Membership page does not show what a role can do

[benjaminapetersen]

Related to a recent bug, but if I create a role deleteservices, I can't actually see the rules for this role. So if the role name was not so obvious, it would be very difficult to know how to assign the role to users in the system.

@jwforres @spadgett

[spadgett]

cc @openshift/team-ux-review

We've talked some about updating the membership page design. This seems like it would be part of that.

Note that role descriptions are verbose. Here is an example from the CLI:

$ oc describe clusterroles edit
Name:								edit
Created:							17 hours ago
Labels:								<none>
Annotations:							openshift.io/description=A user that can create and edit most objects in a project, but can not update the project's membership.
								openshift.io/reconcile-protect=false
Verbs								Non-Resource URLs	Resource Names	API Groups			Resources
[create delete deletecollection get list patch update watch]	[]			[]		[]				[pods pods/attach pods/exec pods/portforward pods/proxy]
[create delete deletecollection get list patch update watch]	[]			[]		[]				[configmaps endpoints persistentvolumeclaims replicationcontrollers replicationcontrollers/scale secrets serviceaccounts services services/proxy]
[get list watch]						[]			[]		[]				[bindings events limitranges namespaces namespaces/status pods/log pods/status replicationcontrollers/status resourcequotas resourcequotas/status]
[impersonate]							[]			[]		[]				[serviceaccounts]
[create delete deletecollection get list patch update watch]	[]			[]		[autoscaling]			[horizontalpodautoscalers]
[create delete deletecollection get list patch update watch]	[]			[]		[batch]				[cronjobs jobs]
[create delete deletecollection get list patch update watch]	[]			[]		[apps extensions]		[deployments deployments/rollback deployments/scale replicasets replicasets/scale replicationcontrollers/scale]
[get list watch]						[]			[]		[apps extensions]		[daemonsets]
[create delete deletecollection get list patch update watch]	[]			[]		[apps]				[deployments deployments/scale deployments/status statefulsets]
[create delete deletecollection get list patch update watch]	[]			[]		[ build.openshift.io]		[buildconfigs buildconfigs/webhooks builds]
[get list watch]						[]			[]		[ build.openshift.io]		[builds/log]
[create]							[]			[]		[ build.openshift.io]		[buildconfigs/instantiate buildconfigs/instantiatebinary builds/clone]
[update]							[]			[]		[ build.openshift.io]		[builds/details]
[edit view]							[]			[]		[build.openshift.io]		[jenkins]
[create delete deletecollection get list patch update watch]	[]			[]		[ apps.openshift.io]		[deploymentconfigs deploymentconfigs/scale]
[create]							[]			[]		[ apps.openshift.io]		[deploymentconfigrollbacks deploymentconfigs/instantiate deploymentconfigs/rollback]
[get list watch]						[]			[]		[ apps.openshift.io]		[deploymentconfigs/log deploymentconfigs/status]
[create delete deletecollection get list patch update watch]	[]			[]		[ image.openshift.io]		[imagestreamimages imagestreammappings imagestreams imagestreams/secrets imagestreamtags]
[get list watch]						[]			[]		[ image.openshift.io]		[imagestreams/status]
[get update]							[]			[]		[ image.openshift.io]		[imagestreams/layers]
[create]							[]			[]		[ image.openshift.io]		[imagestreamimports]
[get]								[]			[]		[ project.openshift.io]		[projects]
[get list watch]						[]			[]		[ quota.openshift.io]		[appliedclusterresourcequotas]
[create delete deletecollection get list patch update watch]	[]			[]		[ route.openshift.io]		[routes]
[create]							[]			[]		[ route.openshift.io]		[routes/custom-host]
[get list watch]						[]			[]		[ route.openshift.io]		[routes/status]
[create delete deletecollection get list patch update watch]	[]			[]		[ template.openshift.io]	[processedtemplates templateconfigs templateinstances templates]
[create delete deletecollection get list patch update watch]	[]			[]		[extensions networking.k8s.io]	[networkpolicies]
[create delete deletecollection get list patch update watch]	[]			[]		[ build.openshift.io]		[buildlogs]
[get list watch]						[]			[]		[]				[resourcequotausages]

[benjaminapetersen]

@sg00dwin do you know what happened to your original issue re:membership? Might be handy to ref here

[sg00dwin]

@benjaminapetersen

the original issue #1219
some exploratory wireframes... #1219 (comment)

And the last updates made to the membership page to prevent breakage #2344

[serenamarie125]

FYI we have a design story around this that @cshinn will be working on

[cshinn]

@benjaminapetersen @spadgett
Here is a proposal for restructuring the membership page to bring it more in line with other pages that already exist and enable users to see detailed information about roles. Let me know if anything needs clarification or would provide implementation difficulties and I'll be happy to update these.

https://redhat.invisionapp.com/share/VTFNTEHZ2CU#/277164988_membership_1

[benjaminapetersen]

Great, thx @cshinn!
Left a handful of comments. My main concern is the potential for being overwhelmed by a sea of checkmarks. If I have a handful of custom roles that are subtly different, it leaves a lot on me to parse out the pages & digest which role I actually want. I wonder if we can reduce that mental work for the user with more of a "list what's true" approach? Just throwing that out there.