Selective Access Security NONE

What is the benefit of the column NONE in selective Access? Does somebody really use it? I would prefer that you always need to upload the new Read and Write in full and that the NONE is not needed anymore. The options that you now have to upload security is: 1) first load the user with no access in order to clear all security and then load the new Read/ write combinations 2) Remember what first was loaded on READ and WRITE and then import those value in the NONE column before you can apply the new security. Who has a use case where the NONE is really beneficial. I never have build an application where I have an incremental update of security.

Answers

  • Hi, 

     

    Indeed, in a process of the security update, putting the "No access" on a user is a very easy way to clear all the security setup of a user but also deletes all the cell data that are related to the modules where "Users" list was used in "Apply to". So, for example, all the saved values of the filters per users are lost. 

     

    Another way to reset the security for a user is to create an action and use the "NONE" option for every list and map the "Total" element of every list on NONE. 

     

    This is a more elaborate way to reset the security list by list using an action,  but has the advantage that preserves the data in the modules where "Users" list was used. 

     

    Ciao

    Alex

  • Adding the total is a good suggestion indeed, but this is still a strange workaround for me :).

    Seems that it should be easier to not have the NONE column and just apply the new security if you load something new on Read or Write. 

  • Hi, 

     

    Imagine this scenario: 

    1. An User X is needed to be setup with "Write" on "Element A"

    2. The security process is launched by admin

    3. The admin wants that the user changes the security from "Element A" to "Element B". "Element A" is not needed to be seen anymore by the user X. 

    4. Launch the security process only with "Write" option, then the "Write" is added for "Element B" corrected but the Write remains also for "Element A" which is not what the admin wanted. 

     

    So, it is needed a possibility that the "Element A" needs to be deleted from the security for the User X.

    This is why the "NONE" option is useful. 

     

    An option is to load "NONE" on "Element A" which means that it is needed to know the previous values of security. But the easiest way is to load "NONE" at Total element of the dimension which clears all the previous values on the User X for that dimension (list). 

     

    And, of course, to reset all the previous values of the security remains to put "No access" on the user before updating the security for the User X, but in this case, all data related to the Users modules are lost. 

     

    Ciao

    Alex

     

  • @eije.wiersema 

     

    Take a look at this post (https://community.anaplan.com/t5/Anaplan-Platform-Discussions/Selective-access-for-lists-from-dashboards/m-p/45763#M5583).  When using the "List None", it removes the access for the member passed in.  By doing this, you are not completely removing all access to the list, just removing the desired member(s).

     

    Hope this helps,

     

    Rob

  •  

    @rob_marshall 

     

    For me it is clear on how the 'NONE' is working. However I find it difficult to find a business use case for it. When I create a model to maintain security, then I always go for a full refresh and not so much for an incremental load. 

     

    For me it seems more work to maintain the NONE next to the READ and WRITE instead of just always loading a full set of security for one or more users. This way your source model always will match with the 'real' security settings and there is no risk of misalignment between the security model and the security in Anaplan.

     

    Eije

  • @eije.wiersema 

    Just a quick point on the full load vs incremental load

     

    If the full is done outside of business hours or planning cycles, then that is OK, but for updates during these times, you should use an incremental load to minimise user disruption

     

    David

     

  • @eije.wiersema 

     

    Quick question, why would you want to do a full load when a delta (what has changed is already needed)?  In the post that I linked above, you could import your Read/Write booleans by person into that module and because the views are setup to only load the changes, that should be more efficient.

     

    Thanks,

     

    Rob

  • Your solutions works well, but I find it quite a lot of work to set-up and maintain. If you maintain one model it is okay, but if you want to create a user management model to maintain security of 15+ models, then it is quite cumbersome to build and maintain this solution. 

     

    I also understand the performance benefit of the incremental upload, but when you only update the employees that are updated, then the performance should still be okay.

     

    However I would prefer to upload full security of a user instead the ability to amend each intersection.

     

    Anyway I created a suggestion on the idea exchange that should give you the option to clear all items mapped when uploading security. 

    https://community.anaplan.com/t5/Idea-Exchange/security-Upload-Clear-mapped-Items-in-Source/idi-p/45777 

  • @eije.wiersema 

     

    That is fair...If you want to use a true sledgehammer approach to wipe out all security on all the lists at one time, set the users access to NO ACCESS, change it back to the role they need, and then apply the security.  But, I do understand where you are coming from.

     

    Rob

  • Yes, the no access is an approach, but then also the input done on lineitems with the user list will be removed if I'm correct.

  • Yes, you are absolutely correct.  But if you don't use that functionality (inputting data by user), it can work.