Model security

Highlighted
New Contributor

Model security

Hello, 

 

I am running into an issue and need some help.  I need a way for a user to be able to pull data from one model into another but not see the model where the data is coming from as it is sensitive information.  The user has actions that reference sensitive data on the sensitive model.  I need the user to be able to pull data from the sensitive model but not be able to read or write any of the modules on the sensitive model as that is where all the personal data sits.  I appreciate any help with this.

 

Thank you! 

5 REPLIES 5
Highlighted
Certified Master Anaplanner

Re: Model security

Hi @Rcampbell 

Have you considered automating the process under an admin user account to run periodically? you can not give the user role access to the module to where the sensitive information is being imported.

 

We had a lot of import/export processes happening at different time intervals from every 30 minutes to monthly. We created Users such as  processX@companydomain.com. the process was run under this "user" and the appropriate data/files were placed in the target module or a target file location with the desired security. No need to have a real user run the process.

 

Also, assuming the user needs the information for some calculations (for example he needs to see salary expense by department but not by individual employee), then maybe your action should pull the aggregated values to begin with.

Einas
"Give a Man a Fish, and You Feed Him for a Day. Teach a Man To Fish, and You Feed Him for a Lifetime"
Highlighted
Master Anaplanner/Community Boss

Re: Model security

Hi @Rcampbell ,

 

To pull the data from another model, the user must have access to the model.

 

Create a new role(e.g. Data Load Admin) in the model and remove access to all the modules except the modules used as a source of the import actions. Also, remove everything from the contents for this role and remove Workspace Admin access. 

 

Now the user has access to the model, and he can see the model but cannot see/access anything in the model...

 

or 

 

You can create another intermediate model and bring all the details needed for the import and connect this to the target model. 

Source --> Intermediate --> Target

 

~VIgnesh M.

Highlighted
New Contributor

Re: Model security

Thank you for the reply! Will this allow the user to run process which reference the secured model?  The user can not see any data on the secure model(personal information), but needs to be able to run process on a different model that references the secured model.  Thanks! 

Highlighted
Master Anaplanner/Community Boss

Re: Model security

@Rcampbell 

 

Yes, if you follow what @VIGNESH.M has done in his first option you should be able to achieve it.

 

Good Luck!

Highlighted
New Contributor

Re: Model security

Thank you for the reply! So, on the user tab if I allow access to the modules that need to be referenced and unclick them on the contents tab.  The user will be able to reference the data but not be able to see the data?  Thank you! I appreciate all the help with this.