Selective Access to Lists for Roles (as well as Users)?

Is Selective Access for Roles (as well as Users) technically possible / practicable to implement?

While Selective Access for Users is of course useful, my experience tells me that it would be even more useful for Roles, particularly for a numerous user base.

If the answer is no, then is there any workaround to meet the challenge of maintaining Selective Access for a large number of Users, perhaps driven by Roles?

Accepted answers

PaulRitner

I'm probably mincing words too much... The role doesn't get the selective access, the user does. Selective access is in an integral part of security administration, but not explicitly part of a role definition (i.e. a user is assigned to a role, and at the same time is usually given some level of selective access to lists. These two items are separate & distinct, although intertwined with a specific set of security requirements.)

My discussion about bulk loading selective access (in particular) was a rambling on interesting ways selective access can be efficiently managed as a matrix of users & selective access settings, as well as ideas about how the basic ability to bulk load selective access settings can be leveraged for business process management (either in the context of requests for access, or through read/write control related to ongoing collaborative processes).

I hope this helps!

Cheers!

All comments

PaulRitner

Hi,

I've only ever thought about Selective Access as being related to users, and granted when they are assigned to roles. This way, I can have fewer roles to maintain, and accomodate broad selective access.

User Access settings can be bulk loaded, including Selective Access. This is pretty neat because access levels can, in effect, be requested through anaplan, approved, and then (approved) changes bulk loaded upon approval (through a workflow). In addition, workflows for collaborative processes can effectively convert write access to read access by user area via dashboarded processes... and then convert them back to write when we want to open the system back up. This is really nice if the native workflow doesn't support the requirements exactly.

harish_bk

I guess both of them are correct and it all depends on the way the business users are poised in each business.

Traditionally we try to build roles and assign the accesses to the roles and then make users part of these roles,so we do not have to worry about new user acceses and just assign him to new roles.

But in Anaplan we can assign one role per user I guess and hence Paul was recommending to have selective access by users.

Mark_W_Shemaria

User Settings is where the Role creation/configuraton is managed. Each user can be assigned to 1 Role. Roles are used control access to Modules, Versions, Lists and Actions. User Role assignment can be set when users are added to a Model manually or through the User import action.

PaulSki

@PaulRitner wrote:
Hi,

I've only ever thought about Selective Access as being related to users, and granted when they are assigned to roles. This way, I can have fewer roles to maintain, and accomodate broad selective access.

User Access settings can be bulk loaded, including Selective Access. This is pretty neat because access levels can, in effect, be requested through anaplan, approved, and then (approved) changes bulk loaded upon approval (through a workflow). In addition, workflows for collaborative processes can effectively convert write access to read access by user area via dashboarded processes... and then convert them back to write when we want to open the system back up. This is really nice if the native workflow doesn't support the requirements exactly.

Please would you validate my understanding of your reply?

You seem to imply that the Platform does not need to accommodate Selective Access for Roles natively, because that useful facility could be incorporated in a comprehensive Access Management solution, using Anaplan module(s) and bulk loading.
Such a solution might also provide other features such as temporary removal of write access by user area, and - I would add - accommodate Users performing multiple Roles, which also isn't offered natively.

PaulRitner

I hope this helps!

Cheers!

Quick Links

Can you help?

Unanswered questions

ANAPLAN XL View
Hi, I need help in pulling a specific view in Anaplan XL. The first grid should display attributes of various projects, while the second grid should present the monthly financial data for these projects. Thanks in advance.
Add list members to a selective access list
Hi, I am working on a solution where the User should only have access to write/edit the list members that they add from an Action on the frontend. This action adds another list member to a selective access list. The problem is, in order to run the action, you need access to the entire list, so you would see all list…
Dimensionality Issue
Hi ALL, In my model, I have Need stored at a 'D3' RS Group level. I need to use this Need in another module at the G5 Location level. I currently have a mapping module where each G5 Location maps to a D3 RS Group. This Module uses D2 Role as dimension. but the line item I've to find the RS Group (Find D3 RS Group = 'FIND…