PSA: Deleted Models are no longer inaccessible to Workspace Admins

obriegr · 2024-05-09T18:09:11+00:00

There was an error rendering this rich post.

Anaplan introduced a new feature that allows for models that have been deleted to be restored by any workspace admin. This is wonderful for customers and partners to self serve when a model is deleted accidentally or needs to be restored and the hassle of going through Anaplan support/your BP makes it challenging or not worth the effort.

Historically speaking, there is/was a paper trail that existed when a model is restored and therefore if there is an exposure of sensitive data that it could be pursued appropriately based off of the actions, intentions, and results of what occurs, as well, generally decisions not being made in a vacuum, generally requiring sign off, or inclusion of other parties. In addition, deletion made the information inaccessible without those steps being taken.

The new feature allows for any workspace admin to un-delete the model, un-archive it, then perform any normal model activit(ies) including rolling back to a previous revision tag, and possibly gaining access to the data that was deleted from the workspace to allow them to be granted access to the Workspace as a Workspace Admin.

While this a somewhat niche situation, this feature has made 2 of our workspaces a no go zone for all but 2 of our CoE members.

I hope no one else is impacted by this find, but I wouldn't be posting about it otherwise.

Accepted answers

All comments

Tiffany.Rice

Thanks @obriegr for raising these considerations. Completely understand the need to exercise caution when dealing with private/confidential data.

Does the time parameter help to mitigate some of these concerns? Workspace administrators can only restore a model within 14 days of deletion. https://help.anaplan.com/restore-a-deleted-model-f2323188-177a-47c8-bafd-ea88b6c4be89 I view this capability as a means to self-serve in the instances where you inadvertently deleted a model or a there was a sudden change of heart (oh wait, we really did need that!?!?). Beyond the 2 week window, the restoration process would be the same as in past, working with Anaplan support teams.

One other point to ponder, while the restore/un-archive is available to all admins only those with a access assigned to the model will be able to view it once it is moved to "Standard" mode. I did a quick test of this with one of my teammates, we set his role to "No Access" and while he was able to restore/un-archive, he had no access to the model itself.

Key caveat to mention - when creating new users in a sensitive workspace I avoid selection Workspace Admin in the creation dialogue as that will grant access to all models in the workspace including those that are archived. Instead I create the user in the targeted model and then assign WSA via the users panel.

obriegr

I don't disagree, pointing out that it generates a possible security risk that was not clearly communicated. I generally try and keep up with the newsletters (now discontinued; eg. I don't get an email anymore when there is new features released).

Thus articulated as a PSA. That being said, if a bad actor has WSA access, they can easily add in another email (their personal) to the workspace, say they are testing things, and consume the data without leaving any trace of their behavior, during those 2 weeks.

I would consider it a vulnerability and needs to be communicated at least once when deletion of a model occurs per WSA, communicating similar information to what you have shared with regards to timelines, etc.

In addition, that 14 day window still limits access of other WSA that previously you could allow, so a button that says, yes I am certain I would like to remove access to this model and do not plan on restoring access without Anaplan's assistance.

Quick Links

Can you help?

Unanswered questions

AnaplanXL Difficulties
Has anyone found success using Anaplan XL with Polaris models in a shared drive with or without concurrent users? My team has experienced a variety of errors, login failures, etc. sometimes it works, sometimes it doesn't. We've been recommended to save and edit files locally, which helps but certainly with its limitations…
Using Anaplan for Managing Custom Product Configurations (Example: Designer Dolls)
We’ve recently started using Anaplan to model and manage our supply chain and production planning for a niche ecommerce business that sells custom-designed dolls — each made-to-order with specific features, materials, and delivery lead times. A few interesting challenges we faced: SKU Explosion: Each doll can be customized…
Using time for something not time related - special characters :)$
We had a recent challenge with the need to "clean" invoice data descriptions from special characters. This was done previously in SQL with the a long convoluted formula "REPLACE(REPLACE(REPLACE('Ana&plan', '&', '') that would have to edited by a developer in case any new special characters came through. Using the replace…