Skip to main content

I'm looking for ways to make certain Fact Sheets private or restrict access to them in LeanIX. We have some sensitive data that we only want specific users to be able to view or edit.

I know LeanIX doesn't have a direct "private" setting, but I've heard about using role-based permissions, subscription types, and tags to control access. Could anyone share some detailed instructions or examples of how to do this effectively?

For example, how can I:

  • Restrict access to a Fact Sheet so that only users with a specific role (e.g., "Finance") can view it?
  • Make certain attributes (fields) within a Fact Sheet visible only to certain users?
  • Use tags to control access to sensitive Fact Sheets?

Any guidance or best practices would be greatly appreciated!

Thanks in advance.

You can create Virtual Workspaces to restrict access to specific fact sheets.  At a high-level:

  1. SSO has to be configured for your workspace, and SSO must be completely managed by your identity provider
  2. You create access control groups within LeanIX and the attribute, entryACI, must be passed from your IdP in the session.  For example, create a Finance group in LeanIX and on the IdP side, for members of the Finance group, assign Finance to the entryACI attribute.  An Admin will have to request access to the “Access Control” menu in the Administration console.
  3. Once you have Access Control setup in LeanIX, you can assign read and write attributes of a fact sheet to the Finance group.  If an attribute (read or write) is left blank, then that denotes global access for that attribute.  But if you assign the Finance access control to read and write then only members of Finance can view and edit the fact sheet.

Documentation for Virtual Workspaces:

https://docs-eam.leanix.net/docs/virtual-workspaces#assigning-access-control-to-fact-sheets

Hey ​@Alessandro Jr ,
The virtual approach as ​@DLHobson rightly describes will help you in the following situation: I need one sensitive Initiative to be hidden to a specific group of users, but the rest of the Initiatives could be seen by all.
However, if you need to hide a section on a fact sheet such as Cost, then you can go very granular in the definition of rights with the Permissions and the custom roles features without Virtual Workspace.
Regarding the use of tag as you described it, you can configure permissions for specific attributes on fact sheets with a specific tag, but you would not be able to restrict full Read rights on a Fact Sheet with a Specific Tag.
Our recommended approach would be:
Try to solve your use case with the Permissions capability, it is not enough then include Custom roles and finally if you still need to solve a use case, you can start looking at Virtual Workspaces.
And on a general note, I recommend to keep the rights as simple as possible to encourage the collaboration. Be sure to have a look at our best practice.

Reply


Terms & ConditionsCookie settings