How to explain the authorisation of the system to users

The problem I currently have is: users do not understand the authorisation of the system well (i.e. what a user can do in the system depending on his roles and other things, not to be confused with authentication).

The situation:

We are developing a business system, and the business requirements towards authorisation are unfortunately rather complex.

Now, users often are confused at why they cannot see a certain object another colleague sent them, or why they cannot edit certain objects. They often ask us to tell them the roles that they currently have, but that actually doesn't really make it understandable for them. Then they want to know what roles in what configuration they would need for XYZ.

The authorisation works as follows:
Users request a role in a central role management system according to their process roles. During the request, they additionally have to select certain attributes for the role which denotes for which parts they are actually working in that role.
Our system then maps their roles to rights. Additionally, these rights may have conditions on the attributes the users selected for their role.

My request therefore:

Does anyone have examples or ideas of how it could be made more transparent to the user, so that they

understand why a certain action is restricted to them
know what roles in what configuration they would need to enable them to do what they wanted to.

Tags: UX Stack Exchange

How to explain the authorisation of the system to users

UX in 2018: The human element

Three Takeaways from the Hawai’i Missile False Alarm

UX in 2018: Content

UX in 2018: Design, Development, and Accessibility

The Power and Danger of Persuasive Design

How to explain the authorisation of the system to users

Related Posts