Permissions and Usability

No Fishing....

Creative Commons licensed; photo credit: Angus Mackie

In a recent post, I reviewed the advantages of Bodington’s unusual system of assigning access privileges and mentioned that the Sakai community is planning to support Bodington-like permissions in a future version. There was some follow-up discussion of this on the Sakai pedagogy listserv. In particular, John Norman pointed out that the more flexible permissions structure comes with significant usability challenges. I don’t have any clear-cut solutions to these problems, but I’m going to think out loud here and see where I can get with it all.

The fundamental problem with permissions is that they are abstract affordances. In the physcial world, affordances tend to be fairly obvious, almost by definition. I can tell imediately that a coffee cup affords being picked up because of the handle sticking out. Sometimes this can happen in a digital world as well. How can I tell if text on the screen affords editing? By the blinking cursor. But that doesn’t always work neatly. What if I’m not looking at the contents of the document, but a list of documents? We need some sort of iconic representation to communicate the affordance. And the more abstract the affordance, the harder it is to communicate. How do you communicate that the digital object affords the assignment of permissions? How do you make that intuitive? 

In most groupware systems, we deal with the problem of this particular abstract affordance by avoiding it. We don’t attach permissions to objects. Instead, we attach them to people. The fact that I am a teacher means I can access some things and edit other things that students can’t access and edit. That’s a relatively compact and intuitive metaphor, at the cost of being crude. If we want to move to the more elegant system of permissions being attached to objects, then we need a similarly compact and intuitive representation that relatively naive users can grasp quickly. We need to find something familiar whose affordances map well to the onese we are trying to convey.

So. What are we trying to map here? We want to attach permissions to arbitrary semantic objects (documents, meetings, blog posts, tests, group spaces, etc.). Sometimes we want to attach a permission related to a single person. Sometimes we want to attach one related to a group. Sometimes we want to attach permissions related to several groups which overlap. The persons and groups are ad hoc and not reliably heirarchical. What does that sound like?

Tags. It sounds like tags. If we want to attach a permission to an object, we give it a permission tag. In technical terms, we need some sort of tagging namespace (or its equivalent; it doesn’t need to have the same implementation under the hood). From the usability perspective, the first question is whether users can deal with several different kinds of tags, e.g., permission tags and regular search/categorization tags. This is just an intuition, but my best guess is that users can handle more than one tagging namespace but no more than, say, three or four at any given time. You’d have to give visual cues to distinguish tag types (e.g., color), but I’m guessing users could handle this. (We’d want to do some usability testing to confirm.)

Unfortunately, the mapping doesn’t work perfectly. Tags are good for attaching one piece of information to a semantic object, but we need to attach two—what the permission is and who is getting it. So maybe what we really need is two different types of tags and a way to relate them. For people, we need a group tag. Only person objects can be tagged with group tags. On the other hand, digital artifacts (e.g., discussion posts, documents, meeting invites, etc.) can be tagged with permissions, e.g., edit access, read access, etc. Both would necessarily be controlled vocabularies. Permissions in particular would have to be constrained for the set of tags that make sense for a particular digital object type. For example, it might make sense to make a meeting, a work site, or a discussion board “joinable”, but not a discussion post. New permission tags would be definable by programmers only. In contrast, you could imagine allowing a user to create a new group/tag or register a new person/tag. You’d have to account for the differences in the two tagging interfaces, but since there are models for tagging in both open and controlled vocabulary models, this shouldn’t be a problem.

Once we have people able to take group tags and objects able to take permission tags, we need a way to relate them. What we’re really constructing in the end is an RDF-like triple relationship, e.g., “Discussion post X | is editable | by John.” The third item in the triple can be either a person or a group tag. (The latter has the effect of something like chaining triples, but now I’m getting over my head, so nevermind.) What I imagine happening in the user interface is something like adding an item to When a user clicks on the option to add a permission tag, a dialog appears. The user must first select one or more permission types from a menu of options (e.g., view, edit, etc.). Then the user must pick one or more user or group tags, with an interface that works identically to the type-ahead tagging interface.

