Support documentation
Access Control
Global permission levels:
-
Super admin
- The first user to sign up for a particular company will be given the admin and super admin permission.
- A Super admin has the ability to give and remove the admin permission from Users
- It can be assumed that a super admin will also have the Admin permission
- A Super admin can transfer their Super admin permissions to another User.
-
Admin
- Admins can add and remove Users.
- Admins can add/remove/edit global variables like priorities, reference link types and Who-What relationship types.
- Admins can view escalated requests (what description changes request). And accept the request on behalf of all members.
-
User
- All users of the application including Super admins and admins fall under a User.
- All users can create story maps and view story maps hierarchy.
Story map permission levels/roles
-
Owner
- This is the owner of the story map, normally the person who created the story map.
- Owners have all the permissions of an editor role.
- Owners can add or remove members (i.e. editors or viewers) of a story map.
-
Editor
- Editors can perform actions that result in a change to the story map. This includes but not limited to, changing the story map name, adding and removing activities/Whos, creating releases, editing release details, adding/removing explore information, adding/removing/editing epics etc.
- Editors can view all information contained inside a story map.
-
Viewers
- Viewers can not edit any information inside a story map but they can view all information contained inside a story map.
Data retention and maintenance
-
Full database backups are performed weekly and can be used to restore the database in cases of extreme loss of data.
-
A soft delete feature for story maps is in the backlog. This feature will move deleted story maps to a bin where they will sit for 30 days before being permanently deleted. Owners or Admins will then be able to restore story maps from the bin during those 30 days.
Security
-
StorYd Software uses Firebase Authentication. This is an authentication solution provided by google as part of their Firebase platform offering. Firebase Authentication handles user identity management, client side session management and database access through Firebase Security rules.
-
Users list
- Only Users in the Users list can sign up and have access to the application. This list is managed by an Admin or Super Admin. When the site is set up for a company, you will need to provide a company email domain (e.g. “bob@somecompany.com.au” will have the domain of “somecompany.com.au”). For improved security, only users with email address in that domain can be added as an User and subsequently only users with email address in that domain can have access to the application.
System Architecture
-
This application uses React (Client side rendering) to render the UI. This means that UI elements are rendered client side.
-
Firestore database is being used to store story map data. This is a NoSQL collection/document style of database. Firebase security rules are used to secure this database.
-
Firebase client side JavaScript SDK is used for session management and to perform direct database actions and queries.
-
Firebase functions are used as a backend service to handle more complex actions and queries that can’t be performed on the client side.