Selective Access to Lists for Roles (as well as Users)?
Is Selective Access for Roles (as well as Users) technically possible / practicable to implement?
While Selective Access for Users is of course useful, my experience tells me that it would be even more useful for Roles, particularly for a numerous user base.
If the answer is no, then is there any workaround to meet the challenge of maintaining Selective Access for a large number of Users, perhaps driven by Roles?
Best Answer
-
I'm probably mincing words too much... The role doesn't get the selective access, the user does. Selective access is in an integral part of security administration, but not explicitly part of a role definition (i.e. a user is assigned to a role, and at the same time is usually given some level of selective access to lists. These two items are separate & distinct, although intertwined with a specific set of security requirements.)
My discussion about bulk loading selective access (in particular) was a rambling on interesting ways selective access can be efficiently managed as a matrix of users & selective access settings, as well as ideas about how the basic ability to bulk load selective access settings can be leveraged for business process management (either in the context of requests for access, or through read/write control related to ongoing collaborative processes).
I hope this helps!
Cheers!
1
Answers
-
Hi,
I've only ever thought about Selective Access as being related to users, and granted when they are assigned to roles. This way, I can have fewer roles to maintain, and accomodate broad selective access.
User Access settings can be bulk loaded, including Selective Access. This is pretty neat because access levels can, in effect, be requested through anaplan, approved, and then (approved) changes bulk loaded upon approval (through a workflow). In addition, workflows for collaborative processes can effectively convert write access to read access by user area via dashboarded processes... and then convert them back to write when we want to open the system back up. This is really nice if the native workflow doesn't support the requirements exactly.
1 -
Hi
I guess both of them are correct and it all depends on the way the business users are poised in each business.
Traditionally we try to build roles and assign the accesses to the roles and then make users part of these roles,so we do not have to worry about new user acceses and just assign him to new roles.
But in Anaplan we can assign one role per user I guess and hence Paul was recommending to have selective access by users.
0 -
User Settings is where the Role creation/configuraton is managed. Each user can be assigned to 1 Role. Roles are used control access to Modules, Versions, Lists and Actions. User Role assignment can be set when users are added to a Model manually or through the User import action.
0 -
@PaulRitner wrote:Hi,
I've only ever thought about Selective Access as being related to users, and granted when they are assigned to roles. This way, I can have fewer roles to maintain, and accomodate broad selective access.
User Access settings can be bulk loaded, including Selective Access. This is pretty neat because access levels can, in effect, be requested through anaplan, approved, and then (approved) changes bulk loaded upon approval (through a workflow). In addition, workflows for collaborative processes can effectively convert write access to read access by user area via dashboarded processes... and then convert them back to write when we want to open the system back up. This is really nice if the native workflow doesn't support the requirements exactly.
Please would you validate my understanding of your reply?
You seem to imply that the Platform does not need to accommodate Selective Access for Roles natively, because that useful facility could be incorporated in a comprehensive Access Management solution, using Anaplan module(s) and bulk loading.
Such a solution might also provide other features such as temporary removal of write access by user area, and - I would add - accommodate Users performing multiple Roles, which also isn't offered natively.0