Of course, manually creating tags for every object in the system would be prohibitively cumbersome. So we also need mechanisms that auto-generate default tags within a particular context. Most obviously, the creator of an object (e.g., a document) would automatically have certain privileges assigned. Maybe artifacts created within the context of a particular course space could automatically assign privilege sets to different groups associated with a particular course (e.g., the teacher group, the TA group, the student group, the workgroup #1 group, etc.). This effectively approximates the ease of use that comes with role-based permissions while still allowing a lot of fine tuning. 

I imagine there will be some edge cases where tagging won’t work for permissions. For example, how would you use tags to set permissions regarding whether a person can create new group tags? But in Sakai 3’s content-centric model, tags could work for a substantial majority of cases.

I’d be curious to hear what you all think about this, particularly if you have experience with Bodington or are working on Sakai 3.

Share Button

Google+ Comments

About Michael Feldstein

Michael Feldstein is co-Publisher of e-Literate, co-Producer of e-Literate TV, and Partner in MindWires Consulting. For more information, see his profile page.
This entry was posted in Ed Tech and tagged , , . Bookmark the permalink.

8 Responses to Permissions and Usability

  1. Hi, Michael. I, like you, was very impressed with Bodington when I went to an information day and have written elsewhere about the amazing ease of set-up. Also like you, I’m forever battling various LMSs (and their administrators) to get the permissions and usability to work for the user, not the system. The Bodington system of flexible groups works really well when thinking of returner-learners – of which this Western world is going to see a much larger proportion both because of the need for lifelong learning and because of demographics. Once outside the 18-22 ‘traditional student’ box, people may be students, professional experts, adjunct faculty, systems helpers/designers, interested browsers and several other labels. Older people are also far more likely to pop in to a variety of classes/disciplines because they are piecing together a different type of jigsaw: their mental maps are highly likely to have more and/or more diverse chunks of knowledge and experience that pick up and view information in different ways and, perhaps, with a different perception of what a goal might be. Permissions that work on a Base-permission, And, And, And are far more flexible. It’s even possible to allow teaching or admin staff to belong to groups that do not cheerily welcome them to a Class(room).

  2. Laura says:

    I’m watching this debate with interest, but don’t feel my appreciation of the space is sufficient to offer much in the way of useful suggestions yet 🙂

    Tagging seems a strong metaphor, but tags have two problems. Firstly, they are generally text (although maybe we can do better with colours/iconography), and secondly, they fail once you get more than a handful on a single item because there are simply too many to parse. Look at Flickr – many images have, say, a dozen tags which describe the content, plus another dozen groups (which define a context within flickr; “taken with a Nikon 900D”, “cats”, “Black and White”, “Pictures with Lego in”, “lolcatz”, “taken on holiday”, “Up for critique by GroupFoo”). Note that group tags (perhaps somewhat like permissions) are not all equivalent: they reflect different characteristics. Representing so many things for a single item – especially when you are looking at a set of items, not just one – is exceedingly hard, particularly in a “file list” type paradigm. More graphical representations might help here.

    Although the screen representation is going to be challenging, in many cases people probably don’t want to see permissions (unless they attempt an action and are refused, or wish to check that a certain item is set up the way they expect), I feel the biggest hurdle will be figuring out the correct defaults for different circumstances (both what groups people are in, and what permission sets items are in).

  3. You make some great points here, Laura. Let me take them one by one. First, on the content tags versus group tags, I think we need some sort of convention whereby the two types of tags are separate to the users. Maybe they happen in different tabs of the interface. Maybe they are different colors. Maybe they have different icons. But since these two tag types serve very different purposes, I agree they need to be separated for the user.

    I’m less worried about the heterogeneity within a tag type. This semantic sloppiness is actually a virtue. I don’t think the distinctions they elide will matter to the users.

