In order to move away from every entity in Optimize being globally available to every authorized user (report & dashboards) a collection-based permission system will be introduced.
In the following the term Entity covers an instance of a Report or a Dashboard.
A Collection-based permission system means in particular that entities created by users are by default private and not visible to other users. They can however be published by adding them to collections on which users can be granted a role based permission.
The available roles are specified in the attached screenshot.
- collections will have members (users and user groups) along with roles
- A Collection can be opened as page with information/navigation to contained entities, members and roles
- a particular entity can only belong to one or no collection
- entities not belonging to a collection are private the the author of the entity and not visible to other users
- a creator of a collection is automatically the manager of that collection
- the manager role will be provided to enable multiple users with full rights per container
- collection entities where the current user lacks engine definition authorizations are still invisible to the user (row-level security over membership)
The following functionality will not be in the scope of this feature:
- No nesting of collections
- No distribution of a particular entity in multiple containers, entities can be copied to other collections though
- No permissions on entity level
UI Design (first iteration) : https://app.zeplin.io/project/5b4f294ab0d5cf0c2c391d1d/dashboard?seid=5d65202aa192a38cad235b55
Use Cases (no UI design, just user flows) : https://app.zeplin.io/project/5b4f294ab0d5cf0c2c391d1d/dashboard?seid=5d5a67643738cb9bcd824329