UX Spec: Attribute Based Channel Access
- Abhijit Singh
Resources
Overview
This feature gives administrators a powerful way to control which users can access a channel, based on their profile attributes. This addresses the challenge of managing channel access in large or complex organizations dealing with sensitive information, where manual processes can lead to security risks, inefficiencies, or inappropriate access. Enabling attribute-driven rules for Private channels ensures that users only see and access channels relevant to their assigned attribute values, which can include roles, security clearance, and departments.
Scope update: In this phase, attribute-based access restrictions will only be allowed for Private channels.
Configuration
Enabling Attribute-Based Access
Channel Settings → Access
For Private channels, a new toggle should be added under Channel Access, labeled “Manage access with user properties”.
Once the toggle is on, users will have an option to select user properties and specify one or more values for each property. Only users who have those values will get access to the channel.
Adding Properties & Values
Select Property
Clicking “+ Select property” reveals a dropdown listing all available user attributes that can be added. Only
SelectandMulti-selecttype custom user attributes will be shown here.Users should be able to search through the available user attributes if there are more than 3 attributes available to choose from.
Select Values
After choosing a property (e.g. Clearance), the admin can pick one or multiple valid values from a dropdown.
For single-select properties — multiple values for the same property are combined with OR. So a user can have either of the selected values to get access to the channel.
For multi-select properties — there will be an option in the ••• context menu for the property row that lets the user configure if all selected values will be required to satisfy the property row rule or if having any of the selected values will be enough to satisfy the property row.
Once a value is selected, the user can unselect it by clicking on the
xicon in the value chip.
Property-Level Options
For each property row added, there will be a context menu (
•••) which should include:Required values
Visible only if the property type is
multi‐select.“All values required”: The user must hold all selected values for this property.
Example: Program = [Dragon Spacecraft, Black Phoenix], “All values required” means the user must be in both programs simultaneously to get access to the channel.
“Any 1 value required”: The user must hold at least one of the selected values.
Example: Program = [Dragon Spacecraft, Black Phoenix], “Any 1 value required” means the user can be in either program.
Link to Channel Property (toggle)
Turning this On creates (and syncs) a corresponding read‐only “channel property” that can be displayed in the channel header and other places.
Default value: OFF
Remove property
Removes the respective property restriction row from the channel.
Adding multiple property rows
Users will be able to add multiple properties along with their corresponding values to control channel access.
A single global control (dropdown) called “All properties required / Any 1 property required” allows the admin to specify AND or OR logic across different property rows configured.
All properties required - The user must satisfy every property row rules configured.
Any 1 property required - The user must satisfy at least one of the property row rules.
Saving and Validation
(Mockups will be added)
When the user modifies the access rules and saves the settings, we will need to validate the access rules and inform the user about any unexpected scenarios:
No Users Match
On “Save,” if no existing members meet the new rules, a blocking error modal appears informing the user “No users meet the selected property requirements. Please modify the requirements to save your changes.”
Current user does not match
If the user’s own profile attribute values don’t meet the new rules, show a warning modal informing them “You do not meet the selected property requirements. If you continue, you will be removed from the channel.” with options to Cancel or Continue Anyway.
If they proceed, they lose channel membership (subject to the Grace Period rules below).
Some users may be removed
If the user configures property rules on a channel that will end up removing any existing members from the channel, show a warning modal when the users clicks on
Save, informing them “The selected property requirements will remove [XX] existing members from this channel.
[Cancel] [Continue Anyway]
Grace Period (Out of scope?)
If a current channel member (including an admin) no longer meets the channel’s property requirements (e.g., their “Clearance” changes):
Loss of access — The user immediately loses access to channel content (cannot view or post), but remains listed in the members list in a disabled state.
Hovering on the user will show a tooltip saying: “This user no longer meets channel requirements. [Grace Period: X days left]”
Reinstatement — If their attribute values revert to matching the ones required for access before the Grace Period ends, they should automatically regain full membership of the channel.
Removal — After the Grace Period expires, the user is permanently removed. An admin can also manually remove them at any time from the Manage Members RHS.
Grace Period Configuration
A System Admin can set a time duration (e.g., 2 days) in the System Console for the Grace Period. This applies globally to all channels using attribute‐based access.
Adding People to Channel
In the Add People to Channel modal, there will be a section notice shown informing the user that attribute based access restrictions are applicable for that channel.
Only users who meet the current property rules appear in the search and can be invited to the channel. Anyone else is hidden from the results entirely.
Displaying property values required for access
Channel Members RHS
A section should be added at the top of the Channel Members RHS to convey that attribute based access control is enabled for the channel.
Property values necessary to get access to the channel should also be shown as a flat list in a single row. Hovering on any value should reveal the corresponding property in a tooltip.
If there are a more property values than what fit in the row, they should be combined into a single
+XXtag, with a tooltip showing all the property-value pairs that have been configured for the channel.Clicking anywhere on this section should open Channel Settings → Access tab to view more details, only if the user is allowed to view the Channel Settings modal.
Permissions & Roles
This will rely on the Manage Channel Settings permission in the system console > system scheme. By default:
Channel Admin (or System Admin) can configure property-based access.
Channel members can view the configured properties and values but will not be able to modify them.
System admins can update the System/Team Permission scheme to allow members to edit Channel Settings.
Licensing
This feature will be a part of the Premium SKU.
Open Questions
How do we support or work-around the hierarchical structure of user attributes that may exist in customer attribute management systems or mental models. Eg. Anyone with a
Top secretclearance level should also be able to view channels marked asUnclassified.How do we support the tree structure for properties that may exist in external systems?
Are there any external systems that our pilot customers for this effort are using that we should be considering supporting? Is relying on LDAP enough?
Are there any team and system level settings that we need to consider?
Grace period config
Future enhancements to consider
Force-syncing membership based on attributes - adding and removing people based on the configured rules.
Applying ABAC to Public channels or making ABAC-controlled channels discoverable.
Nested Logic for properties and property values (combining AND / OR within a single rule set).
Additional UI touchpoints to show values needed to join a channel.
