UX and Security - The best way to display the ID of object to user
If you have an experience in UX or Security, please answer this question. I am working in some project and we need to show the object id to the user. So all edit form's has the id, the client ask for this --".
My doubt is, what is the best way to show the id in the form?
I did this way, the ID is just a text:
But some one is showing the ID as a disable input, but this seems wrong to me.
Can some tell me the best way to show the ID ? Maybe a third option. And please explain your answer, I need to convince my team.
Thank's!!!!
An Information Architect here.
I think your first inclination: putting the ID in the visible field as text, is correct - provided the text is selectable.
Do not put text that can't be edited into what looks like an editable field, even if it looks disabled. You're telling the user "you can do SOMETHING to edit this number, but you're not doing it now, and I'm not telling you what you have to do, nor why you'd want to do it, nor what happens if you do". That'd be a really poor approach.
One other thing to think about: does it need to be the first thing in the form? Sure, the ID is probably the first field in the database, but it's probably not of first importance to the user. Order it so it makes sense to her.
Information in the page has a hierarchy, and the top and left of that hierarchy (in languages which read left-to-right) is where the most important thing the user needs to see should live.
(That doesn't mean you can't have a header with a top-left logo or top navigation on the page - of course you can. People understand what that stuff is - we're talking about the top-left of the content area).
If you need more background on information hierarchy, I suggest you search for information on "F-pattern reading" for a quick visual example of how people consume information in the page. The Poynter institute did, I think, the original research on this with an eye-tracking study.
You only show object id and name in the page. If that's all that's there, the page's simplicity means you don't need to think it much further through.
If there's more, you'll need to order the information in a way that's important to your user, and that's natural for completion (for example, an Address has many common components, and completion should occur in the order a user would write the address in the context of the local language).
To understand how well you've done with the page's usability, take your best shot, mock it up, then show it to a few (non-technical, non-project-manager) people. Hand them a pencil, and say "use the pencil as your mouse. Point and click on things to do [name of your task]. Don't tell people how to do it. Just ask them to point at things on a printout. This is called a paper prototype, and can be an inexpensive way to learn a lot about your design. Try this with maybe 5 people before you refine and start to code it up.
I'm not sure what the "Security" aspect is (is it a security product, or an IDM component?). If the question is "Can I show the user the object ID?", you'll have to answer that in the context of your internal security model. You'll need to estimate what you're protecting when the object ID is not shown, what's at risk when it is.
Ideally, your system would prevent a malicious user who knows the object ID from doing anything with the known information, and from harvesting object IDs in bulk.