Permission enforcement

Role permissions and their impact on accessing specific Iterable features

Permissions in Iterable

Iterable organizations can create custom roles with any combination of ~16 permissions. These permissions are granted to members on an individual basis, allowing them access to certain capabilities within Iterable. For example, only those with the View catalogs permission can view the catalogs page, and only those with the Create & manage catalogs permission can create and modify catalogs.

 

When we’re designing, we should review the set of permissions to make sure we aren’t accidentally granting access to capabilities certain members shouldn’t otherwise have, and we need to make sure that we’re blocking access in a consistent, friendly manner.

 

Iterable’s docs contain information about the complete set of permissions. The #project-rbac Slack channel can help with permission-related questions.

 

 

Enforcing certain actions

If an action or other interactive element is not allowed within an otherwise accessible page, prefer to disable the element with an explanatory tooltip. The tooltip should note the specific permissions that are required to complete the action, and that the permissions can be changed by an admin.

Figure 1

Figure 2

Figure 3

Figure 4

Enforcing visibility of a specific on-page content (usually PII)

If content is not viewable on an otherwise accessible page, prefer to indicate that the content is there, but not accessible, rather than removing it completely. Like a tooltip, descriptive text should note the specific permissions that are required to complete the action, and that the permissions can be changed by an admin.

Figure 5

Enforcing page-specific access

If some, but not all pages are inaccessible within a navigation menu due to a lack of permissions, we can remove their respective links.

Figure 6

Figure 7

Enforcing area-specific access

If a member does not have access to any page within a nav dropdown, we can simply remove the entire dropdown. As an example, if a member is lacking the View workflows, campaigns, and experiments permission, it would be frustrating to expand the Messaging section and see an entire grouping of links that are disabled (Workflows, Campaigns, Experiments). Instead, we can remove the Messaging nav item altogether.

Figure 8