Task - RBAC AuthZ - M2.6 View the audit detail for a specific user

[jacobo-dominguez-wgu]

Description

As a platform member with console access, I want to open a user's detail view from the Team Members table, so I can see all role assignments for that user in one place.

Path to the page: /admin-console/authz/user/:username

Acceptance criteria

• The role assignments shown in the user audit view are limited to the scopes the viewing user has access to. A viewing user with global permissions sees all assignments. A viewing user with access to only one scope sees only the assignments related to that scope.
• Each row in the Team Members table has an eye icon in the Actions column. Selecting it opens the user audit view.
• The user audit view shows a breadcrumb: "Roles and Permissions Management > [User name]."
• Selecting the first breadcrumb element returns to the Team Members table.
• The view shows the audited user's name and email above the table.
• The table in this view has the following columns: Role, Organization, Scope, (unnamed accordion column), Actions.
• Each row represents one role assignment for that user.
• Rows corresponding to Super Admin or Global Staff assignments are visually highlighted with a distinct row color.
• The table can be filtered by Organization and Role. No Scope filter in this view.
• The unnamed column contains a "View All Permissions" control. Selecting it expands an accordion showing all permissions associated with that role, grouped by category. Each permission group has an info icon with a tooltip explaining what that group covers. Opening one accordion closes the previously open one.
• The Actions column shows a trash icon to remove that role assignment, if the viewing user has manage_course_team or manage_library_team on the relevant scope.
• If the viewing user is looking at their own admin assignment, the trash icon is grayed out. Hovering or clicking it shows a tooltip explaining that an admin cannot remove their own admin role assignment.
• Super Admin and Global Staff entries show a different icon instead of the trash (icon TBD). Hovering or clicking it shows a tooltip explaining that these roles are managed via Django, with a link to documentation.
• The table is paginated with 10 rows per page, with previous/next arrows and a page selector using the Paragon reduce variant.
• Role, Organization, and Scope columns can be sorted A to Z and Z to A.

Permission group tooltips

Course roles

Course access & content

• View course: See the course in the Studio home and access the course outline in read-only mode. Includes the "View Live" option to preview the course as a learner in the LMS.
• Create course: Create a new course in Studio.
• Edit course content: Edit the course outline, units, and components.
• Publish course content: Make course content visible to learners.

Library updates

• Manage library updates: Accept or reject pending updates from content libraries linked to this course.

Course updates & handouts

• View course updates: See course announcements and handouts visible to learners.
• Manage course updates: Create, edit, and delete course announcements and handouts.

Pages & Resources

• View pages & resources: See the Pages & Resources section in Studio.
• Manage pages & resources: Enable or disable course features such as Discussions, the Wiki, Notes, Calculator, and Live. Create and edit Textbooks and Custom pages, and manage their configurations.

Files

• View files: See the list of files and assets uploaded to the course.
• Create files: Upload new files and assets to the course.
• Edit files: Perform non-destructive actions on files, such as locking or unlocking them.
• Delete files: Permanently remove files and assets from the course.

Schedule & details

• View schedule: See the course start and end dates, enrollment dates, and pacing settings.
• Edit schedule: Update course start and end dates, enrollment dates, and pacing settings.
• View course details: See course information including the course summary, pacing, and prerequisites.
• Edit course details: Update course information including the course summary, pacing, and prerequisites.

Grading

• View grading settings: See the grading configuration for the course, including assignment types and grading scale.
• Edit grading settings: Update the grading configuration for the course, including assignment types and grading scale.

Course team & groups

• View course team: See the list of users with a role assigned to this course.
• Manage course team: Add, change, or remove role assignments for this course from the Roles and Permissions console.
• Manage group configurations: Create and manage content groups used to target course content to specific learners.

Tags & taxonomies

• Manage tags: Create, edit, and delete tags on this course.
• Manage taxonomies: Create, edit, and delete taxonomies used to organize course content.

Advanced & certificates

• Manage advanced settings: Access and edit the Advanced Settings page in Studio. This covers a wide range of technical course configurations, including proctoring, timed exams, LTI tools, enrollment limits, and custom display options.
• Manage certificates: Create and edit course certificates, including certificate design and eligibility settings.

Import / export

• Import course: Import course content from a file. This is a high-privilege action that can overwrite most course content and settings.
• Export course: Download the course content as a file for backup or reuse in another platform.
• Export tags: Download the tag data associated with this course.

Other

• View checklists: See the course launch checklist in Studio.
• View global staff & super admins: See the list of users with platform-wide roles such as Global Staff and Super Admin.

