Model security




I am running into an issue and need some help.  I need a way for a user to be able to pull data from one model into another but not see the model where the data is coming from as it is sensitive information.  The user has actions that reference sensitive data on the sensitive model.  I need the user to be able to pull data from the sensitive model but not be able to read or write any of the modules on the sensitive model as that is where all the personal data sits.  I appreciate any help with this.


Thank you! 

Best Answer

    Answer ✓

    Hi @Rcampbell ,


    To pull the data from another model, the user must have access to the model.


    Create a new role(e.g. Data Load Admin) in the model and remove access to all the modules except the modules used as a source of the import actions. Also, remove everything from the contents for this role and remove Workspace Admin access. 


    Now the user has access to the model, and he can see the model but cannot see/access anything in the model...




    You can create another intermediate model and bring all the details needed for the import and connect this to the target model. 

    Source --> Intermediate --> Target


    ~VIgnesh M.


  • Hi @Rcampbell 

    Have you considered automating the process under an admin user account to run periodically? you can not give the user role access to the module to where the sensitive information is being imported.


    We had a lot of import/export processes happening at different time intervals from every 30 minutes to monthly. We created Users such as the process was run under this "user" and the appropriate data/files were placed in the target module or a target file location with the desired security. No need to have a real user run the process.


    Also, assuming the user needs the information for some calculations (for example he needs to see salary expense by department but not by individual employee), then maybe your action should pull the aggregated values to begin with.

  • Thank you for the reply! Will this allow the user to run process which reference the secured model?  The user can not see any data on the secure model(personal information), but needs to be able to run process on a different model that references the secured model.  Thanks! 

  • Misbah



    Yes, if you follow what @VIGNESH.M has done in his first option you should be able to achieve it.


    Good Luck!

  • Thank you for the reply! So, on the user tab if I allow access to the modules that need to be referenced and unclick them on the contents tab.  The user will be able to reference the data but not be able to see the data?  Thank you! I appreciate all the help with this.