This page contains the initial set of permission-based roles to manage application functionality access within the UCF NextGen platform.
The roles could potentially expand as we learn more about customer usage.
Overview
We will grant access across all product areas with the following roles.
Role | Functionality Access |
|---|---|
Reader | read access to any content, both private and community. Will be able to perform collaborative tasks such as commenting and tagging. |
Editor | all capabilities of Reader, in addition can manage content (e.g., create, update, delete, publish …) for all account-owned content |
Administrator | all capabilities of Editor, in addition can assign other administrators as well as manage other team members such as inviting others and assigning roles. |
Owner | all capabilities of Administrator and Billing Administrator, in addition can delete the account. |
Billing Administrator | manages subscriptions and billing. |
Note
The Billing Administrator is a special role where the billing contact will be defined on the subscription page and not assigned as a particular team member since this role will not have any other functional needs other than to view and update subscription, billing, and usage.
At a later state we might split out roles by product, but as of now that use case doesn’t seem logical. If a person is an editor of PlantUML diagrams, they will most likely be an editor for Dictionaries.
Community content can be read, commented on, voted on … but not changed unless owned by the account.
The concept of ownership needs to be fully fleshed out (person, account, org …), but not covered here.
The concept of how one can contribute to the community needs to be revisited (e.g. “known person”), but not covered here. Roles will allow the person to be an Editor, but steps still need to be taken to become a contributor.
When CCH and Mapper are added, additional roles may be added that focus on the approval process.
Product-specific Access
After analyzing the different jobs-to-be-done (JTBD), we identified the following access requirements:
Actions | create, read, update, delete, tag, classify, publish, comment |
Scope | specific object access (e.g., “glossary A”, “dictionary C”, “PlantUML Diagram 1” …) |
Note: in the short term, we will not implement scope, but will add later.
Discussion topic: Many modern SaaS applications include collaboration aspects where users can individually grant access to specific documents, diagrams … for others to comment on or edit. Scope and collaboration may end up being the same thing.
Functional Roles
Description of the two functional roles not taking scope into account at this time.
Role | Description | Actions | Comments |
|---|---|---|---|
Reader | Read access to all account-owned content (PlantUML, Glossary, Dictionary …) whether private or community. | Read. | Collaboration capabilities such as commenting will be added later. |
Editor | Edit access to all account-owned content (PlantUML, Glossary, Dictionary …) whether private or community. | All functional tasks (create, update, delete, publish …). | |
Administrator | Manages access to the application. | All functional tasks plus manage users (invite, revoke, remove …). | |
Owner | Manages all IT Infrastructure including SaaS applications. | All functional and administrative plus able to delete the account. | |
Billing | Manages all financial related topics including SaaS subscriptions. | Choose and pay for subscription. |
Administration and other tabs
Detail on the navigation tab
Role | Who can view/access? | Who can manage? | Details on permissions |
|---|---|---|---|
Edit (personal profile) | Reader, Editor, Administrator, Owner, Billing | All can view and edit their personal profile. | |
Team | Reader, Editor, Administrator, Owner | Administrator, Owner | |
Add workspace | None | This is for UC employees ONLY | |
Workspace settings | Administrator, Owner | Administrator, Owner | |
Plans | Administrator, Owner | Administrator, Owner | |
Billing | Owner, Billing | Owner, Billing | This includes API |