Experience Recommendations - Compliance FY22-Q3 - Create audit devlierables
Heuristic UX Buddy Scorecard: #1663 (closed)
Experience Recommendations Checklist
Learn more about UX Scorecards
-
Add this issue to the stage group epic for the corresponding quarter's UX scorecards. -
Brainstorm opportunities to fix or improve areas of the experience. - Use the findings from the Emotional Grading scale to determine areas of immediate focus. For example, if parts of the experience received a “Negative” Emotional Grade, consider addressing those first.
-
Create an issue for each recommendation. Alternatively, you can create a separate epic to hold all your recommendations. Add a UX scorecard-rec
label to every issue or epic for traceability. Link to the epic or issues here. - [-] Think iteratively, and create dependencies where appropriate, remembering that sometimes the order of what we release is just as important as what we release.
- If you need to break recommendations into phases or over multiple milestones, create multiple epics and use the Category Maturity Definitions in the title of each epic: Minimal, Viable, Complete, or Lovable.
Resulting Recommendations
Insight | Issue | Comments |
---|---|---|
Daniel used an administrator account but only having access to auditor would make many features inaccessible | Provide Auditor Role Access to Audit Events and Implement in GitLab.com SaaS | We've known about this issue. Even our own internal auditor team members cannot take advantage of all our features because they are either in the Admin Area or behind an elevated role like owner
|
The table format can make the data points a bit confusing to understanding since they are not all the same | Revise the descriptor used for the column headings | For example Object can be misleading |
Just reading the object or target alone does not clarify what something might be |
Add target data as secondary info | group/project doesn't help indicate that what changed was actually a project setting |
Some action statements were hard to read and interpret. It's also non-obvious when it is happening as an impersonation | Revise action messages for readability | For example, changed prevent merge request approval from reviewers to true (by Administrator) |
It's non-obvious when an action is happening via an impersonation | Add a badge to indicate impersonation | This might not translate into the exported file |
The ability to export data to a csv was missing in project |
Group-level audit event export for self-managed and GitLab.com Project-level audit event export for self-managed and GitLab.com |
Just awaiting prioritization |
Daniel couldn't figure out why the date range wasn't letting him pick dates as he saw fit | Clarify date range constraints in Audit Events | While we would like to allow users to pick any date range, it has too much of a performance impact on the database |
Filtering by project events was only available in the Admin Area | Allow users to filter by projects in groups | This isn't possible right now because of performance requirements |
There is no way to filter down results based on a type or selection of events | Add filtering options for events | Possibly not feasible for performance reasons. Being able to find multiple events would be useful. |
The second task was not completed as expected, and this was likely due to a lack of knowledge of compliance violations tied to separation of duties. Despite this, there is an epic focused on making the compliance report more insightful and useful overall.
UX Scorecared - Create audit deliverables - Synthesis & Feedback - Watch Video
Edited by Austin Regnery