Help users give someone else permission to use all or part of your service on their behalf.
Example of 'Lasting power of attorney' service
Example of 'Agent authorisation to deal with HMRC'
The text was updated successfully, but these errors were encountered:
Dropbox Paper audit
On 8th March 2019 the Design System team reviewed a Dropbox Paper document discussing the delegate authority pattern.
The aim was to reduce the number of places containing guidance and code by:
Below is a record of the outcomes of that review.
If you need to, you can see the original Dropbox Paper content in the internet archive.
Updates to the Design System
The Design System team combined the related draft guidance from Dropbox Paper with this backlog item.
Help your user nominate someone to act on their behalf. For example:
When to use this pattern
Use delegation if your users need to legally nominate someone else to use your service on their behalf.
Don’t use delegation for simpler situations, for example where a friend or family member is helping someone use a service who is present at the time.
How it works
Carefully consider the design
Delegation is complex and can leave users confused if it’s badly designed. Consider the following when implementing this pattern and make sure you do user research:
Clearly distinguish between the main and delegated user
If there are ‘agent’ and ‘client’ views of the service, clearly distinguish them so that agents are clear which version they are viewing.
Use pronouns clearly and unambiguously. It should be obvious whether ‘you’ refers to the user or to someone acting on their behalf. If in doubt, use people’s names to remove ambiguity.
Notify the main user when someone does something on their behalf
The main user should be informed when a delegated user performs an action on their behalf. The notification method should be appropriate to the significance of the action. Read more on +Sending notifications by email, text message or letter.
Keep a record of who performed which actions
You’ll need this if there are any disputes. Consider letting the main and delegated users see the record, but be careful not to expose sensitive personal information.
Research about this pattern
HMRC Trusted Helper
The HMRC's Trusted Helper service had problems with confusion around logging into your own account as opposed to using a pseudo login and operating on behalf of another user. The problems were at several levels:
The team developed the concept of an ‘Activity centre’ - a part of the service that both the main and delegated users had access to. The activity centre contained a record of all the actions performed and allowed the main user to authorise actions performed by delegated users. All participants were kept informed using email notifications.
@terrysimpson99, I'll be honest we've not given this much specific thought on our service. Our address capture was originally based on the pattern in the GOV.UK design system which does include a county field. That was about six months back now and we've not seen any users struggle with it during our research so it hasn't been iterated on.
Your question has prompted me to look into the pattern a little further and I found this: