...
This page contains the initial set of permission-based roles to manage application functionality access
...
within the UCF NextGen platform.
The roles could potentially expand as we learn more about customer usage.
Overview
...
| Table of Contents | ||
|---|---|---|
|
Overview
We will grant access across all product areas with the following roles.
Role | Functionality Access |
|---|---|
Reader |
...
read access to |
...
any content, both private and community |
...
. Will be able to perform collaborative tasks such as |
...
commenting and tagging. | |
Editor | all capabilities of |
...
Reader, in addition can manage content (e.g., create, update, delete, publish …) for all account-owned content | |
Administrator | all capabilities of Editor, in addition can assign other administrators as well as manage other team members such as inviting others and assigning roles. |
Owner |
...
all capabilities of |
...
Administrator and Billing Administrator, in addition can |
...
Note:
...
delete the account. | |
Billing Administrator | manages subscriptions and billing. |
| Info |
|---|
Note
|
...
|
In addition to the product-specific roles, there are two additional administrative roles:
Platform Administrator - manages access.
Billing Administrator - manages subscriptions and billing.
...
|
Role-based User Seat Limits
| Info |
|---|
As of 8/2/24 the only limits for an account are 1 owner. Specifics on requirements such as what to do exactly when they hit those limits and when do we check the limit, when they are invited vs when they accept an invite, etc still need to be determined. |
Role | Current Seat Limits | Suggested Seat Limits | Increaseable via purchase? |
|---|---|---|---|
Reader | None - TBD | Unlimited or 10 | Maybe |
Editor | None - TBD | 3 | Yes |
Administrator | None - TBD | 2 | Yes |
Owner | 1 | 1 | No |
Billing Administrator | None - TBD | 2 | No |
Product-specific Access
After analyzing the different jobs-to-be-done (JTBD), we identified the following access requirements:
...
Visibility: private, community, or both
...
Ownership: account-owned vs. not-account-owned or both
Actions | create, read, update, delete, tag, classify, publish, comment |
...
Scope |
...
specific object access (e.g., “glossary A”, “dictionary C”, “PlantUML Diagram 1” …) |
| Info |
|---|
Note: in the short term, we will not implement scope, but will add later. |
Discussion topic: Many modern SaaS applications include collaboration aspects where users can individually grant access to specific documents, diagrams … for others to comment on or edit.
...
Scope and collaboration
...
may end up being the same thing
...
.
PlantUML
...
Functional Roles
Description of the two functional roles not taking scope into account at this time.
Role | Description |
|---|
...
...
Ownership
Actions |
|---|
...
Comments |
|---|
...
Reader | Read access to all account-owned |
...
Private and Community
...
Account-owned only
...
Read
...
All (any PlantUML diagram)
...
PlantUML Reviewer
...
content (PlantUML, Glossary, Dictionary …) whether private or community. | Read |
...
Private and Community
...
Both account and community diagrams
...
Read, comment, approve.
...
All (any PlantUML diagram)
...
Their role-specific actions such as comment won’t be available early on which makes this role identical to “reader”
...
PlantUML Contributor
...
Access to all account-owned diagrams whether private or community
Read access to all community diagrams.
...
Private and Community
...
Both account and community diagrams
...
All (create, update, delete, publish …)
...
All (any PlantUML diagram)
...
PlantUML Owner
...
Access to all private and community diagrams
Perform organizational aspects such as managing teams.
...
Private and Community
...
Both account and community diagrams
...
. | Collaboration capabilities such as commenting will be added later. | |
Editor | Edit access to all account-owned content (PlantUML, Glossary, Dictionary …) whether private or community. | All functional tasks (create, update, delete, publish … |
...
All (any PlantUML diagram)
Glossary
...
) |
...
Glossary Owner
...
Access to all private and community glossaries including search.
Restricts access to glossaries.
...
Private and Community
...
Both account and community glossaries
...
All
Create and manage glossaries and manage a set of terms in those glossaries.
Manage access to each glossary.
Search third-party dictionaries.
...
All (any glossary)
...
Must be able restrict access to specific glossaries to person, group or team (could start with users)
Dictionary
Dictionary access need not have Scope defined for early access, but might be needed for GA. The hypothesis is that organizations will only have one dictionary that will be “federated” with the compliance dictionary for citation tagging for their private documents.
