Project

General

Profile

Actions

Task #387

open

Feedback on GUI (when doing admin guide)

Added by Marcel Poul over 7 years ago. Updated about 7 years ago.

Status:
New
Priority:
Low
Assignee:
Vít Švanda
Category:
Feedback
Target version:
-
Start date:
04/26/2017
Due date:
% Done:

0%

Estimated time:
Owner:

Description

  • Profile -> Personal Data - Surname is mandatory, why?
  • Users - want to go to user detail from the table. There is reference through Login as well as Magnifying glass button. It is inconsistent in whole GUI. I personally prefer reference via "name" then button.
  • Profile -> Positions -> Position detail - how can I get back to Positions form? I am little bit lost. Sure I can find the user again, but... What about breadcrumb there?
  • Profile - Breadcrumb with "Position in organisational structure" is really confusing, especially when browsing on users with default contract and no position on contract: "Default/MyName" - definitely is not the position in org. structure. Why not to use the green info box like in Profile -> Positions -> Position Detail -> Basic Information for the whole Profile menu? Breadcrumb may be then used for navigation like suggested in previous point. Another example: user has contract with Work Position "Lekar" and contract is on positon "Vzorova Nemocnice" in org. structure. Its breadcrumb is now "Vzorova nemocnice/ MyName". I think "Lekar" is missing in the path?
  • Napojene systemy -> Synchronizace and Provisioning -> both have audit logs, but it is not the shortcut to Audit menu. Thinking of having all logs at the same place with only shortcuts to them in each menu...
  • Napojene systemy -> Synchronizace -> Log - going to "Detail logu položky" means 4 steps of clicking on some detail. Is there some other way of how to manage sync logs? Moreover when I am at the last point I cannot see any navigation point like breadcrumb. If I want to go 2 steps back I have to remember my position and click on "Back" on browser window or go all the way Napojene systemy -> Synchronizace -> Log, detail, detail, detail ...
  • Audit -> Entity history - the table has first column "Entity type", which is little bit strange. I guess Entity or Date is more suitable
  • Audit > Entity history - filtr Date from and Date to with same date give always no result. I guess Date from include the given date, Dete to exclude it. Seems little bit tricky. I think setting hours for filtr will be good too.
    * Audit > Entity history - I cannot find out, what Entity ID in filtr mean. No matter what I type in, I always get "Filter isn't valid" error message. If it is for Entity column, then id is missing in filter. Otherwise Entity is missing. moved to separate #519 ticket.
  • Roles -> Roles administration -> Role detail - when finished editing role, the value of the button is Save and continue. Editing user detail have only save. Make all edit forms the same... The same situation is for Role create and User create default values.
  • Roles -> Roles administration -> Role detail - Type of the role does not have any application. Until the application of the "Type" attribute is introduced, it should not be visible to users (maybe even not defined as entity attribute). Otherwise if users use it as something like "labels" - then when the application is introduced, it would be hard to upgrade.
  • Roles -> Requests for roles - I think there will be many Requests form in future (Roles, Technical accounts, VPN, Certificates, Licence etc.), so The Request may be on the same level as Roles. Then Roles will have no submenu (similar to Users and Organizations) and will be more simple.
  • Roles -> Roles administration -> Role detail -> Automatic roles - When deleting automatic roles there is a window demanding approving the automatic role removal "Opravdu chcete odebrat automatickou roli [testRole2 - Dětská kardiologie (12370)]? Všem uživatelům, kterí získali roli prostřednictvím této automatické role, bude přiřazené role odebrána." - There are '[' and ']' characters for the list of roles... + přiřazené -> přiřazená.
  • Roles -> Roles administration -> Role detail -> Automatic roles - I am little bit confused about the role ADD and delete. The messages suggest "NEW automatic role" as you would create new entity in CzechIdM. In fact you just create a reference from role to treenode. It may be confusing when talking about automatic roles with IdM admins.
  • Organization -> Organizations (as Users, Roles, Tasks etc.)

Related issues

Related to IdStory Identity Manager - Task #430: Authentication FE feedbackClosedRadek Tomiška05/19/2017

Actions
Related to IdStory Identity Manager - Task #429: Synchronization logs feedbackNew05/18/2017

Actions
Related to IdStory Identity Manager - Feature #329: Password policies - feedbackNewOndřej Kopr03/10/2017

Actions
Related to IdStory Identity Manager - Task #489: Performance feedbackClosedVít Švanda06/06/2017

Actions
Actions #1

Updated by Marcel Poul over 7 years ago

  • Description updated (diff)
Actions #2

Updated by Marcel Poul over 7 years ago

  • Description updated (diff)
Actions #3

Updated by Marcel Poul over 7 years ago

  • Password change for other user (as administrator) - there is no choice of using Password generator. I see it as natural place to use the component we already have...
Actions #4

Updated by Marcel Poul over 7 years ago

  • audit log -> entity history. When searching for changes on entity relations e.g.:
    • Role <-> ( Contracted position <-> ) Identity
    • Role <-> Permissions
    • Identity <-> Contracted position
      every one of them.

it is absolute, total, bottomless HELL :-D IDs everywhere, no idea where to search for the relationship entity name. No chance to find anything!!! (except you are devil).

Sorry for my language, I know you love me still, guys.

