dataall icon indicating copy to clipboard operation
dataall copied to clipboard

Published 20 hours ago verified publisher icon data-dot-all

UI improvement of "Request Access"

Open SofiaSazonova opened this issue 9 months ago • 2 comments

Feature or Bugfix

  • UI improvement

Detail

  • Dataset Page: for all users "Request access" button is added (pics 1, 2)
  • Dataset List Page: "Learn more" removed (duplicated functionality), "Request access" added (pic 3)
  • Catalog page: text added near the icon (pic 4)

Relates

  • #1008

Security

Please answer the questions below briefly where applicable, or write N/A. Based on OWASP 10.

  • Does this PR introduce or modify any input fields or queries - this includes fetching data from storage outside the application (e.g. a database, an S3 bucket)?
    • Is the input sanitized?
    • What precautions are you taking before deserializing the data you consume?
    • Is injection prevented by parametrizing queries?
    • Have you ensured no eval or similar functions are used?
  • Does this PR introduce any functionality or component that requires authorization?
    • How have you ensured it respects the existing AuthN/AuthZ mechanisms?
    • Are you logging failed auth attempts?
  • Are you using or adding any cryptographic features?
    • Do you use a standard proven implementations?
    • Are the used keys controlled by the customer? Where are they stored?
  • Are you introducing any new policies/roles/users?
    • Have you used the least-privilege principle? How?

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

SofiaSazonova avatar Apr 29 '24 13:04 SofiaSazonova

1 Screenshot 2024-04-29 at 14 15 28 2 Screenshot 2024-04-29 at 14 15 08 3 Screenshot 2024-04-29 at 14 01 10 4 Screenshot 2024-04-29 at 14 00 59

SofiaSazonova avatar Apr 29 '24 13:04 SofiaSazonova

@zsaltys have a look, please. Did I understand you correctly? @dlpzx what do you think?

SofiaSazonova avatar Apr 29 '24 13:04 SofiaSazonova

I like the changes, nice! my only comments would be that the "Request access" button is not necessary for dataset owners. That is in pic 1 for example the dataset owners cannot request access to the database (although it might be argued that they request access for a consumption role; so I am not sure what to think) Same applies for list datasets, when we list datasets we get the list of datasets that we already have access to, which means that the button is uncessary

dlpzx avatar May 13 '24 06:05 dlpzx

@dlpzx originally the "lock" icon was available for everybody, owners as well. I think thats because of the consumption roles or groups, e.g. UserA is in groups A and B, group A is the owner if dataset, but B has no access to it. So, User A may want to request access for group B.

SofiaSazonova avatar May 13 '24 13:05 SofiaSazonova