User Stories - RBAC MVP: Libraries

By Guillermo Viedma
5 min

This document outlines a set of user stories that define the MVP for RBAC within the system. It serves as a working draft to capture the essential functionalities related to user management, role assignments, scope filtering, and permission controls. Changes and refinements may be made as requirements evolve.

User Management in a Unified Interface

1. View the complete list of users with their Roles

"As an Admin, I want to see a list of all users with access to the libraries I control, along with their assigned Roles, to have a general overview of permissions across those libraries."

Functional Requirements

  • The list should display all users that the current user has permission to view. (Controlled via the 'View Library Team' permission.)

  • The list must be sortable by any displayed field.

  • The list must use infinite scroll.

  • The list must show each user's Role along with the Scope where that Role is applied.

  • A user can have more than one Role.

  • A Role can have more than one Scope. (Examples: Library A AND Library B, All Libraries, Library C.)

Open Questions

  • Should we display when a user's access control was last modified?

  • Does a version of this view, scoped to a singular library, also exist/be accessible from within a library?

  • Should I restrict the scopes listed based on my permissions?

2. Filter users by Scope

"As an Admin, I want to apply a filter by Scope in the user list to see only those who have permissions within that Scope."

Functional Requirements

  • The Scope filter must allow selecting only one Scope at a time.

  • If the selected Scope is "All Libraries," the list must display all users the Admin has permission to see.

  • If the selected Scope is a specific library, the list must display:

    • Users who have a Role in that library.

    • Users who have a Role in a broader Scope that includes that library (e.g., "All Libraries").

  • The Admin must be able to combine the Scope filter with other filters, such as Role.

Open Questions

  • Should the Scope filter be a dropdown, a searchable input, or both?

  • How should the interface handle filtering by both Scope and Role?

  • Will we need to add more complexity for organizations, ie all libraries in an organization?

3. Filter users by Role

"As an Admin, I want to apply a filter by Role in the user list to see who has a specific Role within the system or in a particular library."

Functional Requirements

  • The Role filter must allow selecting only one Role at a time.

  • If no Scope is selected, the list must display all users with the selected Role, regardless of Scope.

  • The Admin must be able to combine the Role filter with other filters, such as Scope.

Open Questions

  • Should the Role filter be a dropdown, a searchable input, or both?

  • How should the interface handle filtering by both Role and Scope?

4. Assign a Role to a User

"As an Admin, I want to add a user to a library and assign them a Role so they can collaborate with the appropriate permissions."

Functional Requirements

  • The Admin must be able to search for users by name using a search bar with suggestions.

  • The system must allow assigning Roles to multiple users at once.

  • The Admin must select a Scope when assigning the Role.

  • The Admin can only assign Roles within Scopes where they have the "Manage Library Team" permission.

  • The system must provide success/error messages after assigning the Role.

Open Questions

  • Should the system prevent assigning duplicate Roles when a user already has the same Role in a broader Scope (e.g., "All Libraries")?

  • Should there be user assistance (e.g., warnings, tooltips) to help Admins avoid conflicting assignments?

5. Change a User's Role

"As an Admin, I want to modify a user's Role in a library to adjust their access level without needing to remove and re-add them."

Functional Requirements

  • The action must be performed directly from the user list.

  • Each user must have an access point that allows the Admin to edit:

    • Their Role

    • The Scope where the Role applies

  • The Admin can modify both Role and Scope in the same action.

  • The Admin can only change Roles within Scopes where they have the "Manage Library Team" permission.

  • The interface should allow modifying the entire access control of a user at once.

  • The system must provide success/error messages after modifying the Role.

Open Questions

  •  

6. Remove Library Roles from a User

"As an Admin, I want to remove all of a user's Library Roles to completely revoke their access to any library content."

Functional Requirements

  • The action must be performed directly from the user list.

  • The action must be possible while filters are applied.

  • The same access point used to edit a user’s access control should allow removing their Roles.

  • The Admin can only remove Roles within Scopes where they have the "Manage Library Team" permission.

  • After the success message, the list must be refreshed, and in the case there is no more roles related to that user the user must disappear from the list.

  • If an Admin removes a user's Role in a specific Scope, and the user has a broader Role (e.g., "All Libraries"), the broader Role should update to "All Libraries except [removed Scope]" instead of being fully revoked.

  • The interface must provide options to revoke access from all the Scopes or a specific Scope when managing broader Roles.

  • The system must provide success/error messages after removing all Roles from a user in a Scope.

Open Questions

  • Should there be an option to see users who previously had access but currently have no Roles assigned?

Role and Permission Management

7. View a list of all Roles available

"As an Admin, I want to see a list of all available Roles in the library section to understand my options when assigning Roles to users."

Functional Requirements

  • The list must display all available Roles in the new library section.

  • Each Role must include its description.

  • Only Users with the "Manage Library Team" permission can see this list.

Open Questions

  • How should the description of each Role be presented?

8. View a Role’s description and Permissions

"As an Admin, I want to select a Role and see its description and associated Permissions to understand its function before assigning it to a user."

Functional Requirements

  • The User must be able to interact with a Role to view:

    • The Role’s description

    • The Permissions included in the Role

  • Permissions must be structured into categories.

  • Only Users with the "Manage Library Team" permission can access this view.

Open Questions

  • How should the User interact with a Role to see its details?

  • How should the Permission descriptions be displayed without overwhelming the view while keeping them accessible?

9. View a list of library contributors

“As a Library Author, I want to see a list of all the users who have access to the same Library that I do, so that I know who is editing content alongside me.”

Functional Requirements

  •  

 

Related content