Actions #5

Updated by Alena Peterová over 7 years ago

Marcel Poul wrote:

  • audit log -> entity history. When searching for changes on entity relations e.g.:
    • Role <-> ( Contracted position <-> ) Identity
    • Role <-> Permissions
    • Identity <-> Contracted position
      every one of them.

it is absolute, total, bottomless HELL :-D IDs everywhere, no idea where to search for the relationship entity name. No chance to find anything!!! (except you are devil).

Totally agree. Please consider following use-case of the most common support incident:

Identity xyz can't login to IdM, or AD,.... Their attributes/roles/block status/... are wrong. Explain why IdM did this!

You don't know when, you don't know who, you don't know why the identity has wrong settings. You need to find ALL changes that happened on this specific identity during last weeks, months or even years. Then you can find the reason (which can be really anything, e.g. administrator made mistake, a personalist made some typo in HR system and contract went inactive, manager accidentally resetted password or disabled the user, approver denied approval task for role even if he thought he approved it, synchronization didn't handle the user in last few weeks, personal processes started something unexpected,...) and you can prove that IdM works as it should.
Therefore you need to be able to filter all changes and relations for one specific identity historically. Even for contracts that are no longer active, roles that are no longer used,...

Actions #6

Updated by Petr Fišer over 7 years ago

On forms with the hierarchy tree (roles administration, organization) the list can be filtered. The filter can be added by clicking on some node in the tree component. This is can be very confusing to the user. Consider following.
You have organization tree in the roles administration which looks like:

SAP
  |_ SAP PAM
  |_ SAP CUA

This tree is, at the beginning, collapsed to the "SAP" label. User clicks the "SAP" label to expand the tree which does not happen - instead the filter is applied. This happens very silently in the part of the form the user is currently not looking at. When searching for roles, user may not find what he wants because there is a filter applied. (This actually happened to Lucka - she had about 10 roles and no tree defined for them. After defining a tree, previously defined roles "disappeared". There was just a filter being applied because she tried to expand the tree clicking by clicking on the label, but that created a filter instead.)

Apart from the filter form fields, there is no way to tell what happened. Applying a filter does not generate clearly visible output for the user. Also, there are three fields (Name, Type, Složka v katalogu) in the roles administration and there is no clear distinction of what they do. Maybe add a "Filtering options" label?

Actions #7

Updated by Marcel Poul over 7 years ago

  • Assignee set to Vít Švanda
Actions #10

Updated by Marcel Poul over 7 years ago

I am unable to see current accout attributes directly on connected end system like LDAP. Hence I am not able to check if the accout was created as I expected or that somebody changed it since then.

Actions #11

Updated by Vít Švanda over 7 years ago

  • Category set to Feedback
Actions #12

Updated by Vít Švanda over 7 years ago

  • Subject changed from feedback on GUI (when doing admin guide) to Feedback on GUI (when doing admin guide)
Actions #13

Updated by Vít Švanda over 7 years ago

  • Priority changed from Normal to Low
Actions #14

Updated by Marcel Poul over 7 years ago

What really confused me and I think will confuse the admins of the CzechIdM is that when you see user detail and its Accounts, you do not see the real state of the account on end system. You can see the state of the accout in CzechIdM. So you always have to check the provisioning Active operations on the systeme, if there is any error.

e.g. you add role LDAP to the user and expect that the account is created on the LDAP system. You look into user detail and Account and you see the line with the account. But it only means that account is created in IDM not that the provisioning was done and the account is created in LDAP. If there was an error - my case: wrong DN for the user, you still believe that the account exists.
I think that there shout be some info about real state on the system - on demand fetch data. + There should be some bold info message on the GUI that those account are offline infos and how to get real info.

Actions #15

Updated by Zdeněk Burda over 7 years ago

  • Related to Task #430: Authentication FE feedback added
Actions #16

Updated by Zdeněk Burda over 7 years ago

  • Related to Task #429: Synchronization logs feedback added
Actions #17

Updated by Zdeněk Burda over 7 years ago

  • Related to Feature #329: Password policies - feedback added
Actions #18

Updated by Marcel Poul over 7 years ago

Scheduler -> Scheduled tasks - When I click on the green arrow with alt text "Run Manually" Message "Task [NAME] successfully started" shows up. But in fact it only shows itself on All tasks window. Where It stays in state "Created" until I click again on "Run Created tasts". All mechanism is very confusing for me. I really do not like that I have to start the task twice. It confuse me, that after first start, there is nothing in the "Running task" window. Also state "Created" is confusing for me. If it waits for something (manual or planned run), I would explect somethink like "Waiting for start" state or similar.

Actions #19

Updated by Marcel Poul over 7 years ago

  • Related to Task #489: Performance feedback added
Actions #20

Updated by Jan Helbich over 7 years ago

Overloading connected system mapping from role:
  • I always click on the system name in the connected system agenda of role, which takes me to the system configuration. Then I have to go back and search and click on that little hand glass button, which is just as gray as the background.
  • apparently attribute mapping in roles and systems agenda are pretty same, but have different localization
  • when I choose some attribute to overload, I'd expect some kind of hint, like preset how is the attribute mapped on the system
  • at least choosing mapping strategy and identifier seems to be redundant in role agenda
Actions #21

Updated by Jan Helbich over 7 years ago

Email templates configuration does not preserve original search filtering / table pagination / number of rows per table.

Actions #22

Updated by Marcel Poul over 7 years ago

  • Description updated (diff)
Actions #25

Updated by Jan Helbich over 7 years ago

Creating contracts:
  • in most cases, there is only one org. structure tree type - fill it in immediately
  • for first created contract, tick "main" contract by default
Actions

Also available in: Atom PDF