Research/AuditingSharingRound1

Not logged in - Log In / Register

Auditing Sharing - Round 1

1. http://people.canonical.com/~curtis/audit/audit-3-portlet-with-checkboxes.png

2.http://people.canonical.com/~curtis/audit/audit-1-inline-with-checkboxes.png

3. http://people.canonical.com/~curtis/audit/audit-4-inline-with-links.png

4. http://people.canonical.com/~curtis/audit/audit-2-inline-with-links.png

Changes/recommendations are presented thematically, as mock-ups were looked at interchangeably during this round, due to the naturalistic nature of the tests.

New terminology

The majority of the users for these tests (4/5) had not been involved with testing of, or seen the Sharing Main Page before, so there was general confusion about new terminology, especially regarding information types. Some comments:

“We usually care about bugs, milestones, PPAs - Embargoed security, User Data, Proprietary - these aren't mapping to anything for me right now.”

“They're [information types] not terms that we use. I don't know what they're referring to in this context.”

“I don’t really understand what Audit Sharing means. I would never use the terminology 'Audit Sharing'.”

“Descriptions of info types would be useful/helpful.”

Some

‘Some’ was not understood, and the functionality that ‘Some’ offers was unclear to users. Comments:

“There are usually some bugs I want to share with some people from outside the company. Maybe just 3 or 4 bugs. From this page I don't know if I'm able to do that.”

“What is some? Can I define what is included in some?”

Main concept well understood

All users understood that this was a page to filter/edit/change levels of access for a project.

User comments:

“This is for me to set up the security for different people, individual people and group people. Can also see the level of sharing and information type.”

“You can segregate the access to the data, you can see what can be accessed.”

“I understand it is for configuring the granularity of the control.”

User comments point to cosmetic changes

As well as being new to the project, users were not able to engage fully with the functionality of this feature due to the nature of the mock-ups (being flat). A number of user comments were based on personal preferences for layout style/type rather than being backed up with reasons relating to improved user experience or better functionality. These kind of comments are not especially useful, however they are enough to tell us that there wasn’t a uniform agreement on the page layout/design.

The summary box

As with previous rounds, the summary box was largely ignored when it was featured on the right-hand side. Users just don’t seem to see it here, unless it is mentioned in a direct question. Comments from this round included (after a prompt question):

‘I don't think I'd really care about the summary information.’ ‘No I did not pay much attention - I didn't even notice this.’

There was also a general lack of understanding of how the summary info would be useful/usable:

‘I'm not really sure what the summary is telling me or how I'd use it.’

One user thought it may be useful as a guide for the new feature:

“Yes, it's good to have this information, especially when new to this interface”

In it’s current form, it’s not really clear how/why you’d use the information presented in the summary.

Positioning of summary box

Check boxes v buttons

It was hard for users to weigh up the two options here, as it wasn’t clear how the buttons would work from the flat mock-up. Users didn’t have a strong preference either way, with a slight split in favour of the buttons. Some comments:

“I think better, a more dynamic display. Easier to use in this way, from a usability point of view, I prefer this to the check boxes.”

User comments - rough notes

User comments

JAMIE

1. What does this look like to you?

- To identify who can have what kind of access in Lp - Talking about Auditing…

- Some - What is some? - Can I define what is included in some? - I can add or delete people from this page - 27 users - for this specific project

2. User likes 2nd one better – decision made on visual/personal preference

KENT

1. - What can you see? What do you think you can do?

-This is for me to set up the security for different people -Individual people and group people -Can also see the level of sharing and information type -The square to the right - looks like the specific data for security setting.

Is there something missing here?

-There are usually some bugs I want to share with some people from outside the company. Maybe just 3 or 4 bugs. -From this page I don't know if I'm able to do that.

What do you think you would be able to do?

-I think I could share with someone the item that I could share the whole project with someone, to add someone to the project. -Sharing information - I don't know what it means right now. - -/+ red/green - for adding/deleting people - Understood that 'Via' meant that the people belonged to the group above.

