4 Replies Latest reply on Jan 4, 2013 9:18 AM by nbussard

    User Override Defaults to View Reports for Spaces

    Ted Hopton

      I just stumbled upon an undesirable and odd thing when creating a user override for someone in a space. All I wanted to do was grant normal access to the space to a specific user, but I happened to look closely at the options presented on the screen. Check near the bottom, for Reports:

      reports perm.png

      So I did some testing. Accepting this default setting, which would be the natural thing to do in our community, as we would not change any of the other default settings, grants the person getting the user override permission to view Community Manager Reports for the space -- which is otherwise only available to space admins. Not a good default option to provide!

       

      So then I investigated to see what options I have for NOT granting CMR permissions. There is an Advanced option instead of View. When you select that a "Read" option is presented with an unchecked box. If I leave the box unchecked and Save, then the user does NOT get CMR permissions (this is what the default should have been, of course). I hardly need to point out, I hope, that this is not even close to being an intuitive way to control these permissions. The word "random" comes to mind.

       

      But it seems to be even more strange: when I check the "Read" box and Save, as best I can tell the user ends up with the same permissions as when I simply left "View" selected. So, I don't understand what the "Read" option is supposed to do.

       

      Is there an explanation for all of this that I have missed? I would suggest changing this completely, as follows:

       

      Default: No Access

      Secondary option: View

        • Re: User Override Defaults to View Reports for Spaces
          karl.rumelhart

          You are right that the settings here aren't very intuitive.  I will plead guilty on behalf of Jive but CMR is actually just reusing the existing control.  The idea is that there are supposed to be a bunch of individual permissions which are aggregated into a small set of levels plus effectively a custom level that lets you select the permissions individually.  In this case we really only have the one permission -- get access or not -- but we nevertheless had to include both the custom option (which lets you pick whether the one-and-only permission is granted or not) and the aggregated options which includes -- wait for it -- the one and only permission.   There might be a way to switch it up so that the default is Off, but it would end up even more convoluted. 

           

          In theory we could go back and rewrite the whole permission control mechanism but it would be a lot of work and I made the decision that we can live with the funkiness of this UI under the theory that it is only used by Admins, who are probably used to the permission interface anyway, and we would rather put the engineering into CMR features. 

            • Re: User Override Defaults to View Reports for Spaces
              nbussard
              In theory we could go back and rewrite the whole permission control mechanism but it would be a lot of work and I made the decision that we can live with the funkiness of this UI under the theory that it is only used by Admins, who are probably used to the permission interface anyway, and we would rather put the engineering into CMR features. 

              This might be true if appropriate warnings were given to the Admins. Currently it is highly unlikely that Admins will notice the interface has changed, and, since it actually takes experimentation with admin and non-admin users to figure out that the default option is not expected or desirable, it's also highly unlikely that they will figure out what the correct setting should be. So, in effect, this design inadvertently gives CMR view rights to all users in the space and Admins have no idea that this is the case. From my perspective, that's a pretty major design flaw.

                • Re: User Override Defaults to View Reports for Spaces
                  Ted Hopton

                  I agree with Nikki's point that admins should be warned. We don't want to give access to CMR for a space without knowing it, and pretty much every user getting access through the User Override option will get CMR access by accident.

                   

                  Luckily, this only applies to the User Override, and since you have to do that one-at-a-time for individual users, it's not likely to affect a large number of users. The permission settings for admin groups, which are how we set access permissions for spaces, are not affected by this UI oddity, so all of those normal users are not being given view access to CMR, fortunately.