    On the issue of managing tag proliferation, that problem will vary from application to application. The permission tags need not be too bad since there will be one tag per permission type, and it could aggregate antecedents. For example, a document would have one “editable” tag that takes multiple users and groups. Note that there is a bit of semantic slight-of-hand going on here. If you think about the interface from the Firefox extension, the of adding multiple users to an “editable” tag is very similar to adding multiple tags to a page, with one extra step in the middle where you specify the permission type. I can “tag” as many users and groups to one object/permission pair. So my terminology may not be quite right here. (I may find time to do a primitive mock-up of what I’m talking about here.)

    At any rate, the real tag proliferation problem will be with groups attached to users. But you can do searchable alphabetical lists, and there may be a way to figure out how to use clouds as well.

    But I agree that the most important part will be to get the default permissions right. I’m not sure how hard that will be; you can start with a rough mapping of the way role-based permissions work and go from there. I suppose the technical challenge will be to bring together arbitrary contexts with arbitrary content types from arbitrary tools in order to be able to make those defaults happen smoothly without knowing a lot about the configuration in advance.

  4. Clay Fenlason says:

    Driving toward a single affordance – tagging – feels like the wrong move to me when I try to extend it to all the use cases we commonly deal with. As John points out, when you run through the variety of verbs you start to doubt whether a global mechanism (from the user’s experience – if we’re just talking about what’s happening under the hood, that’s another matter, of course) will be a good fit. You run into cases (e.g. assignments, quizzes) that describe not only simple access, but also constraints on activities that can be conducted with that access or where it might fit within a workflow (e.g. ‘is submittable,’ ‘is gradable’ ). Possible with tags, but it no longer feels like you’re doing anyone any favors with a tagging interaction, while other designs, particular to that context, may be more helpful.

  5. You may be right, Clay. It’s hard to know for sure until we run the use cases, but it seems likely on the face of it that we’ll run into edge cases. What we don’t know is how many of them are they and how important they are.

    It would be great if somebody could do a screencast tour of the Bodington permissions UI, talking to the usability challenges as part of it. That would be a good place to start the investigation.

  6. Off topic (but I could find another way to contact you Michael!)

    Can you enable your RSS feed to push out the full-text rather than truncating your content in the feed? It’s most likely a check box buried inside the control panel of your blog.


  7. Ian says:

    In Sakai 3 we are using a type of tagging, although you might not recognise it as such. Items are ‘tagged’ with a number of statements that control access to the object. These statements talk about permission, a grant, and subject. If the user has the permission within the subject mentioned the grant is invoked. Grant is true or false ie granted or denied. So we tag an object with a triple required permission in subject will grant. The Subject can be anything that can contain a set of permissions, like a role within a group. The user would have to be a member of that role to aquire the permissions. The statements on the object are organized into sets, the set, selected by the operation forming an access control list for that operation.

    So we are not placing permissions directly on an object, but rather expressing a set of requirements to grant or deny an operation. There is a fuller document giving a more complete description on the google group sakai-kernel where this work is being performed.

    This is the underlying permissions system, how it is expressed and used in the UX is another matter.

  8. There’s many a strange force in the education space at the moment, all churning and tossing, like a confused rugby game – with a few recognizable older giants and some smaller teams – all trying to run with the ball in different directions: that being the case, a practical approach is to get as clear a view of the playing field as possible – so let’s have a peek at our predicament.

    First, for the majority of individuals – unfortunately, what has been meant by ‘education’ for the last century or so, has really been training people to process vast amounts of personally useless information as quickly and accurately as possible: we’ve all seen the photos of vast halls of clerks in row upon row of desks, processing catalog orders or medical records – which sorta kicks a lot of the high minded education rhetoric right where it hurts. This state of affairs was no accident, once upon a time, the industrial world needed clerks almost as badly as ‘Mars needed women’. Which also tended to mean people got judged on their ability to ‘clerk’ before anything else – and who wants a clerk that thinks too much? – sadly, because of this, many smart folks who made lousy clerks didn’t do very well … and, worse, much worse — vice versa — ( just in case there’s any romanticizers out there). In short, there was some flexibility, but not much, and only rarely did anyone get much personal coaching.

