Skip to content

UI/UX design for background permission syncing toggle

Created by: pjlast

Why someone would want to disable background permission syncing, or why background repo-permission syncing is disabled by default, can be a bit confusing. Clear customer communication is required here to make sure that they can make informed decisions on their own. Things they should be made aware of:

  • It is impossible to give user's access to something that the user cannot access
  • Conflict comes in when the access token the user provides has different viewing permissions than the user themselves
  • Creating a new token does not necessarily invalidated the older one. A token that was generated with valid SSO credentials will maintain those SSO privileges, signing the user out of the SSO will not terminate the token's privileges as well. The token itself would have to be revoked

This is not an exhaustive list, there could be more