Versions Compared

Version Old Version 4 New Version Current
Changes made by

Jay Hill (Unlicensed)

Vicki McEwen

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

This page contains the initial set of permission-based roles to manage application functionality access

...

within the UCF NextGen platform.

The roles could potentially expand as we learn more about customer usage.

Table of Contents
stylenone

Overview

...

We will grant access across all product areas with the following roles.

...

  1. Owner - full access to account and community

  2. Contributor - full access to account-owned documents, diagrams …

  3. Reviewer - read and tag access to account (note: tagging or classifying will come later)

  4. Reader - read access to account

In addition to the product-specific roles, there are two additional administrative roles:

  1. Platform Administrator - manages access.

  2. Billing Administrator - manages subscriptions and billing.

...

Role

Functionality Access

Reader

read access to any content, both private and community. Will be able to perform collaborative tasks such as commenting and tagging.

Editor

all capabilities of Reader, in addition can manage content (e.g., create, update, delete, publish …) for all account-owned content

Administrator

all capabilities of Editor, in addition can assign other administrators as well as manage other team members such as inviting others and assigning roles.

Owner

all capabilities of Administrator and Billing Administrator, in addition can delete the account.

Billing Administrator

manages subscriptions and billing.

Info

Note

  • The Billing Administrator is a special role where the billing contact will be defined on the subscription page and not assigned as a particular team member since this role will not have any other functional needs other than to view and update subscription, billing, and usage.

  • At a later state we might split out roles by product, but as of now that use case doesn’t seem logical. If a person is an editor of PlantUML diagrams, they will most likely be an editor for Dictionaries.

  • Community content can be read, commented on, voted on … but not changed unless owned by the account.

  • The concept of ownership needs to be fully fleshed out (person, account, org …), but not covered here.

  • The concept of how one can contribute to the community needs to be revisited (e.g. “known person”), but not covered here. Roles will allow the person to be an Editor, but steps still need to be taken to become a contributor.

  • When CCH and Mapper are added, additional roles may be added that focus on the approval process.

Role-based User Seat Limits

Info

As of 8/2/24 the only limits for an account are 1 owner.

Specifics on requirements such as what to do exactly when they hit those limits and when do we check the limit, when they are invited vs when they accept an invite, etc still need to be determined.

Role

Current Seat Limits
(Current as of 7/2/24)

Suggested Seat Limits

Increaseable via purchase?

Reader

None - TBD

Unlimited or 10

Maybe

Editor

None - TBD

3

Yes

Administrator

None - TBD

2

Yes

Owner

1

1

No

Billing Administrator

None - TBD

2

No

Product-specific Access

After analyzing the different jobs-to-be-done (JTBD), we identified the following access requirements:

...

Visibility: private, community, or both

...

Ownership: account-owned vs. not-account-owned or both

Actions

create, read, update, delete, tag, classify, publish, comment

...

Scope

...

specific object access (e.g., “glossary A”, “dictionary C”, “PlantUML Diagram 1” …)

Info

Note: in the short term, we will not implement scope, but will add later.

Discussion topic: Many modern SaaS applications include collaboration aspects where users can individually grant access to specific documents, diagrams … for others to comment on or edit.

...

Scope and collaboration

...

may end up being the same thing

...

.

PlantUML

...

Functional Roles

Description of the two functional roles not taking scope into account at this time.

Role

Description

...

Visibility

...

Actions

...

Comments

...

Reader

...

Read access to all

...

Private and Community

...

account-owned

...

All (create, update, delete, …)

...

All (any PlantUML diagram)

...

PlantUML Contributor

...

Access to all account-owned diagrams whether private or community

...

Private and Community

...

Account-owned only

...

All (create, update, delete, …)

...

All (any PlantUML diagram)

...

PlantUML Reviewer

...

Review access to all account-owned diagrams whether private or community

...

Private and Community

...

Account-owned only

...

Read and comment

...

All (any PlantUML diagram)

...

Their role-specific actions such as comment won’t be available early on which makes this role identical to “reader”

...

