Objective
Enable users to control incident visibility so that only the right people can access that information.
Support foreseeable granular configurations for user access based on beta feedback
Extend the existing Mattermost permission model
Assumptions
Requirements
Must be able to… | User Story | Jira Issue | |
|---|---|---|---|
| 1 | Limit incident access to only participants | As an incident participant, I can make an incident and its channel private so that non-participants don’t know it exists let alone access its content. | |
| 2 | Configure playbooks to create public/private incidents | As an incident manager, I can configure playbooks to create either public or private incidents so that it defaults to the correct permission when executed. | |
| 3 | Prioritize incidents that the user is a participant of | As an incident participant, I can easily tell apart the incidents that are relevant to me so that it’s I can get there more quickly. | |
| 4 | Limit the ability to create playbooks to Team Administrators | As a system administrator, I can restrict who can create playbooks so that the incident response process can be better standardized. | |
| 5 | Limit playbook access to specific users | As a playbook creator, I can specify who else can see and edit the playbook so that sensitive content wouldn’t be unintentionally revealed. |
User interaction and design
Open Questions
Question | Answer | Date Answered |
|---|---|---|
What does “access” entail? | Able to see that an object exists, view its detail, update its detail, as well as delete if applicable. | May 21, 2020 |
What’s the UX for making an (existing or new) incident private? | ||
What’s the new UX for RHS incident list? | ||
What’s the new UX for playbook configuration? |