In IBM Connections one of the most used options is Activities. A great way to manage and organize information and to do’s around a common task. Especially when using in combination with the Kudos Boards Add-in from ISW which makes it one of the strongest and most used features of IBM Connections (yep a shameless plug, but seriously, it IS the best Add-in for IBM Connections and if your organization isn’t using it you should definitely take a look at it) .
However, Activities also has it’s challenges…
Working for a customer on creating some documentation I found the following.
In Community Activities you have the option to limit what community members can do and you can even assign specific rights to specific community members. Great! But…
Looking at the interface of the Add Members page I got confused. The option allows you to select specific users and give them either the Owner, Author or Reader role. Below that is an option to specify that other community members should have Read access.
Clear, right? So my assumption is that if I DON’T tick that box only the members I selected will see the activity and all others will not as I didn’t tell the system to make them readers. And this seems confirmed by the resulting security overview when I save my changes as that does not list the members, only the community owners (who are managers regardless).
Do I change it and tick the box, the members will explicitly be listed as readers.
So logically I would assume that the situation in these two cases is different and that the members don’t have read access in the first and DO have read access in the second case.
Well yes, I get your assumption… but… What if the community is a public or moderated community?
where logic and usability sometimes clash
And here is where the confusion comes in. As this activity is in a public community the activity is automatically public too and therefore visible to all. The tick box in those cases has no meaning at all and all members (in fact everyone) can see the activity and everything in it regardless of that setting. This isn’t however mentioned on the Members page of the activity itself and that is where I (and other users I asked) got confused. You have to realize that because the community is public, the security on the activity is different from what is implied in the activity itself.
If the activity is part of a restricted community the security works as implied and additional members won’t have access unless specifically assigned with that tick box.
So yes. Technically there is nothing wrong and all is working as designed. But from a logic and usability point of view I think this isn’t just wrong, it’s potentially dangerous. As people will not realize it and might be thinking access is restricted while it is not.The reason for this is that the expectation of most users is that explicit security options (like that tick box giving you the option to assign or not assign reader rights to community members) generally overrules implicit rules (like the fact that the community is public and therefore the activity is too).
The solution is simple… In Public and Moderated communities IBM Connections shouldn’t be showing that option to give all community members reader access when setting specific rights and instead should include a line stating something like: “Based on the security of the community (public) all users will have read access to this activity”.
So now you know if you ever get questions about this and hopefully it will get fixed in a next release.
I submitted this to the IBM Connections suggestions box. Please help vote for this to be fixed.