...
Role
...
Description
...
Visibility
...
Ownership
...
Actions
...
Scope
...
Comments
...
Dictionary Reader
...
Must be able access all account-owned dictionaries whether private or community.
...
Private and Community
...
Account-owned only
...
Read terms.
...
All (any dictionary)
...
Dictionary Reviewer
...
Must be able access all account-owned dictionaries whether private or community.
Read access to all community dictionaries.
...
Private and Community
...
Both account and community dictionaries.
...
Read, comment, and approve terms and dictionaries.
...
All (any dictionary)
...
Their role-specific actions such as comment won’t be available early on which makes this role identical to “reader”.
...
Dictionary Contributor
...
Must be able access all account-owned dictionaries whether private or community and search.
Read access to all community dictionaries.
...
Private and Community
...
Both account and community dictionaries.
...
Create, read, update, and delete dictionary terms within a dictionary.
Search third-party dictionaries.
...
All (any dictionary)
...
Dictionary Owner
Access to all private and community dictionaries including search.
Read access to all community dictionaries.
...
Private and Community
...
Both account and community dictionaries.
...
All
Create and manage a compliance dictionary and manage a set of terms in that dictionary
Search third-party dictionaries.
...
All (any dictionary)
...
We hypothesize that only one dictionary will be needed.
Administrative Roles
Regardless of the products subscribed to, administrators are required to set up the account and grant access to users.
...
Role
...
Description
...
Actions
...
Comments
...
Platform Administrator
...
Manages all IT Infrastructure including SaaS applications.
...
Manage users (invite, revoke, remove …).
...
. |
...
Role
...
Description
...
Visibility
...
Ownership
...
Actions
...
Scope
...
Comments
...
Glossary Reader
...
Must be able access all account-owned glossaries whether private or community as long as have permission to access those glossaries
...
Private and Community
...
Account-owned only
...
Read glossary terms
...
Only those given access to
...
Glossary Reviewer
...
Must be able access all account-owned glossaries whether private or community as long as have permission to access those glossaries.
Read access to all community glossaries.
...
Private and Community
...
Both account and community glossaries
...
Read, comment, and approve terms and glossaries.
...
Only those given access to
...
Their role-specific actions such as comment won’t be available early on which makes this role identical to “reader”.
...
Glossary Contributor
...
Must be able access all account-owned glossaries whether private or community and search as long as have permission to access those glossaries.
Read access to all community glossaries.
...
Private and Community
...
Both account and community glossaries
...
Create, read, update, and delete terms within glossaries.
Search third-party dictionaries.
...
Only those given access to
Administrator | Manages access to the application. | All functional tasks plus manage users (invite, revoke, remove …). | |
Owner | Manages all IT Infrastructure including SaaS applications. | All functional and administrative plus able to delete the account. | |
Billing | Manages all financial related topics including SaaS subscriptions. | Choose and pay for subscription. |
Jobs to Be Done (JTBD)
Below are the identified jobs that need to be done with their respective permission-based roles.
PlantUML
...
Persona
...
Task Name
...
Situation
...
Motivations
...
Input
...
Output
...
Permission-Role
...
Doer Dan
...
Search for, review, and download PlantUML diagrams
...
When I help a team with a process that includes compliance steps
...
I want to make sure we do all the right steps the first time.
...
Organized set of PlantUML diagrams
...
Set of files or hyperlinks updated on our SharePoint collaboration site.
...
PlantUML Reader
...
Analyst Alberta
...
Organize and help with PlantUML Diagrams
...
When my superior wants me to assist in organizing and updating process diagrams.
...
I want to help the team make compliance process diagrams easily accessible for others.
...
Disorganized set of PlantUML diagrams.
...
Organized set of PlantUML diagrams.
...
PlantUML Contributor
...
Process Peter
...
Create and manage PlantUML Diagrams
...
When I document my organization's processes.
...
I want to build out a set of diagrams documenting repeatable compliance processes that my director will love.
PlantUML diagrams created by me and others.
Additional information like CCH content including CDOCs, audit questions … that is available in their existing CCH subscription.
...
Set of PlantUML diagrams ready for review and approval.
...
PlantUML Owner
...
Compliance Katherine
...
Review, comment on, and approve PlantUML diagrams.
...
