Do not hide actions that users should do only when authenticated [unless your really need to do so]. Users will easily forget those actions are available and the last thing you want is your users to forget something.
Instead, make the link available and ask for authentication afterwards.
Hi, I'm your host, Mário.
I'm a Software Engineer currently living in Europe, Portugal.
I'm currently a freelancer consultant on the roles of Software Engineer, Architect Advisor and Web Developer especially focused on Ruby on Rails and Open Source technologies. You're free to contact me for working proposals.
If you want to take a look at my CV click here. For getting in touch with me try this.
These are my tags:
entrepreneur. enthusiastic. passionate. software engineering.
software architecture. design patterns. ruby. rails. python. php. java.
open source. linux. apple. web 2.0. soa. usability. user experience.
It works when you are developing web sites, I agree. But in web applications, the rule should be “au contraire”. You must hide all actions; only show the hidden actions after authentication. If a user doesn’t have privileges to see a given action, don’t show it, not even disabled. Don’t stimulate the user to find a way to access something that he should not see or use.
Mario,
I must disagree with that. I don’t think security through obscurity is the way to go. Systems should be secure enough regardless whether options are visible or not.
Also, I said that all options should be visible as a usability issue. People sometimes forget they’re logged in/out and that may become confusing.
There was a study conducted by some companies, including MySpace, for assessing precisely this issue and in terms of Usability users definitely prefer to have all options available and then be requested to authenticate to proceed.