►
From YouTube: UX Scorecard Security gates accountability
Description
How could user setup security approval rules.
A
Hi
everyone
I'm
a
camellia
product
designer
from
Philip.
This
video
is
one
of
our
New
York
score
card
study,
develop
the
purpose
of
years
worker
studies
to
identify
the
problems
and
attract
effort
of
the
dressing
usability
concerns
within
specific
loan.
Today,
we're
focusing
on
the
secure
I
we
have
to
love
the
persona
for
this
us
scorecard
could
be
security,
specialist,
developer
or
DevOps
who
take
off
the
security
part
of
the
product.
The
feature
I
will
show
today
is
about
security
case.
A
The
security
page
is
such
an
honor
to
be
used
to
describe
a
situation
when
there
is
a
murder
requesting
certain
project,
the
first
get
merged.
Certain
security
tests
will
be
ready
and
when
there
is
a
high
severity
vulnerability
funds
as
a
unit
I
could
get
some
gatekeeper,
some
approvers
to
let
them
to
double-check
the
security
scan
without
and
then
approve
the
murder
request.
So
if
there
is
something
wrong
there,
the
code
won't
go
to
production.
So,
let's
make
a
use
case
here.
I
said:
I'm
a
user
that
I've
heard
this
feature
from
a
colleague
I.
A
A
A
A
A
A
A
A
This
won't
work,
let's
just
work
as
a
general
rule
and
if
there
is
a
murder
request,
no
matter
which
severity
of
the
vulnerability,
no
matter
their
security
Stein
and
this
person
will
need
to
go
there
and
approve
it,
and
if
user
said
that
could
be
quite
annoying
for
the
user.
If
there's
a
large
amount
of
murder
requests.
So
for
this
stops
to
be
done,
it
will
be
a
failed
one,
and
the
suggestion
here
is,
when
you
add
a
new
rules
like
things
we
have
like
some
pretty
fun
security
use
and
don't
put
security
here.
A
So
this
is
the
documentation
the
user
got
and
he
reads
through
it.
So,
okay,
this
seems
like
this,
the
future
use
around
and
how
to
enable
it
and
after
ridet-
and
it
doesn't
really
tell
you
where
to
set
it
up
so
that
you
were
hoping
to
check
on
this
link
and
spend
some
time
to
read
through
all
of
those
general
settings
about
approvals.
So
it's
a
quite
long.
A
One
I
want
to
mean
it
take
at
least
ten
minutes
or
more
and
to
understand
it,
and
then
you're
gonna
locate
the
the
security
one
is
similar
to
this
a
little
bit
different,
and
then
you
don't
need
to
go
to
the
setting
area
to
set
up.
Let's
assume
here
that
these
are
already
great
everything
and
now
user
goes
to
back
to
the
setting
page,
and
here
these
are
at
a
new
rules
and
user
rate
about
it
is.
A
So
this
one
says
case
sensitive,
so
I
need
to
put
the
captive
see
there,
but
if
I
put
a
small
C,
there's
no
hints
the
setters,
and
here
could
be
here.
We
have
a
drop
down
to
tell
you
there.
That's
okay,
I
know
that
you're
looking
for
this
specific
crews,
pretty
fine
about
our
system,
not
a
general
one,
and
here
is
exactly
water.
You
should
use
that.
Neither
can
select
it
to
prevent
misspelling
or
like
didn't
pay
attention
to
the
case
as
it
is.
A
A
User,
looking
for
for
the
vulnerability
of
a
high,
critical
and
no
severity,
okay-
and
this
is
the
same
document
so
now
the
user
question
could
be.
This
enabled
do
I
need
to
do
something
else.
This
already
working
with
nest,
murder
request,
it
doesn't
really
tell
so
the
another
thing
you
could
think
of
is
if
this
turned,
because
this
is
not
enabled
not
turn
wrong.
It's
off.
There
should
be
a
button
to
turn
it
on
or
there
a
way
for
me
to
turn
it
off.
So
how
can
I
disable
this
rules?
A
A
And
I
probably
can
delete
it
here,
but
then
the
rules
will
be
completely
removed.
It
won't
work,
but
at
the
user
I
probably
want
to
just
temporarily
disable
it,
and
it's
very
difficult
for
me
to
find
it
out.
So
the
suggestion
here
is
like
when
user
first
set
up,
we
give
them
a
notification
to
tell
them,
but
okay,
hey.
This
is
already
enabled
ads
and
you
can
already
use
it
to
double
confirm
to
make
them
comfortable
that
they're
doing
they.
It's
something
correct
our.
