Description
As a platform member with the right permissions, I want to assign a role to one or more users across one or more scopes, so I can grant access without leaving the console.
Path to the page: /admin-console/authz/assign-role
Acceptance criteria
General
- The "Assign Role" CTA is always visible in the console, both in the Team Members tab and in the Roles and Permissions tab.
- When accessing the wizard from the user audit view, the user input in Step 1 is pre-populated with that user.
- The wizard has a breadcrumb that exits the flow and returns to the previous view at any point.
- A Cancel button is available at the bottom of both steps. Clicking it returns to the previous view.
Step 1 — Who and Role
- Step 1 is titled "Who and Role."
- There is a text input to add one or more usernames or emails, separated by commas.
- Users must have an existing account. If any user in the batch does not exist, the input shows an error in red for the invalid entries and the flow is blocked until all entries are valid.
- Below the input there is a role selector using radio buttons. Only one role can be selected at a time. Selecting a new role deselects the previous one.
- Roles are grouped by courses and libraries. A user only sees the groups they have permissions to assign. If they have no library scopes, they do not see libraries. If they have no course scopes, they do not see courses.
- Course Editor and Course Auditor are grayed out and not selectable.
- There is a link to documentation for roles not available in the list.
- Clicking Next validates the users. If all users exist, the wizard moves to Step 2. If any do not exist, the flow is blocked.
Step 2 — Where It Applies
- Step 2 is titled "Where It Applies."
- There is a search bar to search scopes by name.
- Next to the search bar there is an Organization filter with the same behavior as in M2.5.
- Scopes are organized by organization, with a header showing the organization name.
- Each scope item has a checkbox. Multiple scopes can be selected.
- Users with
manage_course_team at the organization level see an additional option "All courses in this organization" at the top of that organization's section.
- Users with
manage_library_team at the organization level see an equivalent "All libraries in this organization" option.
- Users with platform-wide permissions see equivalent global scope options.
- Users without these higher-scope permissions do not see these options.
- The scope list uses infinite scroll.
- Selections are preserved when the user searches or filters. Selections are not preserved when scrolling.
- Clicking Save shows a loading state while the request is in flight.
- On success, a toast appears and the user is redirected to the previous view.
- On error, the existing error toast logic is reused. The user remains in Step 2 to retry.
Test cases
Setup
- User A has
manage_course_team on at least one scope.
- User B has
manage_library_team on at least one scope.
- User C has both
manage_course_team and manage_library_team.
- User D has
manage_course_team on Organization 1 only.
- User E has
manage_course_team platform-wide.
- Existing User is a registered platform user.
- Nonexistent User has no platform account.
Scenarios
-
CTA is always visible in the console
Given: I am on the Team Members tab or the Roles and Permissions tab
Then: I see the Assign Role CTA
-
Wizard opens with user pre-populated from audit view
Given: I am on the user audit view for Existing User
When: I click Assign Role
Then: the wizard opens with Existing User pre-populated in the user input
-
Breadcrumb exits the flow at any point
Given: I am anywhere in the wizard
When: I click the breadcrumb
Then: I return to the view I came from
-
Cancel returns to the previous view from Step 1
Given: I am on Step 1
When: I click Cancel
Then: I return to the view I came from with no changes
-
Cancel returns to the previous view from Step 2
Given: I am on Step 2
When: I click Cancel
Then: I return to the view I came from with no changes
-
User A only sees course roles
Given: I am logged in as User A
When: I open the wizard
Then: I see only course roles in the role selector
-
User B only sees library roles
Given: I am logged in as User B
When: I open the wizard
Then: I see only library roles in the role selector
-
User C sees both course and library roles
Given: I am logged in as User C
When: I open the wizard
Then: I see both course and library roles in the role selector
-
Selecting a role deselects the previous one
Given: I have selected a role
When: I select a different role
Then: the previous role is deselected
And: only the new role is selected
-
All users in the batch must exist to proceed
Given: I have entered Existing User and Nonexistent User in the input
When: I click Next
Then: the input shows an error in red for Nonexistent User
And: the flow is blocked
-
All users valid, proceed to Step 2
Given: I have entered only valid users and selected a role
When: I click Next
Then: the wizard moves to Step 2
-
Scopes are organized by organization
Given: I am on Step 2
Then: I see scopes grouped under organization headers
-
User D sees "All courses in Organization 1" option
Given: I am logged in as User D
When: I open Step 2 after selecting a course role
Then: I see "All courses in this organization" at the top of Organization 1's section
-
User E sees a global scope option
Given: I am logged in as User E
When: I open Step 2
Then: I see a global scope option for all courses
-
Multiple scopes can be selected
Given: I am on Step 2
When: I select multiple scope checkboxes
Then: all selected scopes remain checked
-
Selections are preserved after searching
Given: I have selected a scope
When: I type in the search bar
Then: my previous selection remains checked in the results
-
Save shows loading state and redirects on success
Given: I have selected one or more scopes
When: I click Save
Then: the Save button shows a loading state
And: on success a toast appears confirming the assignment
And: I am redirected to the previous view
-
Save shows error toast on failure and keeps me in Step 2
Given: I have selected one or more scopes
When: I click Save and the request fails
Then: an error toast appears
And: I remain on Step 2
Design
https://www.figma.com/design/onU2END2OXaF7RRLWEHsZI/AuthZ---v2?node-id=7639-19185&t=FLJ7Zz9Qhu9MtJVZ-4
Out of scope
- Error toast copy and logic reuses existing implementation. No new toast patterns are introduced.
Notes
- Course Editor and Course Auditor are not available in this version. They appear grayed out in the role selector.
Description
As a platform member with the right permissions, I want to assign a role to one or more users across one or more scopes, so I can grant access without leaving the console.
Path to the page: /admin-console/authz/assign-role
Acceptance criteria
General
Step 1 — Who and Role
Step 2 — Where It Applies
manage_course_teamat the organization level see an additional option "All courses in this organization" at the top of that organization's section.manage_library_teamat the organization level see an equivalent "All libraries in this organization" option.Test cases
Setup
manage_course_teamon at least one scope.manage_library_teamon at least one scope.manage_course_teamandmanage_library_team.manage_course_teamon Organization 1 only.manage_course_teamplatform-wide.Scenarios
CTA is always visible in the console
Given: I am on the Team Members tab or the Roles and Permissions tab
Then: I see the Assign Role CTA
Wizard opens with user pre-populated from audit view
Given: I am on the user audit view for Existing User
When: I click Assign Role
Then: the wizard opens with Existing User pre-populated in the user input
Breadcrumb exits the flow at any point
Given: I am anywhere in the wizard
When: I click the breadcrumb
Then: I return to the view I came from
Cancel returns to the previous view from Step 1
Given: I am on Step 1
When: I click Cancel
Then: I return to the view I came from with no changes
Cancel returns to the previous view from Step 2
Given: I am on Step 2
When: I click Cancel
Then: I return to the view I came from with no changes
User A only sees course roles
Given: I am logged in as User A
When: I open the wizard
Then: I see only course roles in the role selector
User B only sees library roles
Given: I am logged in as User B
When: I open the wizard
Then: I see only library roles in the role selector
User C sees both course and library roles
Given: I am logged in as User C
When: I open the wizard
Then: I see both course and library roles in the role selector
Selecting a role deselects the previous one
Given: I have selected a role
When: I select a different role
Then: the previous role is deselected
And: only the new role is selected
All users in the batch must exist to proceed
Given: I have entered Existing User and Nonexistent User in the input
When: I click Next
Then: the input shows an error in red for Nonexistent User
And: the flow is blocked
All users valid, proceed to Step 2
Given: I have entered only valid users and selected a role
When: I click Next
Then: the wizard moves to Step 2
Scopes are organized by organization
Given: I am on Step 2
Then: I see scopes grouped under organization headers
User D sees "All courses in Organization 1" option
Given: I am logged in as User D
When: I open Step 2 after selecting a course role
Then: I see "All courses in this organization" at the top of Organization 1's section
User E sees a global scope option
Given: I am logged in as User E
When: I open Step 2
Then: I see a global scope option for all courses
Multiple scopes can be selected
Given: I am on Step 2
When: I select multiple scope checkboxes
Then: all selected scopes remain checked
Selections are preserved after searching
Given: I have selected a scope
When: I type in the search bar
Then: my previous selection remains checked in the results
Save shows loading state and redirects on success
Given: I have selected one or more scopes
When: I click Save
Then: the Save button shows a loading state
And: on success a toast appears confirming the assignment
And: I am redirected to the previous view
Save shows error toast on failure and keeps me in Step 2
Given: I have selected one or more scopes
When: I click Save and the request fails
Then: an error toast appears
And: I remain on Step 2
Design
https://www.figma.com/design/onU2END2OXaF7RRLWEHsZI/AuthZ---v2?node-id=7639-19185&t=FLJ7Zz9Qhu9MtJVZ-4
Out of scope
Notes