Welcome to the Smartsheet Forum Archives


The posts in this forum are no longer monitored for accuracy and their content may no longer be current. If there's a discussion here that interests you and you'd like to find (or create) a more current version, please Visit the Current Forums.

Configurable Editor rights at user level

Options

Hi Smartsheeters

 

Has there ever been a request for configurable Editor rights at user level

 

At present, (non Admin) users are either Editors with read/write access to the whole sheet, or just Viewers (read only). Beyond that, the only extra configuration of editing rights is to lock columns or rows to prevent all Editors accessing these.

 

"Configurable Editor rights at user level" would mean: the ability to lock selected columns / rows for Editor X, but still allow access for Editor Y without making them an Admin.

 

Has this ever been requested / debated? If not, any views on the usefulness of this functionality? I have repeatedly wished it existed, anyone else feel the same?

 

Comments

  • J. Craig Williams
    J. Craig Williams ✭✭✭✭✭✭
    Options

    Non-Smartsheet employee here. Long time user.

     

    I am opposed to multiple different ways to configure access. By which I mean too many*. 

     

    However, having worked in Unix and Linux environments were everything** can be locked or configured, what I have seen is that everyone ends up being a user with admin privileges, knowing the admin password "just for this one case" and then conveniently forgetting that it was only supposed to be one case, or using sudo for nearly everything**

     

    I understand the need. I hate when I don't the privilege to do something that is clearly in my job description, but given a responsive IT / help desk / user support system I would rather err on the side of caution and security.

    I've seen too many** cases of someone with the adequate knowledge given too many privileges and screwing up the system for a week.

     

    A thousand locks, but only one key.

    Ick.

     

    *Too many, of course, is subjective.

    **Everything is likely an exaggerration, but not by much.

    ***Too many in this case means three that I can recall.

     

    //end rant//

     

    Craig

     

     

     

  • Shaine Greenwood
    Options

    Hi Spencer,

     

    I've gotten your vote on our enhancement request list for more of a feature-by-feature way to provide permissions for users in Smartsheet. 

  • Spencer Marlow
    edited 12/18/16
    Options

    Shaine - many thanks and much appreciated. Here are a few additional notes in an extra comment below as to how I would see this working.

     

    Craig - appreciate your perspective and understand your central concern of building a system that is so complex in it's multiple access configurations, that admins end up granting users "temporary" admin rights, which are then forgotten, creating big security breaches. I'd welcome your feedback on these additional notes below - do you see that the proposed approach would indeed create the security issues you envisage?

     

    The owner of the sheet, and any admin rights users, would have access to a "Access Rights" tab at the bottom of the sheet.

     

    The owner/admins would be able to create "access groups" (Group A, Group B, Group C etc) and assign all sheet users to any number of these groups (imagine a simple checkbox matrix with the users listed on the rows, and the groups listed as columns). There may be a limit, say, 10 Groups.

     

    The owner/admins then configure access rules for each group, using Rules syntax builder exactly like that used for Conditional Formatting:

     

    If user belongs to <Group Name> then <is / is not> able to <perform action>

     

    AND, OR statements will work

    In the event of a conflict of rules between groups (ie user X is allowed to perform action Y  in group A, but blocked in group B) then the interdiction will always apply 

    Same principle for confict of rules within a group.

     

    Groups can be renamed from Group A,B,C... to a more self descriptive title.

     

    Access right configurations can only be copied from one sheet to another, by copying the entiere sheet ("saving as new"). Owners / admins have the ability to automatically apply changes to the user access rights in one sheet, across all "related" sheet

     

     

  • J. Craig Williams
    J. Craig Williams ✭✭✭✭✭✭
    Options

    Spencer,

     

    Thanks for your understanding.

     

    Groups already exist. Are you proposing to leverage those groups or create a new set of groups?

     

    Suppose there are five groups:

    Project Managers

    Supervisors

    Engineers

    Admin Support

    Financial / HR

     

    Sally is in the PM, Supervisors, and Engineers group.

    PM's can edit certain items. Supervisors others - some of which overlap, and Engineers can edit other items - some of which overlap with PM's but not Supervisors.

     

    Are these 'certain items' done on the column level or the sheet level?

    Are there different kinds of locks on columns?

     

    Are the user levels done by groups? Is Sally an Admin in Workspace A because she is Sally or because she is a PM or because she is a Supervisor?

     

    It really sounds like a nightmare to control and I don't see a significant minority embracing the complexity.

     

    Maybe I haven't had enough coffee this morning.

     

    Craig

     

     

     

     

This discussion has been closed.