...
While we are still in the early stages, the goal is to create a small set of roles and that could potentially expand as we learn more about customer usage.
...
For each of the initial areas: PlantUML, Dictionary, and Glossary we want to grant access in similar a consistent fashion across those areas with the following roles:.
Owner - full access to account and community
Contributor - full access to account-owned documents, diagrams …
Reviewer - read and tag access to account (note: tagging or classifying will come later)
Reader - read access to account
...
Platform Administrator - manages access.
Billing Administrator - manages subscriptions and billing.
Note: when CCH and Mapper are added, additional roles may be added that focus on the approval process.
Product-specific Access
After looking analyzing the different jobs-to-be-done (JTBD), we identified the following access requirements:
Visibility: private, community, or both
Ownership: account-owned vs. not-account-owned or both
Actions: create, read, update, delete, tag, classify, comment …
Scope: specific object access (e.g., “glossary A”, “dictionary C”, “PlantUML Diagram 1” …)
...
Discussion topic: Many modern SaaS applications include collaboration aspects where users can individually grant access to specific documents, diagrams … for others to comment on or edit. How does scope and collaboration work together? Or are they the same thing?
...
Role | Description | Visibility | Ownership | Actions | Scope | Comments |
|---|---|---|---|---|---|---|
Glossary Owner | Access to all private and community glossaries including search Must be able restrict access to specific glossaries to person, group or team (could start with users) | Private and Community | Account-owned and not-account-owned | All Create and manage glossaries and manage a set of terms in those glossaries Manage access to each glossary Search third-party dictionaries | All (any glossary) | Must be able restrict access to specific glossaries to person, group or team (could start with users) |
Glossary Contributor | Must be able access all account-owned glossaries whether private or community and search as long as have permission to access those glossaries | Private and Community | Account-owned only | Create, read, update, and delete terms within glossaries Search third-party dictionaries | Only those given access to | |
Glossary Reviewer | Must be able access all account-owned glossaries whether private or community as long as have permission to access those glossaries | Private and Community | Account-owned only | Read and comment on terms | Only those given access to | Their role-specific actions such as comment won’t be available early on which makes this role identical to “reader” |
Glossary Reader | Must be able access all account-owned glossaries whether private or community as long as have permission to access those glossaries | Private and Community | Account-owned only | Read glossary terms | Only those given access to |
...
Role | Description | Visibility | Ownership | Actions | Scope | Comments |
|---|---|---|---|---|---|---|
Dictionary Owner | Access to all private and community dictionaries including search | Private and Community | Account-owned and not-account-owned | All Create and manage a compliance dictionary and manage a set of terms in that dictionary Search third-party dictionaries | All (any dictionary) | We hypothesize that only one dictionary will be needed. |
Dictionary Contributor | Must be able access all account-owned dictionaries whether private or community and search | Private and Community | Account-owned only | Create, read, update, and delete dictionary terms within a dictionary Search third-party dictionaries | All (any dictionary) | |
Dictionary Reviewer | Must be able access all account-owned dictionaries whether private or community | Private and Community | Account-owned only | Read and comment on terms | All (any dictionary) | Their role-specific actions such as comment won’t be available early on which makes this role identical to “reader” |
Dictionary Reader | Must be able access all account-owned dictionaries whether private or community | Private and Community | Account-owned only | Read terms | All (any dictionary) |