[Design + FE dev] Organize permissions into grouped sections in the UX when creating or editing a custom role.
Problem to solve
When a user creates a custom role, they are presented with a long list of permissions. This list will continue to grow and cause cognitive overload when creating a custom role.
Design exploration
We decided to group permissions into meaningful sections, so the user can quickly select permissions. When permissions are grouped or collapsed, it should highlight how many permissions are selected. The plan of work:
- Evaluate current functional groupings against user's mental model (https://gitlab.com/gitlab-org/ux-research/-/issues/3318)
- Propose improvement to permission selector UX:
- Functional grouping - groupings should be 1:1 with groupings in the roles and permissions documentation.
- Dependencies - consistent and fluid interaction when one permission is required (eg admin vulnerability and read vulnerability)
- Search and filtering
- Validate proposed designs
Other opportunities:
- Templating based on commonly used permissions (current role use data would be valuable here)
Permission use cases to design for:
- Dependent permissions within and across a resource group
- Base permissions included default role
- Broad --> Fine grained permissions
- Groupings functional, feature or scope
- Description
| Prototypes |
|---|
|
Option 3 - Searchable select permissions from drawer Option 3A - Searchable select with non-hierarchical grouping |
Solution Validation
Results 1: We tested the current and 2 proposed experiences for selecting permissions. Results showed 100% task completion across all experiences but a simple flat grouping merged as the most efficient and usable, with necessary improvements like search and task-based groupings.
Results 2: We tested Flat Grouping design with improvements and it proved highly successful, maintaining 100% task completion rates and high usability scores (4.9/5). As additional enhancement to the experience, users suggested refining the visual indicators for required dependencies and sub-permission to make relationships even clearer.
Final Design and Specs
Iteration 1: Permission grouping changes,
| Before | After | Final Designs |
|---|---|---|
|
Grouping Permissions - Permissions are ungrouped in New Role > Select permissions area |
|
|
|
Finer grained permissions that are included under broader permission (eg manage includes view)
|
|
|
|
Inherited permission from base role
|
|
|
|
Required permission across functional grouping
|
|
|
|
Description
|
|
Iteration 2: Functionality improvements
| Before | After | Final Designs |
|---|---|---|
|
Functionality in Permission Selection
|
|
Follow-up and Next Steps
- Follow-up: An insight unaddressed is changing grouping permissions to be task-based rather than system-based. I recommend we reevaluate once we better understand the UX implications, created an actionable insight to track: https://gitlab.com/gitlab-org/gitlab/-/issues/519128
- We'll look into how to gather feedback from the experience here





