Fact Sheet Permissions

Overview

You can configure role-based permissions for each fact sheet type. This enables you to restrict access to sensitive fact sheet data, ensuring that only responsible users can view or modify it.

📘

Note

For the Admin role, fact sheet permissions cannot be configured. This precaution is taken to avoid potential issues such as parts of the workspace becoming inaccessible to all users.

The permissions for Viewers and Members are already predefined, but you can adjust them as needed.

If you’re managing user roles within your single sign-on identity provider, you can also define custom roles in addition to the predefined ones and configure fact sheet permissions for them. Keep in mind that creating custom roles requires additional effort to configure and maintain permissions for each role. Therefore, we recommend keeping the number of custom roles to a minimum. For more information, see Custom User Roles.

Best Practices

When configuring fact sheet permissions, follow these best practices:

• Promote collaboration: Avoid measures that restrict the majority of users from contributing to data quality in the workspace. Instead, foster an environment that encourages active participation for improved data quality and accuracy.
• Restrict access to sensitive data: Prioritize limiting access to business-critical or sensitive data. By doing this, you ensure that crucial data remains secure, while allowing for wider collaboration on less sensitive information.
• Test permissions: To ensure that fact sheet permissions are set up correctly for a specific user role, you can temporarily preview the workspace under this role. To do that, in the user profile menu, select Switch user role, select a role, then click Login.

Configuring Fact Sheet Permissions

Follow these steps:

1. On the Meta Model Configuration page, select a fact sheet for which you want to configure permissions.

2. On the fact sheet configuration page, navigate to the Permissions tab.

3. In the Permission Role list, select a role.

4. Adjust permissions as needed, then save the changes.

   

Permissions Overview

In this section, you can find an overview of fact sheet permissions. Except for general permissions, other permissions are associated with Create, Read, Update, and Delete (CRUD) operations:

• Create: Permission to populate an attribute that is currently empty with input data.
• Read: Permission to view the content of an attribute.
• Update: Permission to modify already existing information within an attribute.
• Delete: Permission to delete information that was previously entered and saved in a specific attribute.

To find a specific permission, you can use the search field in the upper-right corner of the page.

General Permissions

The General Permissions section includes permissions that apply to the entire fact sheet type. These permissions are not based on the CRUD format. You can enable or disable them by selecting or deselecting the corresponding checkboxes.

The following table lists general fact sheet permissions.

Global Permissions

The Global Fact Sheet Configuration section contains permissions for fact sheet attributes that are not considered fields, such as comments, resources, quality seal, and more.

Field Permissions

The Fields section contains permissions for all fields that exist within a fact sheet type. These permissions are displayed following the structure of sections and subsections as they appear on the fact sheet page.

Relation Permissions

The Relations section contains permissions for relation fields, grouped in the same order as they appear on the fact sheet page. Each relation field is grouped under its respective relation and has a limited set of configurable permissions. Permissions that aren't applicable to a specific attribute cannot be configured.

📘

Note

• Global relations, such as predefined parent-to-child relations, are neither configurable nor displayed on the fact sheet configuration page.
• Bulk-editing of all fields within a relation subsection is not supported.

Advanced Permissions

You can configure advanced permissions based on users' subscription types or fact sheet tags. This approach provides a flexible way to manage access without the need to create additional roles.

Advanced permissions serve as an extension to non-advanced permissions. An advanced permission for an attribute always takes precedence over the corresponding non-advanced permissions. A warning icon on a non-advanced permission indicates that an advanced permission is configured for this attribute. To view and compare permissions, click the warning icon.

As an example, consider a scenario where the Name attribute has the Create and Update permissions set to true. If an advanced permission is added for this attribute with the Create permission set to true, the non-advanced Create permission will automatically be set to false to prevent conflicting permissions. In such cases, the admin receives a notification detailing the changes that overwrite the non-advanced permissions, with an option to revert one or more advanced permission changes.

📘

Note

Advanced permissions on relation fields are not supported.

Subscription-Based Permissions

In the Subscription-based Permissions section, you can configure permissions for specific fact sheet attributes based on the user's subscription type (Observer, Responsible, or Accountable), which provides an additional layer of access control. The user's subscription type is checked on a fact sheet level. To learn more about subscription types, see Subscription Type.

For example, consider a scenario where you want only users with a Responsible subscription type to be able to edit the Budget / Costs Description attribute on initiative fact sheets. You can configure an advanced permission to enable an additional check of the user's subscription type. If a user is subscribed to a fact sheet as Responsible, they can edit the attribute. However, users with Observer or Accountable subscriptions will not be able to make edits.

The following subscription-based permissions are available by default:

• Subscriptions permission (only for Viewers): This permission defines whether users can create, update, and delete fact sheet subscriptions for themselves only.
• Quality seal permission (for Viewers and Members): While Viewers or Members usually don’t have permission to update the quality seal, this advanced permission allows users with a Responsible or Accountable subscription type to do that.

Tag-Based Permissions

In the Tag-based Permissions section, you can configure permissions for specific attributes on fact sheets with a specific tag. This allows for granular control of permissions based on the tagging of fact sheets. To learn how to use tags on fact sheets, see Tags.

For example, consider a fact sheet tagged as Confidential. You can configure tag-based permissions so that only specific roles can read the Description field on fact sheets tagged as Confidential. This ensures that sensitive descriptions are only accessible to those with the necessary permissions.