api-services-portal icon indicating copy to clipboard operation
api-services-portal copied to clipboard

Published 20 hours ago verified publisher icon bcgov

Access Manager - time wasted on invalid access requests

Open JohnathanBrammall opened this issue 3 years ago • 9 comments

Story: As an access manager (Mark) I need to know when a request for access from an application is no longer valid because the application has been deleted by the consumer (Harley).

Trigger: A consumer (Harley) deletes an Application that has a pending request.

Value: Because an email notification is sent to Mark (Access Manager) they may log in and not see the pending request (as is current behaviour: pending request does not appear in the portal when the application has been deleted). This will cause confusion and may result in the Access Manager spending time and effort trying to find the cause of the notification but no request in the portal.

JohnathanBrammall avatar Oct 14 '22 19:10 JohnathanBrammall

Elisa to investigate UX options, remove refinement label when solution has been identified

mwendowsky avatar Feb 09 '23 18:02 mwendowsky

  • One possible UX solution could be to include a message or notification on the access request page indicating that the application associated with the request has been deleted.
  • Another possible solution could be to automatically remove any pending access requests associated with a deleted application. An email notification could be sent to Mark indicating that the access request has been automatically declined due to the deletion of the associated application.

elisafw-ux avatar Apr 22 '23 16:04 elisafw-ux

@chrsamp could you review? :) Screenshot below

Display the error on the consumer's page when a consumer has deleted an application while the access request is still pending.

Requests.png

elisafw-ux avatar Apr 25 '23 14:04 elisafw-ux

@elisafw-ux In addition to the above, we should also include a record under Activity to show that a Consumer has deleted an Application and revoked their consumer access. ATM there is no activity record, which adds to the confusion as it looks like it just disappeared.

ikethecoder avatar Apr 25 '23 16:04 ikethecoder

+1 to Aidan's note about the activity record. In the error message, instead of saying "This request is no longer valid", can we make sure we mention that no action is required, or that they cannot approve the request as the associated application was deleted? Just to clarify that there really is nothing for them to do here? The consequence of the client application being deleted (no point in approving the request) is clear to us, but might not be immediately clear to whomever is managing access.

chrsamp avatar Apr 25 '23 20:04 chrsamp

Updated designs @ikethecoder @chrsamp review please!

elisafw-ux avatar May 02 '23 15:05 elisafw-ux

@elisafw-ux Thanks for the updates, this looks good to me.

chrsamp avatar May 02 '23 15:05 chrsamp

@elisafw-ux It is possible that the one Application has access to multiple Products; should each Product be a separate Activity, or should the one Activity record support multiple Products?

ikethecoder avatar May 02 '23 16:05 ikethecoder

@ikethecoder I'd say one Activity record displaying the revoked access of multiple products. If we start creating separate activity records the UI could result being cluttered and confusing. I've learned that for activity feeds, if the actions were performed in the same timeframe, they are usually grouped as one activity.

elisafw-ux avatar May 03 '23 14:05 elisafw-ux