11 usability principles for CMS products
Here is an article of interest about CMS usability: 11 usability principles for CMS products, by James Robertson
Lot of great ideas to make Drupal easier to use.
Enjoy.
| Attachment | Size |
|---|---|
| kmc_usabilitycms.pdf | 199.1 KB |
Groups:
Login to post comments
about roles and tasks
Good article, and while Drupal is actually capable of addressing most of these points, it does not do so out of the box, which is probably the greatest struggle a new user goes through. A good example of this are user roles. After a fresh install, drupal comes with three user roles: admin, authenticated user, and anonymous user. The only difference between the authenticated and anonymous user is that the authenticated user can post comments. So the first step is always to create an author role, because even if you're the only one publishing content, you don't want to do that as the super user, because - like the article says - you just have way too many options available at any one time.
Now, the obvious first improvement would be to provide a default author role instead of having to set the permissions for the new role by going through a huge page with hundreds of check boxes for modules that aren't at all related to the role I'm creating. I'm creating an author, so I care about content, not about all the other modules. For each content-type that I'm creating from there on, I'll have to goto the permissions and enable write/edit/delete permissions for both "all" and "own" content. It quickly becomes a nightmare, especially once you have installed a bunch of contributed modules that all add clutter to the permissions screen. Ideally, these permissions should be set in the context of enabling a module or creating a content type. So if I'm creating a new content-type I can tell it right away that authors should be able to create it, and edit and delete their own content, but not others. That should already be the default, because it's the most common scenario.
Regarding the task based approach, this too can be improved. We have a task for "Create Content", which is good. We also have a hierarchical list of tasks for administrators. And, we can also create new tasks for particular roles by adding links to the navigation menu. However, that last step is implicit. All we do is creating a link to a page and it shows up based on permissions. If you really think your site through in terms of tasks that you want your different user roles to perform, why not make it explicit?
There's more to a task than access to a page. A task has a flow attached to it and usually consists of several steps. I can measure a task's success by looking at whether or not it has been completed. A complex task can be done in phases and the user never loses his work. All of these things currently need to be considered by the admin and are achieved by going through a number of configuration steps on different screens in the application. Let's walk through a typical example:
I want a role of author who can create certain content-types. I trust them with some content type, so that content will be published right away. Some other content type is deemed too important to publish without approval, so I need a slightly more complex work flow. Some content can be deleted and edited at will, others should go through a revision. When content of a certain type is created I want to know about it, so I can decide whether or not it should be promoted to front page status. Sounds easy enough, right? Now let's look at the steps involved to make this happen:
Create at least two content types. We could re-use the story, page, or blog types, but they differ in various attributes that I'd all have to consider and change around so that they no longer match their intended purpose, so it's best to start from scratch. For one of them I enable revisions and uncheck "publish", the other keeps the defaults. This is all done in admin/content/types.
Create a new role. Note that we couldn't do that the other way around, because we need to set permissions for all the content types we just created. This is done in admin/user/roles.
Now we need to set permissions in admin/user/permissions. I'll go through the painful process of scanning all the check boxes and check "create content type 1", "edit own content-type 1", "delete own content type 1", "create content type 2", "edit own content-type 2", "delete own content type 2", figure out that for revisions to work with content type 2 I also need to give that role "view revisions" and "revert revisions".
The task flows still aren't complete. In order to get notified for one content type post I need to install the Actions module or a contrib module like Rules. Even though notifications are conceptually part of the workflow, we don't set this up in the workflow section of the content type, but in the module's own Actions interface. How to do this varies based on which module we use.
Are we done yet? Nope, we want a quick way for the author to create these new content types, so we'll go to admin/build/menu-customize/navigation, disable the "create content" menu and move the "create content-type 1" and "create content-type 2" menus a level up. Alas, this menu now looks good for authors, but what about other user roles with access to different content types? Easiest way to deal with it is by leaving them where they are and check the "expand" box for the "create content" parent item. Not quite what I wanted, but at this point I'm ready to make compromises.