    We’re now suffering with the remnants of this older system, that’s lost much of its purpose and is being allowed to rot — industry no longer needs cheap dependable clerks as much as it once did because, well … there’s not much industry — so why invest in the system that creates them? However this state of affairs is pretty much all we know, and even stranger, there’s now this wacky notion, being sold on what can only be described as a dangerous blend of moral superiority & machismo, that getting tough and baring down on youth is the best way to out-compete the likes of some very large, very culturally homogeneous third world authoritarian players – foolishly forgetting that such gun-to-the-head structures will always kick our ass in a game of ‘daily grind’. Even if the “Great-Helmsman” himself appeared, pulled out his iron fist, and tried to set-things-to-rights over here, he’d still get a better bang for his bullets elsewhere – and I won’t even get into the consequences …

    … yet, many people still cling to this older way of doing things for their sense of purpose, for their identity … and frankly, for many – it actually works – including for many students. The problem is, it’s becoming less relevant and less effective – but, as mentioned, it’s all we know … and as hard as it was to get a bit of personal coaching when the system at least had some money, it was certainly easier then, than now.

    Soooo that, in big strokes, is our predicament – as the result of which, we’ve created the first generation that’s less educated than the one that came before: by design, and the long term consequences of this strategy are proving worse than “silly”.

    What to do?

    There is no doubt in my mind, that individualized course shaping and strength training is going to be necessary, if we want to compete: the only problem is – given the current context – nobody wants to invest much in clerks any more: McDonald’s has simply automated its deep fryers, it no longer needs as many people who can read instructions with accuracy. End of story right?

    Well, don’t get me wrong, we’ll always need clerks, but we’re going to need hi value, quasi-independent team players even more – that is, if we wish to continue living in the style to which we’ve become accustomed – the problem is, making hi value, independent players isn’t really something we’ve done all that much of previously.

    Oh, hang on a sec – the ghost of Uncle Niccolò is whispering in my ear:

    “There is nothing more difficult to take in hand, more perilous to conduct, or more uncertain in its success, than to take the lead in the introduction of a new order of things.”

    I see …

    … well, then … what do you suggest Uncle Nick?

    … and so he disappears, leaving only the merest scent of noodly pine-nuts.

    Hmmmm, then I guess we’re on our own … so … what have we got to work with?

    First things first – not a lot of money – however, there is the power of technology that is getting cheaper all the time, unfortunately – as we’ve seen – just throwing wikipedia and a few videos around isn’t the be all and end all as some have made out, however, it is proving to be a start.

    What else?

    Well, we’ve got the beginnings of insight into what works and what doesn’t – the only problem is, we don’t have the budget to implement this in any sort of idiosyncratic one on one way … which means, we’re probably going to have to build it into our systems as best we can.

    We did this before by the way – originally, the New World didn’t have many craftsmen, they where doing too well in the old one to come here – so instead, we just built as much intelligence into our machines as we could: worked rather well … sure, an individual craftsman could still make a better gun, table, whatever … but we could make a whole lot more of them … as for today, such a solution won’t be as good as individual tutors or coaches, but it’ll be a lot more customized than the current system trying to mass produce more clerks than we need, and it will need constant updates and tweaking by those same hi quality tutors and coaches.

    So, aside from doing a much better job identifying personal weaknesses and strengths – as idiosyncratic as that is. A big part of this is getting students to work together on-line – which is already happening, and will have to be built into whatever systems are put in place.

    There’s also going to be a LOT of room for good, adaptive design – and there’s going to be a lot of need for people who understand how this all really works and how to get the most out of it – as the systems will have to constantly be tuned & updated. I can easily see a new profession arising of ‘Course Architect’, as one who consults with the domain experts, and puts together the most powerful arsenal of adaptive tools and techniques to get the message across – and this will be usability tested across a variety of learning types: today this is often thought of as little more than a glorified web designer – in the future – they may be more highly paid than the lecturer.

    I hope we’re ready for this – or would you rather have fries with that?


Comments are closed.