Dynamic Cell Access by Role

I am looking for suggestions / alternative approaches for managing DCA by the user's assigned Role. Ideally, there would be an easy way to maintain this going forward.

1) I have heard a rumor that there is a trick wherein you somehow create a filtering module, then use the normal Roles>>Modules access assignments. Access to the filtering module somehow controls access to the line item. If this approach works, it would minimize maintenance and simplifiy the overall process. Unfortunately, I have been unable to make this work. Does anyone have a trick up their sleeve?

2) Another alternative might go something like this: Create (and maintain) a List of Roles, build a module by Users and Roles, export / import the Roles tab in order to maintain the mapping of Users to Roles, then use booliean logic like "If user has Role and Role is allowed read access then true" as filters for DCA. Is there a practical how-to set of steps for this?

Accepted answers

DavidSmith

@hendersonmj

The best approach is 2.

1. Create a list of roles and map the access to the roles (in my example, products)

2. Map the users to the roles

3. Map the access by role to a module by user and product

Hope that helps

David

All comments

DavidSmith

@hendersonmj

The best approach is 2.

1. Create a list of roles and map the access to the roles (in my example, products)

2. Map the users to the roles

3. Map the access by role to a module by user and product

Hope that helps

David

nathan_rudman

and with David's solution for 2, you can actually solve 1 as you can use your mapping to maintain the actual user role:you can import from the module into the user settings, avoiding "maintenance" and managing user rights from a dashboard which is more user friendly.

DavidSmith

Also, if required, you can actually have a different set of roles for DCA purposes and map user to mulitple roles. You just have to amend the logic to check for each role line item

matt.brady

I have a customer who's trying to do this as well, but their user base and list of roles is large, changing often. Any creative ways on how user to role mapping can be automated? Only thing I can think of is an export of user role and an import to the mapping module.

DavidSmith

Yep, unfortunately that is the only practical option, but you could schedule it to run overnight or 2x per day

If you were going to run it during the day, you could also use an additional line item to only import the changes

They will need to be wary of changing the use role whilst the users are in the model. Imagine you are in the middle of entering data, the import runs, and now you can't edit/see what you could before!!!

Hope that helps

David

maud_vermeulen

Indeed for models with large volumes of users this is still an hassle, would be easier if the role could be the basis for the DCA automatically.

How we solved it now is that the user access is updated based on the module where the role is specified. Instead of setting the access in the User Access section, Access is maintained in a module and from the module imported into the User Access. This also allows a direct connection with the user access maintenance system outside Anaplan.

DavidSmith

@maud_vermeulen

I am going to be looking at enhancements to the users list and roles, including the possibility of a system generated roles list, so that will hopefully make this a lot easier

Don't hold me to dates at this point - I'm asking the requirements to be investigated - But watch this space!

David

PratikGoenka

@DavidSmith Any luck on this requirement?

DEFLOTHE

Is there any update on such kind of request?
I have a similiar issue that I need to have a DCA based on model roles (not users).

We have a timeframe for the forecast where the "normal users" can enter their figures. At one point they should not have the permission anymore except of the controllers. If I have to calculate the permissions for DCA on user level I produce like 15GB of Data ~3Billion cells to control an Input with ~200Million cells.

It would help already if I could turn of the summary for the write permissions (this is factor 12) and read access = true.

I would appreciate some help.

andrewtye

@DEFLOTHE - the alternative would be to do a revision tag which turns off the particular forecast version, asssuming using versions, for all but the required user type

And for DCA - if there's no other DCA enabled then you can just link to a user list boolean. You only need a boolean list item for the dimensions which unless your hiearchies are very deep & have many users I struggle to see how you'd get to 15Gb.

DEFLOTHE

@andrewtye Thanks for the reply. We have a project financial plan which has the dimensions projects, accounts and time. There we have an adjustment input which has an additional requirement to be accessable depending on time, project, account and user. My hope was to replace users with roles (220 users vs 5 roles).

The setup was done 6 years ago by consultants, sadly I have to say that they haven't implemented versions. That is the reason why our DCA lineitem ends up with ~15GB which is 26% cells of the total model.

I got now the task to optimize.

As I see it now my only chance is to change the selective access for each user depending on the time and role.

Quick Links

Can you help?

Unanswered questions

Best way to Architect Financial Statements in Anaplan for Scalability
I have seen two methods used to build financial statements and I am wondering what others have experienced in scalability/maintenance between the two or if there is a better approach. Assume that we have a flat data source for our general ledger within Anaplan. Our line item we are focused on within the source data is the…
Curious Comparison: Forecast Modeling for Unusual Products
I've been experimenting with some forecast modeling techniques in Anaplan recently and decided to test them on a few quirky, offbeat product categories just for fun. One of the categories I played around with was love dolls—yes, you read that right. It actually turned out to be more interesting than expected. Unlike…
OData Rest API for
Hi, Does anyone know how to get an outbound OData Rest API, (OAuth2) to establish a connection between SAP and Anaplan. Thanks Khaled