A
We
have
like
a
button
here
as
turn
around
turn
of
then
it's
more
clear
for
you
were
to
like
disable
ads,
enable
it
that
could
be
some
small
suggestion
and
as
internal
people
I
know
that
user
can
change
this
to
zero
after
the
news
so
as
disabled,
but
according
to
the
documentation,
it
doesn't
need
to
be
greater
than
zero.
So
I
would
opt
that
you
don't
want
to
change
this
number
to
zero
and
also
this
is
not
really
logical
to
say
that
when
the
number
of
approval
is
zero,
does
this
means
it's
post?
A
So
this
is
probably
your
arrow
so
user
mind
and
we
like
kind
of
want
to
see
your
error
message
here
and
they
say
it's
the
rules.
Okay,
it's
something
wrong
or
when
the
click
on
update,
we
show
them
another
fiction.
Calendars
is
post
a
similar
thing
when
I
have
like
two
here,
so
I
only
have
one
approval
and
number
of
our
Provost
required
is
two
and
I
can
update
the
rules
so
that
they
means
like
the
or
my
murder.
A
A
So
there
are
a
lot
of
things
we
could
do
to
improve
it,
and
another
thing
is
user
man
check
this
one?
Those
kind
of
additional
rules
below
it
says,
can
override
tours
and
the
provost
required
for
murder
request.
We're
read
what
and
user
need
to
come
here
and
read
through
it,
where
there's
this
long
documentation
again.
I
would
assume
this
take
like
5
to
10
minutes
to
understand
everything
and
for
each
of
them
after
you
read
everything.
A
It's
already
take
quite
a
long
time,
so
after
user
way
that
they
will
understand
the
override
and
is
join
the
rule
set
up
between
the
group
level
and
the
product
level.
So
the
suggestion
here
could
be
when
we
check
and
uncheck
the
check
mark-
and
we
directly
show
on
the
UI
here-
says:
okay,
you
have
a
ruse
from
a
group
level
which
we
were
overriding
this
one
and
this
won't
work
and
what
will
work
and
can
be
user
clear
indication
what
will
happen.
A
So,
overall,
as
a
summary,
I
think,
the
experience
of
set
up
the
security
feed
caper
pros
is
very
difficult.
First,
the
discoverability
is
very
low
as
a
user,
if
I
don't
get
the
documentation,
it's
almost
impossible
to
fund
it
from
the
crowd.
Gui
and
another
thing
is
even
I.
Have
a
documentation
is
not
very
easy
to
follow.
A
There
are
lots
of
like
kind
of
a
confusing
part
for
user,
to
understand
the
future
and
also
for
those
I
think
that
the
user
I
will
expect
it
to
take
maybe
five
to
ten
minutes,
we'll
set
it
up,
and
there
is
all
the
documentation
and
everything
and
it'll
take.
Maybe
user
20-30
minutes
to
set
it
up.
So
this
is
definitely
experiment
experience
we
need
improve
and
we
need
to
improve
very
fast
if
we
want
to
user
to
use
them.
So
the
overall
feeling
that's
the
score
I
gave
is
negative.
A
So
this
is
not
what
user
expected
they'll
feel
frustrated,
confuse
and
annoyed.
The
greeting
Rubik
score
will
be
d,
so
the
flow
is
not
clear,
is
definitely
having
issues
with
that
really
need
to
improve
it
for
the
user.
The
frustration
level
is
high.
The
compilation
could
be
unlucky,
so
there
is
a
another
issue
that.
A
Working
on
try
to
make
it
better
and
the
issue
is
to
improve
the
general
setting
here
so
by
default,
we'll
have
a
vulnerability
check
and
we
will
have
other
lessons
check
here
and
since
is
by
default.
User
won't
have
ability
to
delete
it,
and
the
user
can
already
check
the
question
mark
to
learn
about
it.
A
So
that's
a
good
step
forward
that
user
can
already
discover
it
when
they
go
to
settings
is
the
RBC
feature
is
already
good
step
forward,
but
still
we
can
improve
it
later
on,
for
example,
the
disable
enable
status
when
this
is
by
default
there,
when
user
cannot
delete
it,
how
we
can
let
user
disable
it
Chandra
to
zero,
doesn't
seems
very
straightforward
in
the
relationship
between
those
rules
and
the
rules
above
is
not
clear.
So
when
they
have
wars,
are
those
apply
to
all
of
them?
A
Can
I
apply
some
of
them
to
some
of
the
rules
are
like
make
it
more
selective
and
should
I
may
put
it
in
general?
Should
I
put
it
in
Security
tab
for
the
user?
So
all
those
questions
do
need
to
be
answered
and
I
hope
we
can
work
on
this
feature
soon
and
provide
our
user
a
happy
experience.
Thank
you.