

High

Tags (folksonomy)

None

Components

Fix versions

Configure