Library roles

Library

• View: See the library in Studio and access its content in read-only mode.
• Manage tag: Create, edit, and delete tags on this library.
• Publish: Publish the library to make it available for use in courses.

Content

• Create: Create new content items in the library.
• Edit: Edit existing content items in the library.
• Delete: Permanently remove content items from the library.
• Publish: Publish individual content items to make them available for reuse in courses.
• Reuse: Add published content from this library to a course.
• Import Content from Course: Import content from an existing course into this library.

Team

• View: See the list of users with a role assigned to this library.
• Manage: Add, change, or remove role assignments for this library from the Roles and Permissions console.

Collections

• Create: Create new collections to organize content within the library.
• Edit: Update the name and contents of existing collections.
• Delete: Permanently remove collections from the library.

Test cases

Setup

• The platform has 2 organizations: Organization 1 and Organization 2.
• Viewing User A has permissions across both organizations (global scope).
• Viewing User B has permissions on Organization 1 only.
• Audited User has role assignments in both Organization 1 and Organization 2.
• Audited User C is Super Admin.
• Audited User D has only one role assignment.
• The logged-in user is Course Admin in Course 1 (Organization 1).

Scenarios

1. Viewing user with global scope sees all assignments
   Given: I am logged in as Viewing User A
   When: I open the audit view for Audited User
   Then: I see assignments from both Organization 1 and Organization 2

2. Viewing user with limited scope sees only relevant assignments
   Given: I am logged in as Viewing User B
   When: I open the audit view for Audited User
   Then: I see only assignments from Organization 1

3. Breadcrumb navigates back correctly
   Given: I am on the user audit view
   Then: the breadcrumb shows "Roles and Permissions Management > [User name]"
   When: I click "Roles and Permissions Management"
   Then: I return to the Team Members table

4. Super Admin row is visually highlighted
   Given: I open the audit view for Audited User C
   Then: their row is displayed with a distinct row color

5. View All Permissions expands the accordion
   Given: I am on the user audit view
   When: I click "View All Permissions" on a row
   Then: the accordion expands showing all permissions grouped by category
   And: each permission group shows an info icon with a tooltip describing the permissions it includes

6. Opening a second accordion closes the first
   Given: I have one accordion open
   When: I click "View All Permissions" on a different row
   Then: the first accordion closes and the new one opens

7. Trash icon visible when I have the right permissions
   Given: I am Course Admin in Course 1
   When: I view a Course Staff assignment for Course 1
   Then: I see a trash icon in the Actions column

8. Trash icon grayed out for my own admin assignment
   Given: I am viewing my own audit page
   When: I look at my Course Admin assignment for Course 1
   Then: the trash icon is grayed out
   When: I hover or click it
   Then: a tooltip reads "You can't remove your own admin role. This prevents a resource from being left without an admin. Another user with the required permissions can revoke it."

9. Super Admin and Global Staff show a different icon
   Given: Audited User C has a Super Admin assignment
   When: I view that row
   Then: I see a non-trash icon (icon TBD)
   When: I hover or click it
   Then: a tooltip reads "This role is managed at the platform level and cannot be changed from here. To modify it, go to Django Admin."

10. Removing a role with remaining assignments updates the table
    Given: Audited User has more than one role assignment
    When: I click the trash icon
    Then: a confirmation modal appears
    When: I confirm
    Then: the role is removed, a success toast appears, and the table updates

11. Removing the last role assignment redirects to Team Members
    Given: Audited User D has only one role assignment
    When: I click the trash icon and confirm
    Then: the role is removed, a success toast appears, and I am redirected to the Team Members table

12. Error during removal shows error toast
    Given: I confirm a role removal
    When: the removal fails
    Then: an error toast appears and the role assignment remains in the table

13. Columns can be sorted A to Z and Z to A
    Given: I am on the user audit view
    When: I click a sortable column header once
    Then: the table sorts A to Z by that column
    When: I click it again
    Then: the table sorts Z to A

14. Pagination controls work correctly
    Given: the audited user has more than 10 role assignments
    Then: I see previous and next arrows
    And: I see a page selector using the Paragon reduce variant
    When: I click the next arrow
    Then: the next page of results is shown

Design

https://www.figma.com/design/onU2END2OXaF7RRLWEHsZI/AuthZ---v2?node-id=7639-19469&t=FLJ7Zz9Qhu9MtJVZ-4

Out of scope

• API error handling for 401, 403, 404 is handled at the platform level.

Notes

• The icon for Super Admin and Global Staff entries in the Actions column is still TBD.
• The "can't remove own admin" rule is intentional to prevent resources from becoming ownerless.