Set default roles access to none

As a model builder and workspace admin, i need newly created modules, lists and actions not to be accessible to any role except the full access role.

This is necessary to follow security guidelines and best practices of "least privilege" (you only have acces to what your eligible to).

Currently the opposite is done in anaplan and when creating new modules in anaplan, all roles have write access to these by default.

This requires extra check steps on the model building tasks to then remove for each role the access for each module.

If missed (which can definitely happen), then some users may have access to part of the models they are not supposed to and this can lead to potential incidents in anaplan applications.

Changing the default setup behaviour would go a long way to increase security and reduce o

Additional security checks and/or incident

1
1 votes

New · Last Updated

Comments

  • @david.savarin 

     

    I believe it is already that way...If you create a module, every role defaults to None until the admin changes it.

     

    Module:

    2022-09-29_15-20-18.png

     

    2022-09-29_15-20-36.png

     

    List:

    2022-09-29_15-21-00.png

     

    2022-09-29_15-21-18.png

     

    And the same is true for Actions.

    2022-09-29_15-25-21.png

     

  • @rob_marshall : that's completely correct ! we must have missed how this is working. One less item on the list 🙂

  • Oddly I sometimes wish it was the way round you don't want it to be as it's the one thing that's often forgotten about and with UX being so separate it doesn't really matter much any more if a user can/can't access a module.

Get Started with Idea Exchange


See our Submission Guidelines and Idea Evaluation Criteria, then start posting your own ideas and showing support for others!