Workspace & User Access Best Practice

Dear All,


I have a situation where a workspace is going to be hosting 5 models used by 5 different group of users. For security reasons, each group of users should only have access the specific model they are assigned to, but no all 5 . All the users need to be able to archive a model so they need to be workspace admin. 


My questions is: is it sufficient to just set "no access" for the 4 models that the specific group users should not have access to? Or would it be best practice to divide this workspace into 5, one for each model?


thanks for your help

Best Answer

  • ryan_kohn
    Answer ✓

    You can read more on separation of duties here:


    My recommendation for the situation you outlined would be to split into separate workspaces.

    1. It will be a lot simpler to maintain the list of users and permissions going forward. You didn't mention if there is overlap in the end user population or not, but if there is no overlap, it will be simpler for managing end user access as well. Model builders will not need to worry as much about monitoring the access list and ensuring No Access is set for new users across all models.
    2. There is a subtly around default access for Workspace Administrators, which is documented here. All Workspace Administrators get access to new models by default. So if there are model copies or new use cases, this needs to be closely managed in order to prevent accidental access to data.