[Design] View role and their assigned users

Problem overview

There is not a central place to view all the users and see their assigned access (default role/custom role).

If an organization wanted to see all the owners or maintainers in an organization, they would have to stitch together multiple APIs. In some ways you can do this at the group or project level by looking at the members, but its only what has been directly added or indirectly inherited. This causes a challenge for auditing permissions across GitLab.

In addition, custom roles shows a count of users assigned although you have to determine who is manually assigned. If you need to delete the role, this can be a manual task and challenging at a scale of hundred users.

Use cases with JTBD:

• As an access maintainer, I want to view all users and their access, so that I can ensure GitLab is complying with our current access policies
• As an access maintainer, I want to see users with the role of owner or maintainer, so that I can understand who has the most access rights in a given group or project
• As an access maintainer, I want to delete a custom role, so that I can ensure we are maintaining only the custom roles we need in our organization.

Current Experience

Task	User Experience
View all users and assigned access, subtasks: View all owners or maintainers in an organization Audit permissions	SaaS - Member panel View top level group -> members, repeat for subgroups and projects If users are shared into group, navigate to shared group to view shared group members Members may be listed twice (shared + direct) SaaS - Export CSV View top level group -> export csv, descendent member in this case is listed from the top level group CSV export because they have been added directly into a subgroup and project Export does not provide associations to other groups Export does not provide Custom Role name Self Managed - User Panel Go to Admin > Users, click on user, navigate to groups and projects, view all group/project association with role Self Managed - Export CSV Go to Admin > Users -> export csv, associations to groups/subgroups and projects are detailed through the column 'path' Export does not provide Custom Role name
Delete custom role	To delete custom roles, navigate to roles and permissions, see member count No visibility into which group and members are assigned custom roles

Design Exploration

We explored several approaches, problem and exploration can be found in this Figma file.

🔎 Show relevant data in CSV export ( #460477 (closed))

• Status: Designs handed off
• UX: Under roles and permissions, add a button to export csv for user, roles and access to members

View designs

🔎 Role overview, detail and assigned users

Proposed experience: walkthrough video, Figma file

• Add default roles in Settings>Roles and permissions
• Add role detail page for default & custom roles
• Add tab in role detail page for user's assigned specific role with groups & projects

View designs

Proposal	Design
List out both default and custom roles under roles and permissions tab Includes a summary of role assignment scope: users, groups and projects
Clicking on the role brings them to role detail page with tabs for permission details and users Moves details like base role and permissions out of the current custom role table into detailed page
Option1: Users tab lists out all users and the scope of access (groups and projects) Ability to filter based on user or groups Ability to collapse list
Option2: Users tab with drawer for groups and project detail Drawback: Pattern may not scale for bulk actions like unassigning roles

🔎 User list with role, group and project access

• Add user list as a tab in Settings>Roles and permissions
• User list includes all assigned roles in groups and projects (direct, indirect and shared access)

View designs

Note: The exploration below is functionality in addition to what's outlined in Iteration 2

User list expanded into group / project access	User list with filters	User list expanded with group and projects dropdown
Benefits User list is closely related to roles Filter by group or role Risks Duplicates user list found in usage and member pages Potentially not scalable with the amount of data for each user's direct and indirect memberships	Benefits List out results based on filter inputs Could scale and limit the amount of information requested Risks Does not meet the needs of "I need information for all users	Benefits List out all users and summarizes details needed Leverages existing pattern Risks Not filterable based on groups and projects

Additional explorations can be found in Figma.

Feedback

• Having a role filter in a user list would be a duplicative solution to Roles and permissions > Role > Users in Iteration 2: View a list of roles (default and ... (#461144 - closed)

• Concerns around duplicating a user list, especially in SaaS that would further confuse users. Existing users lists:

  Area	Gap in data for customer's need (as described in problem statement)
  Top level group - Member list	SaaS: Not reflective of all users (User A invited only in Project A will not show up in Top Level group)
  Usage quotas > Seats	Not reflective of all users, only billable users Not reflective of inherited access Not filterable by role
  Usage quotas > GitLab Duo Pro	Reflective of all users, doesn't contain a role
  Admin > User list	Not filterable by role Group and project information is in detailed pages of users

  The proposal to add Roles and permissions > user list solves for the gaps detailed above but we would ask users to again familiarize themselves of an additional user list.

Solution Validation

We tested the approach of having a role overview with default and custom roles, providing a click through detail and showing assigned users. Overall, feedback to the proposed interface from participants is positive, they found the experience to be intuitive and well aligned with their expectations.

Learnings

• Proposed role overview page with name, description and directly assigned users is clear and informative (cc: @jglassman1 )
• Participants expected to click on number of users directly from the overview page to view all users assigned
• Listing out users in one row with assigned group and project details in expandable pattern tested best with user expectations
• Participants expected the ability to search for users
• When asked how they would use this information, participants noted that this detail would be valuable for auditing and managing user lifecycle

📖 Dig into findings here: Solution Validation for role overview, details ... (#464748 - closed)

Final Designs and Specs

Note: Additional discussion and updates may have changes the designs specs in this issue, please view the dev ready section in Figma file for the up-to-date designs.

Role overview

Ultimate customer

Premium

Role detail

Custom role detail

Default role detail

User Details

Expanded

Out of scope

• While we explored a unified list for users, we decided to hold off on until we can align on a long term solution without duplicating views #455078 (comment 1943681659)

Next steps and follow up

• Update roles and permissions overview page [FE] Update role table with default role (#468353 - closed)
• Create a new view for default and custom role permission details [FE] Custom and default role detail view (#468386 - closed)
• List out users that are assigned to a specific default and custom role [FE] View assigned users in a role (#468398)
• Problem gathering for user list and its long term solution [WIP] Problem gathering for user list (#468402 - closed)