Workspace & User Access Best Practice

LilyLiuAnaplan
Frequent Contributor

Workspace & User Access Best Practice

Dear All,

 

I have a situation where a workspace is going to be hosting 5 models used by 5 different group of users. For security reasons, each group of users should only have access the specific model they are assigned to, but no all 5 . All the users need to be able to archive a model so they need to be workspace admin. 

 

My questions is: is it sufficient to just set "no access" for the 4 models that the specific group users should not have access to? Or would it be best practice to divide this workspace into 5, one for each model?

 

thanks for your help

1 ACCEPTED SOLUTION

Accepted Solutions
ryan_kohn
Certified Master Anaplanner

You can read more on separation of duties here: https://help.anaplan.com/005c7396-7044-478a-8bf6-fe8e9845dd17-Separation-of-Duties

 

My recommendation for the situation you outlined would be to split into separate workspaces.

  1. It will be a lot simpler to maintain the list of users and permissions going forward. You didn't mention if there is overlap in the end user population or not, but if there is no overlap, it will be simpler for managing end user access as well. Model builders will not need to worry as much about monitoring the access list and ensuring No Access is set for new users across all models.
  2. There is a subtly around default access for Workspace Administrators, which is documented here. All Workspace Administrators get access to new models by default. So if there are model copies or new use cases, this needs to be closely managed in order to prevent accidental access to data.

View solution in original post

2 REPLIES 2
ryan_kohn
Certified Master Anaplanner

You can read more on separation of duties here: https://help.anaplan.com/005c7396-7044-478a-8bf6-fe8e9845dd17-Separation-of-Duties

 

My recommendation for the situation you outlined would be to split into separate workspaces.

  1. It will be a lot simpler to maintain the list of users and permissions going forward. You didn't mention if there is overlap in the end user population or not, but if there is no overlap, it will be simpler for managing end user access as well. Model builders will not need to worry as much about monitoring the access list and ensuring No Access is set for new users across all models.
  2. There is a subtly around default access for Workspace Administrators, which is documented here. All Workspace Administrators get access to new models by default. So if there are model copies or new use cases, this needs to be closely managed in order to prevent accidental access to data.
LilyLiuAnaplan
Frequent Contributor

Thank you so much!