I am looking for suggestions / alternative approaches for managing DCA by the user's assigned Role. Ideally, there would be an easy way to maintain this going forward.
1) I have heard a rumor that there is a trick wherein you somehow create a filtering module, then use the normal Roles>>Modules access assignments. Access to the filtering module somehow controls access to the line item. If this approach works, it would minimize maintenance and simplifiy the overall process. Unfortunately, I have been unable to make this work. Does anyone have a trick up their sleeve?
2) Another alternative might go something like this: Create (and maintain) a List of Roles, build a module by Users and Roles, export / import the Roles tab in order to maintain the mapping of Users to Roles, then use booliean logic like "If user has Role and Role is allowed read access then true" as filters for DCA. Is there a practical how-to set of steps for this?
and with David's solution for 2, you can actually solve 1 as you can use your mapping to maintain the actual user role:you can import from the module into the user settings, avoiding "maintenance" and managing user rights from a dashboard which is more user friendly.
I have a customer who's trying to do this as well, but their user base and list of roles is large, changing often. Any creative ways on how user to role mapping can be automated? Only thing I can think of is an export of user role and an import to the mapping module.
Yep, unfortunately that is the only practical option, but you could schedule it to run overnight or 2x per day
If you were going to run it during the day, you could also use an additional line item to only import the changes
They will need to be wary of changing the use role whilst the users are in the model. Imagine you are in the middle of entering data, the import runs, and now you can't edit/see what you could before!!!
Indeed for models with large volumes of users this is still an hassle, would be easier if the role could be the basis for the DCA automatically.
How we solved it now is that the user access is updated based on the module where the role is specified. Instead of setting the access in the User Access section, Access is maintained in a module and from the module imported into the User Access. This also allows a direct connection with the user access maintenance system outside Anaplan.