2. Does this layout work better for you? Is it clearer?

- It's almost the same, apart from the static data. I like the first one.

3. How do you feel about it being displayed in this way?

-I think the table will change, depending on what information type I click on -Same for level of sharing - 'If I select all, it will only show the people with access to, eg: All information.'

4. How do you feel about this one? - I liked the 3rd one. - He prefers the summary info in the square box.

How would you use the summary information?

-I don't think I'd really care about the summary information.

-I only care about the people who is sharing with what, what kind of security level is the information that is most useful to me.

MIKE McGUIRE

1.

Talk me through what you're seeing?

- What I think I'm seeing is who has access to this process

What are the kind of things you need to do in terms of auditing?

- We need easy ways to figure out who has access to information, bug levels, security, which groups have membership, who would have access. - Projects we create for external customers, we had OEM - We usually care about bugs, milestones, PPAs - Embargoed security, User data, proprietary - these aren't mapping to anything for me right now.

Are these terms new to you? Or are they just not terms that you use?

-They're not terms that we use. I don't know what they're referring to in this context.

So how would you share information? What would you call your categories?

-Bugs, Bug data, Milestone data, Project team information. Whether we're exposing who has membership to the Launchpad project. -The other aspect would be PPAs, whether they're private or not.

Summary box - Is this useful?

-The summary is good. -I don't know what I'm sharing with those 20 users.

2.

They're fairly similar to me, I think I like this one slightly better, I'm not sure why.

3.

-I like the presentation of this

- User not sure how this would work. Not as clear as the check-box, however this may be resolved when users are able to click on this in a working prototype. - Seems like a better use of real estate.

4.

User was looking at all mock-ups at this point, on different tabs, comparing designs.

-Having flipped through all of them - the 3rd mock-up feels the most intuitive to me. -It's like thread assessment - what information are we sharing outside of Canonical. It's important to see who can see this outside of Canonical.

How do you do this at the moment?

-99% of it is handled through the set-up - bugs, PPA set to private, working with the infrastructure team to make this happen. -But there's no easy way to see what is exposed. There's no encapsulated audit report that says what's being shared.

SAMIR METHIA

How do you manage security at the moment?

-Uses Cellsforce and Projector, not Lp. Consultants use Lp to use some parts of their developments.

1. What do you think this page will let you do?

-You can segregate the access to the data -You can see what can be accessed

- Right-hand panel - Would this summary be useful to you?

Yes, it's good to have this information, especially when new to this interface

-Descriptions of info types would be useful/helpful

How would you use the table? - You can set up by user, the appropriate level of security

2. What do you think is better?

This one is better, it looks more straightforward - in the line of sight, natural line of reading. This way is always better for me.

What do you think of the check boxes?

3. Would you prefer a check box or a more dynamic display like the buttons?

I think better, a more dynamic display. Easier to use in this way, from a usability point of view, I prefer this to the check boxes.

4. This is the best mixture out of the mock-ups.

ALEX

1.

- Something that would allow me to control what I want to share for different users - So I can select which kind of information and the level of sharing for different users.

Summary panel - useful or unnecessary?

No I did not pay much attention - I didn't even notice this.

2.

- This is better. I would ignore it [Summary info] for now, but maybe use it later

- Does not understand 'embargoed information'

- I'm not really sure what the summary is telling me or how I'd use it

What kind of things do you need to do, in terms of auditing?

- I don’t really understand what Audit sharing means

- I would never use the terminology 'audit sharing' - I understand it is for configuring the granularity of the control

- What phrase would you use instead: permissions control, or access permissions control.

3- Tick boxes work fine

4 - Prefer to have the tick boxes and the summary in the middle

Background questions

Issue we normally have - multiple parties working on a project - Canonical and OEM teams have full access, but 3rd parties have limited access. They should only be able to access the bugs for which they are involved. they should not be able to see everything else.

Right now we're not making them team members, but we are subscribing them to the bug. Not sure that adding something else would allow us to group the bugs.

Research/AuditingSharingRound1 (last edited 2012-04-03 15:20:05 by danhg)