We're done, but in order to know that I have to mentally go through all the steps of the task and see if it maps. At this point, I create a new author user and test the flow, because that's really the only way to see if we missed anything.
Now those were two simple content-types, with a single form, and the same publishing rules for all roles. It gets more complex when other users can create the same content type but we want a different work flow. Again, we don't modify the flow directly but implicitly, by making changes to the permissions section and hope that the right fields show up on the form. It gets even more complex when we need flows that span different forms. There's an intricate web of interactions that you influence by a combination of workflow, permissions, and content-types. To get a multi-step task spanning different content types and a single workflow working, it needs some sheer wizardry, or at least a lot of experience.
As an admin, I would like to create a task for a user role, and define the flow and what constitutes a task completion, all in one go. Let me break up a task in steps, measure completeness of each step, and allow the user to pick up where he left off. Make it easy to attach the task to the navigation menu. When I add a new content-type, don't make me go through the same steps all over again. Let me modify the task instead.
Incorrect...
It's hard to weigh the merits of what you are suggesting when the very first example you use is incorrect.
After a fresh install there are currently two roles: authenticated user and anonymous user. There is a patch against Drupal 7 that is attempting to get an admin role included in core ( http://drupal.org/node/182023 ), although it needs some help to get the updates to work with the new database abstraction layer. If you want to suggest another role, you might want to take a look at that patch and open a new issue with a patch for an author role. I don't think it's a bad idea, but given that it's already been about a year and the admin role still hasn't added I wouldn't expect it to happen anytime soon.
Alex Urevick-Ackelsberg
ZivTech: Illuminating Technology
hair splitting
There is an admin role, it's just not explicitly defined as a role, and only applies to the super user. I didn't feel it was necessary to go into that level of detail. The super user has all permissions, and is used in this example as the person setting up everything else. I suggest weighing the merits based on the concept, not semantics.
Not hair splitting
User 1 is not a role (i.e. the rights given to that user cannot be given to any other user), and for just about every single site you'll need an actual admin role, so this is not a case of hair splitting. The fact that there is no admin role by default is, imo, a bad UX and DX problem, and it is, in fact, holding up a number of additional usability improvements.
If you actually look at the roles page it says (emphasis added):
And, again, the fact that you think that this is semantics suggests one should discount whatever else you are saying, because factual inaccuracies are not merely a wording problem. There's no reason that you should continue to defend your statement- just correct it and make your argument again.
--
Alex Urevick-Ackelsberg
ZivTech: Illuminating Technology
Super User is not Role Based
I have to agree here. One of the first steps I have to do when developing any site is to create a new 'admin' or 'developer' role. In fact, there are some contributed modules (TinyMCE comes to mind) in which even the super-user doesn't have certain otherwise role-based
permissionsfunctionality.Aaron Winborn
Drupal Multimedia (book, in October!)
AaronWinborn.com (blog)
Advomatic (work)
And with good reason
It may be that the super user doesn't want this functionality so giving uid == 1 ability by default isn't a good thing.
uid 1 gets everything = bad
I currently have a couple of customer-specific modules where I had to block uid 1 from accessing certain functions because otherwise his/her UI would be to cluttered with menu entries that don't make any sense.
Which is why we should use
Which is why we should use role based Super User. I think two roles are needed, one for Administrator and one for Root. And we simply remove the filter for uid == 1 to allow the normal role based permissions to flow. The creation of uid == 1 would give the user the Root administrator automatically. Then those wishing to change the Super User to some other uid could simply execute the role checkboxes in the user edit interface.
Do we really need/want 2 separate roles?
I would already be very happy if there would be one new role to replace the special uid == 1 in the code. I'm not sure we need 2 extra roles.
If the role "Root" corresponds to the current uid 1 (by default) what would the role "Administrator" mean? What kind of permissions who he get by default (compared to "Root")?
I would question that too.
I would question that too. The number of default roles should be limited to the roles most users would benefit from, and while uid1 is essential, a generic admin role in addition to what uid1 can do is not. If site owners need more than one admin, they probably have very different ideas on how much responsibility these admins get, and we don't really help them a lot by providing defaults. Also, having one role only and calling that admin may not be the best idea, because site owners may want to add a more specific role by that name.
