All ideas are welcome. Just because the Idea doesn't make it into the product immediately does not make it a bad idea.
I will start with this concrete example but I suspect there are other similar scenarios we need to address. In fact as I look at the the same risk would apply to the remove users button. I will also say that over all I like how security is configured in DSP.
Yesterday I was trying to grant myself access to migrate in the demo instance and once I arrived at the role user page I instinctively clicked "Add User" expecting to then select my name from a list and then save my change. I immediately realized that is not how 6.x works and that I may have just added Administrator as a role user, but since this was not a instance I work in regularly I really did not know if Administrator was already a member or if my accidental add was the cause of an undesirable permission elevation.
The issue here is due to a combination of several factors.
1. By default the first record in the set is selected when the page loads
2. There is no distinction between a direct action button or a navigation button. This is actually a broader issue I think we need to address and I will be adding a feature request.
3. The behavior of the add button in the security pages of our prior versions of software would have refreshed the page with an added a list box where you would choose the next single user to add to the list. While this is an improvement, long time users will likely be surprised by the new behavior the first few times.
There are several possible solutions.
1. Is it possible to not select any records when the page loads?
2. While I for the most part think we need less Pre and Post Validation alerts. This may be a perfect place for pre event validation. eg.
"Are you Sure you want to add:
<USERNAMES>
To the <ROLE NAME> Role"
I see no need for a post load message as the updated list should be a sufficient indicator.
Jeremiah Gilmore
