cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Showing results for 
Search instead for 
Did you mean: 

Community Tip - Did you get called away in the middle of writing a post? Don't worry you can find your unfinished post later in the Drafts section of your profile page. X

Product ACL Analysis

avillanueva
22-Sapphire II

Product ACL Analysis

Currently we have over 250 product areas. Goal is to have the ACLS to match from area to area. Its been a bit of a maintenance issue.  I wanted to share with you my solution and see if you have something better. Excel is my hammer so its first in my bad of tricks. Combined with a direct connection to a Query Builder report, I can setup data retrievals and canned analysis in an Excel workbook to make easier alignment of ACLs or spot the differences. Over the years, they have tended to meander. 

Here is the approach, I start with a report that pulls down ACLS data from all Product areas:

avillanueva_0-1683291244180.png

I can create a connection that pulls down the data on refresh. 

avillanueva_1-1683291330360.png

Through some use of keys and manipulation of the ACL data in columns to the right, I can get this summary. I copied all unique lines to another sheet, counted occurrences and marked if that ACL combination was good, bad or I was unsure. They, I can vlookup that ACL status back to the main sheet.

avillanueva_3-1683291484033.png

Finally, I put the data in a pivot table so I can see which product areas differ greatly from a standard.

avillanueva_4-1683291700990.png

When I need to make ACL changes across all areas, I would update the standard and make sure it was propagated to all areas. This report would be my check. I have a gap currently about missing ACLs but that can be spotted by looking at the total number. 

 

Let me know your thoughts. I will try to pack this up to share as soon as I can wipe out our data. 

 

 

ACCEPTED SOLUTION

Accepted Solutions
avillanueva
22-Sapphire II
(To:avillanueva)

Here is a sanitized version of this for your use.

 

View solution in original post

5 REPLIES 5

Thanks for sharing!

I started a similar endeavor on ACLs, but I've shelved it for now. My goal was to try to make kind of a simulator to see the effective permissions for a particular role in a particular context for a particular object type. It got very complicated 🙃 hence why I've shelved it for now.

 

Our typical data flow for automated reporting uses Data Monitors + a customization to output CSV files. A few jumps later the data gets to Google Sheets where it can be analyzed or used in dashboards. I wish there was a more out of the box solution for this.

 

What exactly are you validating? If all your ACLs were to match across all Contexts, you could just set them at the Organization level, right? For us, we have different types of Contexts with a different set of rules for each type. For those, we obviously want each type of Context to be consistent. We have only a handful of active Contexts though, so it's still manageable-ish.

 

250 product areas.. I know you can bulk add ACLs. What do you do if you want to remove an ACL..?

avillanueva
22-Sapphire II
(To:joe_morton)

Yes, you can bulk load them but the loader needs to specify the context, so I would have to script one load for each area. Then its gets complicated since the Product name is used. Certain names need to be escaped or they fail in linux command lines. There is no delete or modify existing ACLs, that is through the UI. You cannot use the Org level since you need to be able to call out Program Team role names which do not exist at the Org level. So they need to be Product level ACLs. 

To pull down an update from the report, I just click refresh and a login pops up.

avillanueva_0-1683308812489.png

 

avillanueva
22-Sapphire II
(To:avillanueva)

Here is a sanitized version of this for your use.

 

Hi @avillanueva 

 

Have you ever see inneo tool to download and upload acl tool?

I got it many years ago from one public source.

You can manage all ACLs by excel in the system.

I attached just manual as a example how it works.

 

PetrH

 

avillanueva
22-Sapphire II
(To:HelesicPetr)

Now I have. Thanks for this. I will check them out. 

Announcements


Top Tags