If there are benefits to making uid1 a role (and from what I read here, there are some), the name should be carefully chosen. "Root" would be a poor choice because it is a) too techy, b) confusing, because user may think that refers to the owner of the drupal process (which typically is not root), and c) is really referring to a single user, not a role (try saying "the roots" without squirming).
Either way, I'm not sure how that relates to the article. If we want to limit the number of options available to the user, making that based on roles could simplify the implementation, but I think having a default "author" role is more important.
I suppose HEAD user makes
I suppose HEAD user makes more sense. ;-p
Root, Super User, All Encompassing User, Super Admin, whatever it gets called. Yes, two is needed. One for programmatic control while the Administrator role (http://drupal.org/node/182023) gets set more on a manual basis. The root role would be used more like uid == 1 is now with a difference of being able to have more than one user have that role. This allows us to move that role to some other user and block uid == 1 in the case a site is now maintained by someone else.
Ok
Fine, a default drupal install comes with two user roles and a super user. I thought it was obvious what I meant when I wrote that. I'll remember not to take such liberties again as to not cause public outcry.
But it's good that you brought it up, because the difference does indeed have some implication and should be kept in mind. I suggested the use of roles as a way to filter the options available to the user, so that would likely require a default admin role as well.
I do however take offense in that. I'm not taking the time out of my schedule to share my thoughts and expertise with the drupal community to then be told my suggestions in general should be discounted. You are very welcome to argue any point you disagree with, but a sweeping generalization like that is counterproductive and frankly, insulting.
Insulting?
I'm insulting you by telling you that your opinions will be discounted if you start them off by stating something as a fact that is blatantly wrong? I'm just letting you know that you're not going to be taken seriously if you make false claims and then try to gloss over the corrections to them.
Anyway, I don't mean to get this off track, and I certainly don't want to discourage your participation. My overall point is that we need to put one foot in front of the other when dealing with these issues, and the big issue here is, imo, getting at least an admin role added to Drupal core, if not an admin as well as an "author" or "moderator" role.
Your workflow suggestions are interesting, but how do they relate to Workflow and/or Workflow NG?
--
Alex Urevick-Ackelsberg
ZivTech: Illuminating Technology
It's distracting because the
It's distracting because the distinction isn't necessary when talking about the concept of roles as it relates to the article ("Authors (and site administrators) can easily be overwhelmed by the number of options, increasing the learning time and creating serious usability problems."). That the super user isn't a role but a special user type doesn't matter in this context if you don't want multiple administrators.
There are also arguments against shipping with a default admin role, and I'm not sure where I stand on this issue. A default author role however seems to be needed, because while one can run a small site without creating an admin role, an author role is always beneficial. Even if you're the only one creating content, just being able to limit the number of options available to you is important.
As to how it relates to Workflow and Workflow NG (I brought up Rules instead as the D6 equivalent), Workflow is associated with a node for a particular content-type, and Rules (I'm not familiar with Workflow NG) are quite versatile in that they can affect multiple content-types, but are configured on a separate screen. In an explicit task model the options should be accessible in the context of creating a task.
The point is that Drupal has some basic tasks at a granular level (create content, add user), but doesn't make it easy to make my own because of the intricate relationships between nodes, content-type, permissions, and workflow options that I have to manipulate in different parts of the application. That's mainly because it wasn't designed to be used like that, but the author of the article makes a good argument that users like to think in terms of tasks. If as an admin, I want to allow authors to create content of various types with different workflows associated with them, I have to break this down into many sub tasks that are not very obviously linked to each other.
As to breaking this down into manageable steps, these are just some observations and by no means a plan of action. It appears that some of the difficulties are down to fundamental architectural issues over which we as UX people have very little influence, so putting some of the author's suggestions into practice would involve hacking around the constraints, which is typically what happens when UX isn't seriously taken into consideration until after the product is already out.