When my team is ready for me to review their diagrams.
...
I want my team to build out repeatable processes for the compliance team to easily follow.
...
PlantUML diagram(s) ready for my review.
...
Set of approved and finalized PlantUML diagrams.
...
PlantUML Reviewer
Glossary
...
Persona
...
Task Name
...
Situation
...
Motivations
...
Input
...
Output
...
Permission-Role
...
Employee Edgar
...
Review terms
...
When I read through a company policy document
...
I want ot make sure I understand the terms defined in the policy
...
A company glossary
...
An understanding of the terms
...
Glossary Reader
...
Doer Dan
...
Search for, review, and read glossary terms.
...
When I help a team with any well-defined process
...
I want to make sure we do all the right steps the first time.
...
Organized set of glossaries and terms
...
Set of files or hyperlinks updated on our SharePoint collaboration site.
...
Glossary Reader
...
Analyst Alberta
...
Organize glossaries.
...
When my superior wants me to assist in organizing and updating glossaries and terms.
...
I want to help the team make company glossaries easily accessed for others.
...
Disorganized set of glossaries and terms.
...
Organized set of glossaries and terms.
...
Glossary Contributor
...
Process Peter
...
Create and manage company glossaries.
...
When I document my organization's policies.
...
I want to build a set of repeatable compliance processes that my director will love.
...
Company policies.
...
A set of glossaries and terms ready for review and approval.
...
Glossary Owner
...
Compliance Katherine
...
Review, comment on, and approve corporate glossaries.
...
When my team is ready for me to review their corporate glossaries.
...
I want everyone in the company to have a common understanding of the terms within our policies.
...
Glossaries and terms ready for my approval.
...
A set of approved and finalized glossaries and terms.
...
Glossary Reviewer
Dictionary
...
Persona
...
Task Name
...
Situation
...
Motivations
...
Input
...
Output
...
Permission-Role
...
Doer Dan
...
Search for, review, and read dictionary terms.
...
When I help a team with a process that includes compliance steps.
...
I want to make sure we do all the right steps the first time.
...
Organized set of dictionaries and terms.
...
Set of files or hyperlinks updated on our SharePoint collaboration site.
...
Dictionary Reader
...
Analyst Alberta
...
Organize dictionaries.
...
When my superior wants me to assist in organizing and updating dictionaries and terms.
...
I want to help the team make compliance dictionaries easily accessed for others.
...
Disorganized set of dictionaries and terms.
...
Organized set of dictionaries and terms.
...
Dictionary Contributor
...
Process Peter
...
Create and manage a compliance dictionary.
...
When I document organization's policies.
...
I want to build a set of repeatable compliance processes that my director will love.
...
Company policies
Other UCF tools and products
...
My organization's compliance dictionary with terms ready for review and approval.
...
Dictionary Owner
...
Compliance Katherine
...
Review, comment on, and approve a compliance dictionary.
...
When my team is ready for me to review the compliance dictionary.
...
I want our corporate policies to be mapped to UCF’s common controls.
...
A compliance dictionary ready for my review and approval.
...
A reviewed and approved compliance dictionary.
...
Dictionary Reviewer
Personas
Note: these will be moved out to the persona pages
...
Persona
...
Title
...
Role
...
Employee Edgar
...
Any employee
...
Any role such as
...
Doer Dan
...
Operations manager
...
Supports all business departments in their operational tasks.
...
Analyst Alberta
...
Compliance Analyst
...
Junior member of the compliance team.
...
Process Peter
...
Compliance Manager
...
Member of compliance team at fin-tech organization.
...
Compliance Katherine
...
Director of Compliance
...
Administration and other tabs
Detail on the navigation tab
| Note |
|---|
This section is outdated and needs a refresh as of 6/27/24 |
Role | Who can view/access? | Who can manage? | Details on permissions |
|---|---|---|---|
Edit (personal profile) | Reader, Editor, Administrator, Owner, Billing | All can view and edit their personal profile. | |
Team | Reader, Editor, Administrator, Owner | Administrator, Owner | |
Add workspace | None | This is for UC employees ONLY | |
Workspace settings | Administrator, Owner | Administrator, Owner | |
Plans | Administrator, Owner | Administrator, Owner | |
Billing | Owner, Billing | Owner, Billing | This includes API |