Centralized user management Model

Hello community!

Adding, removing and updating accesses for users becomes a tedious task when there are multiple models within the company. I am analyzing the pros and cons of building a centralized user management model that can be used to control the user roles and selective accesses of multiple models within the organization. Any inputs and suggestions based on your experience would be valuable!

Accepted answers

StevenBeerthuizen

This is our story: Community perspective: Central User Access Managem... - Anaplan Community

Tiffany.Rice

Absolutely recommend this as security admin can become very laborious if you don't have a process to automate the updates across the spoke models.

A couple things to consider:

1. Are you access needs the same across all models? For common hierarchies, does a user have the same data level access or are certain models unique.

2. What will best enable the security admin role? Do you have groups of similar users that have the same permissioning (role, selective access etc.) or do all users need to be maintained individually. If individual maintenance is needed, consider creating a process so that the admin can copy data from one user to another to allow for permission mirroring.

3. How will the new user request process work? Will this be automated within Anaplan where existing users submit via a UX page to request the creation of a new user or do you have another intake method to capture the necessary data points?

4. Integration needs - you will want to ensure that the security hub is updating any lists being used to administer selective access on the same cadence as the spoke model. Also contemplate the frequency with which the spokes models will pull user updates from the hub, will this be a scheduled integration, an ad hoc integration or will the admin run manually via a UX page for each model.

5. If you have multiple workspaces with separate Workspace Admin, that may inform you decision on which space makes sense for the security hub model to reside. You may choose to deploy it within an existing space or create a new. Contemplate the needs of your model with the highest security needs, which workspace admins are able to access those models?

@RAJASEKAR - hopefully that helps get your wheels spinning. I'm sure your security admin application will be a huge win for your ecosystem!

All comments