UCF NextGen Roles and Permissions

This page contains the initial set of permission-based roles to manage application functionality access within the UCF NextGen platform.

The roles could potentially expand as we learn more about customer usage.

Overview

We will grant access across all product areas with the following roles.

Role

Functionality Access

Role

Functionality Access

Reader

read access to any content, both private and community. Will be able to perform collaborative tasks such as commenting and tagging.

Editor

all capabilities of Reader, in addition can manage content (e.g., create, update, delete, publish …) for all account-owned content

Administrator

all capabilities of Editor, in addition can assign other administrators as well as manage other team members such as inviting others and assigning roles.

Owner

all capabilities of Administrator and Billing Administrator, in addition can delete the account.

Billing Administrator

manages subscriptions and billing.

Note

  • The Billing Administrator is a special role where the billing contact will be defined on the subscription page and not assigned as a particular team member since this role will not have any other functional needs other than to view and update subscription, billing, and usage.

  • At a later state we might split out roles by product, but as of now that use case doesn’t seem logical. If a person is an editor of PlantUML diagrams, they will most likely be an editor for Dictionaries.

  • Community content can be read, commented on, voted on … but not changed unless owned by the account.

  • The concept of ownership needs to be fully fleshed out (person, account, org …), but not covered here.

  • The concept of how one can contribute to the community needs to be revisited (e.g. “known person”), but not covered here. Roles will allow the person to be an Editor, but steps still need to be taken to become a contributor.

  • When CCH and Mapper are added, additional roles may be added that focus on the approval process.

Role-based User Seat Limits

As of 8/2/24 the only limits for an account are 1 owner.

Specifics on requirements such as what to do exactly when they hit those limits and when do we check the limit, when they are invited vs when they accept an invite, etc still need to be determined.

Role

Current Seat Limits
(Current as of 7/2/24)

Suggested Seat Limits

Increaseable via purchase?

Role

Current Seat Limits
(Current as of 7/2/24)

Suggested Seat Limits

Increaseable via purchase?

Reader

None - TBD

Unlimited or 10

Maybe

Editor

None - TBD

3

Yes

Administrator

None - TBD

2

Yes

Owner

1

1

No

Billing Administrator

None - TBD

2

No

Product-specific Access

After analyzing the different jobs-to-be-done (JTBD), we identified the following access requirements:

 

 

 

 

Actions

create, read, update, delete, tag, classify, publish, comment

Scope

specific object access (e.g., “glossary A”, “dictionary C”, “PlantUML Diagram 1” …)

Note: in the short term, we will not implement scope, but will add later.

 

Functional Roles

Description of the two functional roles not taking scope into account at this time.

Role

Description

Actions

Comments

Role

Description

Actions

Comments

Reader

Read access to all account-owned content (PlantUML, Glossary, Dictionary …) whether private or community.

Read.

Collaboration capabilities such as commenting will be added later.

Editor

Edit access to all account-owned content (PlantUML, Glossary, Dictionary …) whether private or community.

All functional tasks (create, update, delete, publish …).

 

Administrator

Manages access to the application.

All functional tasks plus manage users (invite, revoke, remove …).

 

Owner

Manages all IT Infrastructure including SaaS applications.

All functional and administrative plus able to delete the account.

 

Billing

Manages all financial related topics including SaaS subscriptions.

Choose and pay for subscription.
Upgrade or downgrade existing subscription.

 

 

Administration and other tabs

Detail on the navigation tab

 

Role

Who can view/access?

Who can manage?

Details on permissions

Role

Who can view/access?

Who can manage?

Details on permissions

Edit (personal profile)

Reader, Editor, Administrator, Owner, Billing

 

All can view and edit their personal profile.

Team

Reader, Editor, Administrator, Owner

Administrator, Owner

 

Add workspace

None

 

This is for UC employees ONLY

Workspace settings

Administrator, Owner

Administrator, Owner

 

Plans

Administrator, Owner

Administrator, Owner

 

Billing

Owner, Billing

Owner, Billing

This includes API