PlantUML Reader

...

content (PlantUML, Glossary, Dictionary …) whether private or community.

Read.

Collaboration capabilities such as commenting will be added later.

Editor

Edit access to all account-owned

...

content (PlantUML, Glossary, Dictionary …) whether private or community

...

Private and Community

...

Account-owned only

...

.

All

...

Glossary

Glossary (as opposed to PlantUML and Dictionary) access must have Scope defined early on to ensure only specific users can access sensitive information.

...

Role

...

Description

...

Visibility

...

Ownership

...

Actions

...

Scope

...

Comments

...

Glossary Owner

...

Access to all private and community glossaries including search

...

Private and Community

...

Account-owned and not-account-owned

...

All

Create and manage glossaries and manage a set of terms in those glossaries

Manage access to each glossary

Search third-party dictionaries

...

All (any glossary)

...

Must be able restrict access to specific glossaries to person, group or team (could start with users)

...

Glossary Contributor

...

Must be able access all account-owned glossaries whether private or community and search as long as have permission to access those glossaries

...

Private and Community

...

Account-owned only

...

Create, read, update, and delete terms within glossaries

Search third-party dictionaries

...

Only those given access to

...

Glossary Reviewer

...

Must be able access all account-owned glossaries whether private or community as long as have permission to access those glossaries

...

Private and Community

...

Account-owned only

...

Read and comment on terms

...

Only those given access to

...

Their role-specific actions such as comment won’t be available early on which makes this role identical to “reader”

...

Glossary Reader

...

Must be able access all account-owned glossaries whether private or community as long as have permission to access those glossaries

...

Private and Community

...

Account-owned only

...

Read glossary terms

...

Only those given access to

Dictionary

Dictionary access need not have Scope defined for early access, but might be needed for GA. The hypothesis is that organizations will only have one dictionary that will be “federated” with the compliance dictionary for citation tagging for their private documents.

...

Role

...

Description

...

Visibility

...

Ownership

...

Actions

...

Scope

...

Comments

...

Dictionary Owner

...

Access to all private and community dictionaries including search

...

Private and Community

...

Account-owned and not-account-owned

...

All

Create and manage a compliance dictionary and manage a set of terms in that dictionary

Search third-party dictionaries

...

All (any dictionary)

...

We hypothesize that only one dictionary will be needed.

...

Dictionary Contributor

...

Must be able access all account-owned dictionaries whether private or community and search

...

Private and Community

...

Account-owned only

...

Create, read, update, and delete dictionary terms within a dictionary

Search third-party dictionaries

...

All (any dictionary)

...

Dictionary Reviewer

...

Must be able access all account-owned dictionaries whether private or community

...

Private and Community

...

Account-owned only

...

Read and comment on terms

...

All (any dictionary)

...

Their role-specific actions such as comment won’t be available early on which makes this role identical to “reader”

...

Dictionary Reader

...

Must be able access all account-owned dictionaries whether private or community

...

Private and Community

...

Account-owned only

...

Read terms

...

functional tasks (create, update, delete, publish …).

Administrator

Manages access to the application.

All functional tasks plus manage users (invite, revoke, remove …).

Owner

Manages all IT Infrastructure including SaaS applications.

All functional and administrative plus able to delete the account.

Billing

Manages all financial related topics including SaaS subscriptions.

Choose and pay for subscription.
Upgrade or downgrade existing subscription.

Administration and other tabs

Detail on the navigation tab

Note

This section is outdated and needs a refresh as of 6/27/24

Image Added

Role

Who can view/access?

Who can manage?

Details on permissions

Edit (personal profile)

Reader, Editor, Administrator, Owner, Billing

All can view and edit their personal profile.

Team

Reader, Editor, Administrator, Owner

Administrator, Owner

Add workspace

None

This is for UC employees ONLY

Workspace settings

Administrator, Owner

Administrator, Owner

Plans

Administrator, Owner

Administrator, Owner

Billing

Owner, Billing

Owner, Billing

This includes API