Configurable Editor rights at user level

Hi Smartsheeters

Has there ever been a request for configurable Editor rights at user level?

At present, (non Admin) users are either Editors with read/write access to the whole sheet, or just Viewers (read only). Beyond that, the only extra configuration of editing rights is to lock columns or rows to prevent all Editors accessing these.

"Configurable Editor rights at user level" would mean: the ability to lock selected columns / rows for Editor X, but still allow access for Editor Y without making them an Admin.

Has this ever been requested / debated? If not, any views on the usefulness of this functionality? I have repeatedly wished it existed, anyone else feel the same?

Find more posts tagged with

Account and User Management

Comments

J. Craig Williams

Non-Smartsheet employee here. Long time user.

I am opposed to multiple different ways to configure access. By which I mean too many*.

However, having worked in Unix and Linux environments were everything** can be locked or configured, what I have seen is that everyone ends up being a user with admin privileges, knowing the admin password "just for this one case" and then conveniently forgetting that it was only supposed to be one case, or using sudo for nearly everything**

I understand the need. I hate when I don't the privilege to do something that is clearly in my job description, but given a responsive IT / help desk / user support system I would rather err on the side of caution and security.

I've seen too many** cases of someone with the adequate knowledge given too many privileges and screwing up the system for a week.

A thousand locks, but only one key.

Ick.

*Too many, of course, is subjective.

**Everything is likely an exaggerration, but not by much.

***Too many in this case means three that I can recall.

//end rant//

Craig

Shaine Greenwood

Hi Spencer,

I've gotten your vote on our enhancement request list for more of a feature-by-feature way to provide permissions for users in Smartsheet.

Spencer Marlow

Shaine - many thanks and much appreciated. Here are a few additional notes in an extra comment below as to how I would see this working.

Craig - appreciate your perspective and understand your central concern of building a system that is so complex in it's multiple access configurations, that admins end up granting users "temporary" admin rights, which are then forgotten, creating big security breaches. I'd welcome your feedback on these additional notes below - do you see that the proposed approach would indeed create the security issues you envisage?

The owner of the sheet, and any admin rights users, would have access to a "Access Rights" tab at the bottom of the sheet.

The owner/admins would be able to create "access groups" (Group A, Group B, Group C etc) and assign all sheet users to any number of these groups (imagine a simple checkbox matrix with the users listed on the rows, and the groups listed as columns). There may be a limit, say, 10 Groups.

The owner/admins then configure access rules for each group, using Rules syntax builder exactly like that used for Conditional Formatting:

If user belongs to <Group Name> then <is / is not> able to <perform action>

AND, OR statements will work

In the event of a conflict of rules between groups (ie user X is allowed to perform action Y in group A, but blocked in group then the interdiction will always apply

Same principle for confict of rules within a group.

Groups can be renamed from Group A,B,C... to a more self descriptive title.

Access right configurations can only be copied from one sheet to another, by copying the entiere sheet ("saving as new"). Owners / admins have the ability to automatically apply changes to the user access rights in one sheet, across all "related" sheet

J. Craig Williams

Spencer,

Thanks for your understanding.

Groups already exist. Are you proposing to leverage those groups or create a new set of groups?

Suppose there are five groups:

Project Managers

Supervisors

Engineers

Admin Support

Financial / HR

Sally is in the PM, Supervisors, and Engineers group.

PM's can edit certain items. Supervisors others - some of which overlap, and Engineers can edit other items - some of which overlap with PM's but not Supervisors.

Are these 'certain items' done on the column level or the sheet level?

Are there different kinds of locks on columns?

Are the user levels done by groups? Is Sally an Admin in Workspace A because she is Sally or because she is a PM or because she is a Supervisor?

It really sounds like a nightmare to control and I don't see a significant minority embracing the complexity.

Maybe I haven't had enough coffee this morning.

Craig