Objective
Enable users to control incident visibility so that only the right people can access that information.
Support foreseeable granular configurations for user access based on beta feedback
Extend the existing Mattermost permission model
Assumptions
Requirements
Must be able to… | User Story | Jira Issue | |
|---|---|---|---|
| 1 | Limit incident access to only participants | As an incident participant, I can make an incident and its channel private so that non-participants don’t know it exists let alone access its content. | |
| 2 | Configure playbooks to create public/private incidents | As an incident manager, I can configure playbooks to create either public or private incidents so that it defaults to the correct permission when executed. | |
| 3 | Limit playbook access to members with permission | As a playbook creator, I can specify who else can view, edit, and use the playbook so that sensitive content wouldn’t be unintentionally revealed. |
User interaction and design
Open Questions
Question | Answer | Date Answered |
|---|---|---|
What does “access” entail? | Able to see that an object exists, view its detail, update its detail, as well as delete if applicable. | May 21, 2020 |
What’s the UX for making an (existing or new) incident private? | ||
What’s the new UX for RHS incident list? | ||
What’s the new UX for playbook configuration? |