Excel Add-In: Module Security/Restriction

When using the Excel Add-In, there is currently no way to restrict a module from being pulled into Excel if a user is provided access to that module.

 

We have multiple users whose roles require them to view confidential data within Anaplan, but they should not have the ability to export the data out of Anaplan. Within Anaplan’s dashboard settings, the ability to restrict a user from being able to export a module does exist and is necessary to prevent specific data from being accessed outside of Anaplan, such as a salary detail module used in our Budgeting model. If we allow users to use the Excel Add-In, we lose our ability to ensure users are not storing or accessing this data outside of the Anaplan interface and thereby lose our ability to maintain control over the security of the data.

 

We would like to see an additional security setting that allows us to “lock-down” specific modules to ensure that confidential information is not able to be exported outside of Anaplan via the Excel Add-In.

31
31 votes

Not Planned · Last Updated

Comments

  • This should be included as a feature for Excel Add-In.

  • Status changed to: In Review
  • Building off of this post a bit - if we are unable to restrict a particular module, then being able to restrict if the add-in can be used at all with a particular model would be helpful (although not ideal). 

  • Status changed to: In Review
  • Status changed to: In Review
  • Module security for the Excel add-in is a must. I also feel that when considering the solution to this the security of the saved views would also be a great addition.

  • We have same requirement and since there is not a way to manage around this yet, we are unable to allow the Add-in to be used within the organization.  This is unfortunate as it would be useful to help with other needs we have.

     

    Any better feedback what the future of this requirement may be?

  • Thank you all for your interest in this functionality which is now considered for future roadmap. We will be investigating the levels at which we could provide this security setting (user, workspace, model, module or saved view) based on your feedback.

  • Chiming in to support this idea - I just came here to submit something similar myself. With restoration of the writeback functionality in Excel Add-In 3.3, this is extra important as users can overwrite data in areas they don't normally have access to through the model (bypassing filtered view on dashboard.) Right now I am building workarounds using DCA, but it is very clunky and fragile. 

     

    Ideally, I would like to restrict Excel Add-In access down to the individual saved view level, but module level at a minimum.

  • In addition to security settings for modules and module saved views it would also be a huge improvement to control how users access Anaplan and to prohibit the use of the Excel add-in completely. The new UX introduced a new role to allow modellers to build in the new UX. A role granted within TA to allow/deny the Excel Add-in (and powerpoint) would give administrators the ultimate level of control on how users access Anaplan.

  • Apparently this security issue will be the same when using the New UX which we have not been able to robustly review the New UX yet but had a call where it was mentioned that users when creating their own pages in the New UX will be able to get to the module detail.  This is a huge issues for us.

     

  • @jennifer_keefer as part of the New UX based on customer feedback we have added new functionality called My Pages that allows any user to create their own pages. This empowers the end user and gives the model more time to focus on value added activities rather than dashboard tweaks.

     

    The creation of these pages respects the Anaplan security model consisting of DCA, selective access and Module level security. We have also added page level security for the New UX. However we are aware some customers are using filtering as security so we have added the capability to disable My Pages for models where the security model has not been implemented using the recommended mechanisms mentioned above.

     

    There is a bit more info about disabling My Pages for models in this link 

    https://community.anaplan.com/t5/New-UX-Updates/My-Pages-Coming-soon/ba-p/51767

     

    Hopefully that gives you the tools required to tackle your current issue.

     

  • Thanks for the additional information @sprender Our preliminary testing shows this provides the security needed in the New UX.  If there was something similar for the Excel Add-in that would be great.

  • My organization is currently using the Excel add-in v. 3.2 as a reporting tool, which meets our organization's requirement to control the data in Anaplan (read only, not write-back).  My organization wants to keep the controls around data push/pull as is.  

     

    I have just done some testing with v. 3.3 and it does the job that it needs to do, OTHER than the fact that I cannot see any way to disable the ability to create a Read/Write connection.  We need for future versions of the Excel add-in to allow control of this behavior either as a setting during install or a registry edit or a different version of the add-in (read/write vs. read only).  

     

    As @helennie notes, there may be a DCA way to control this, but that causes extra work for the folks that administer the Anaplan environment and is not a solution.  The Excel add-in tool itself needs to be able to be configured.  

     

    Thank you,

    Stacey Gibbens

  • Agree with the posts above.  Would like the ability to restrict end users from accessing specific models when using excel add in.  Reason being, we have a model with restricted information.  Due to design requirements, filtering is used to limit users ability to access data within the model.  Additionally, due to the sensitive nature of the data, users do not have the ability to export data out of the model.  The excel add in gives users the ability to access any model they have access to.  It does not respect filtering managed in the model and gives users the ability to download data that is prevented from exporting in the model.  Due to these issues mentioned above, we have not been able to roll out the excel add in to our end users.

  • Will enable customers to manage their sensitive data better within their Anaplan domain, instead of other IT restrictions. Expliciet request of a customer.

  • Good news! We have prototypes of this feature and would like your feedback.

    Sign up to the 30-minute call by joining our feedback group.

  • Hi all, has there been any update on this item? It sounds like there was some sort of prototype years ago but curious if this is back on the roadmap at all. Or at least SOME way to disable read/write entirely and just allow READ as a minimum.

  • @brettnish it is possible to disable a module for read/write in the add-ins by using Module Roles in Anaplan.
    Though having a feature that would allow model builders to prevent users in the Excel add-in from inserting specific modules, is currently not on the roadmap.

  • @VeronicaP thanks for the update, that's unfortunate. In our case, users have access to a number of modules as they are required for the NUX pages but the hope was that we could restrict the Excel add-in to only showing the "consolidation" modules rather than everything they have access to. The problem is that unless you put together a "guide" for which modules to look at, it can be overwhelming for a regular end user to know what to pull from

  • Have you considered using Anaplan for Microsoft 365? it's the new add-in for Excel, PowerPoint and Word that is based on Anaplan UX. So users can insert UX cards saved from a card template directly into Excel, accessing the list of card templates instead of all Modules. This way you can create cards only from consolidation modules.

Get Started with Idea Exchange


See our Submission Guidelines and Idea Evaluation Criteria, then start posting your own ideas and showing support for others!