Wish: Admin User & Role Management improvements
- What is your wish?
User and Role management is extremely cumbersome and therefore time consuming. Adding, managing and editing users and roles should be much more intuitive and easy by combining existing functionalities (see explanation below)
- What is the problem you encounter?
Adding a new user and selecting their role(s) is now done by:
1) Add user information (name, email, etc) and then creating a user. This user always gets the 'Standard Role'
2) Then you have to remove the standard role (and save)
3) Then you have to choose the right role (and save)
Adding or Editing a role and it's permissions is now done by:
1) Clicking the appropriate role
2) Clicking the persmissions tab
3) Editing each of 56 (!) objects/relations and 6 options per object. That's up to 336 (!!) clicks per role and that is absolutely insane!
When having lots of users and roles, this is extremely cumbersome, time consuming and leaves lots of room for error.
- Why do you want this wish?
User and Role Manamegent should not be this difficult and time consuming
- Do you have a workaround? And if so, what is it?
- How would you ideally solve the problem?
When creating a new user, in the same screen have the option to directly choose the appropriate role or roles.
Additionaly: have an overview of all users per role (already a function), and directly edit users and roles easily:
e.g. Like in a matrix overview: see which users have which roles, and easily edit them with check marks.
Also: simplify the rights/permissions per role in a matrix overview, instead of clicking and editing each of 336 possibilies. This is extremely time consuming when changing role rights
Have a standard 'Read Only' role, straight out of the box.
Have a standard 'BPMN Only' role
- How big is the problem on a scale from 1 to 5?
we plan to support automatic user provisioning though Public REST API, using the SCIM protocol with the Atlantic.3 release, which is planned for April 9. This will allow you to programmatically CRUD users and their role assignments.
This would not answer all your wishes, but some of the tasks you mention should be less time-consuming (one-time configuration, fully automatic after that). Do you agree? Would automatic user provisioning via SCIM be an option for your organization?0
Time will tell. Blue-Dolphin-Roles will still have to be managed, and that's the most time consuming.1
just for my understanding, you say, roles will have to be managed, do you mean the configuration of permissions per role? Or assignment of users to role(s)?
Indeed the configuration of permissions per role is quite time consuming today,
but we're assuming this doesn't change very often. So on a per-user, per-year basis, the time spent configuring permissions per role would be limited.
But if this is the most time-consuming, can you explain how/why the permissions per role change often?
We can also setup a meeting to discuss, please reach out at email@example.com.
First and foremost, rights should not be granted using a opt-out scheme (by default all rights). Adopt a opt-in instead, explicitly granting rights
Mind you, when you create a new object - in the current opt-out method - all existing roles have full rights on it.
I fully support
* Have a standard 'Read Only' role, straight out of the box.
* Have a standard 'BPMN Only' role0
Please sign in to leave a comment.