In the Access and Permissions article, you would've understood the accountability and permissions that can be granted, and how permissions provide access control and privacy! Here, let us see how access and permissions work at a granular level in plans!
A plan can either be set as a
- public plan, i.e., setting up either "can edit" or "can view" for all the members of the workspace.
- or, private plan, i.e., setting up "no access" to the plan to maintain absolute privacy. For example, the plan has sensitive company information that you don’t want everyone to get access to but you still want to align the plan with the greater corporate objective on Cascade, or has confidential initiatives that need the highest level of privacy such as restructuring, cost-cutting and merge and acquisitions. This is available only in Essentials and Enterprise+ tiers!
By default, when a plan is created, it is set up as a "public" plan i.e., it has an "can edit" access to all members of a workspace. Now, you can still invite users to share this public plan to "increase engagement". But maintaining the privacy of a plan has its own benefits:
- provides the visibility on how individual’s goal would drive the Team’s outcome (performance management),
- building a plan from scratch, and collect feedback before publishing it,
- remove noise and clutter by enabling only the admins, owners, and collaborators to have visibility and control.
And to make a plan private, you have to just enable no access from the permissions drop-down. This plan will then not be available to anyone even for viewing in that workspace. However, an admin, owners and collaborators of the plan, will inherit the view and edit access, by default!
If you wish to share your private plan, then you can invite those people or teams by typing in their names or mail addresses, or type the name of the teams, and click Share. These people and the team members will then have access to this private plan!
Apart from this high-level access, you can enable access permissions at a user level too. Except for those with admin privileges, you can restrict the permissions of the owners and collaborators on a plan from the Share modal.
- When you set everybody in the workspace to have view or no access, then expand the Owners and collaborators section, assign can edit access to if you wish them to edit both the plan and the goals they own or assign them can view access if you wish them to just edit their goals and not the other parts of the plan!
- Even if you're an owner or collaborator of an objective, you'll not be able to edit its success criteria (measures, actions or projects) when you've can view access assigned!
- When the owners or collaborators are assigned after the plan access is set to can view, then they'll automatically inherit only view access to the plan. However, they'll be able to edit the goals they work on!
Click Share against the plan name to share the plan with the teams and users in your workspace. Type their email addresses, give view-edit access, and click Share. They'll receive a notification (if enabled) that a plan is shared with them. Irrespective of whatever access you assign the Admin and Viewer, they'll automatically inherit the edit access in case of admins, and view access in the case of viewers! You can revoke someone's access at any time, by clicking remove from the dropdown against their name from this window!
When access is given at a team level (see Team Permissions), then
- all the members of that team inherit the default view or edit access that you assign the team,
- if the team has a can view access, but the team members own or collaborate on goals, then they'll still be able to edit the goals they work on!
- within a team, viewers get default view access, while admins get default edit access,
- a team assigned to a plan at the time of its creation will automatically inherit view access,
- a team member once removed from that team, will no longer the access that's assigned to the team. However, if the team member owns or collaborates on a goal in the plan or given exclusive view/edit access, then they'll still retain that access to the plan, irrespective of they being removed from the team!
What happens when a plan is set "private"?
If you do not have access to a private plan, then
- the plan is hidden in the All plans, and the Alignment pages.
- the objectives, measures, projects and actions in that plan are hidden. You'll not be able to find the objectives of a private plan in the Objectives library, if you try to link or share objectives!
- the search will not fetch results for entities in a private plan.
- the updates made on the objectives, measures, projects, and actions are hidden in the Home page. However, if someone tags or mentions a person who do not have access to this plan, they'll be notified but the update will be hidden!
- the widgets and report tables are exposed if the dashboard and report are "public", however, you'll not be able to see the details when you click into them to view from their Sidebar. And, when you try to edit the widget or report, you'll not be able to select the private entities from the data source.
- if there's an objective from a private plan that is contributing to a public plan, you'll not be able to see them from the Planner page. However, if you edit that objective from the Sidebar, you'll see a message "This objective contains some private contributing objectives" under the Contributes to area.
- focus areas are available in search as well as in the focus area library, and in the All focus areas and Explorer pages. However, from the Focus area Sidebar, or when you look at the dedicated Focus area page, the plans and the objectives will be hidden!
How do I know if a plan is private?
You'll see a privacy indicator/label across the plan name in the Access column in All plans page, below the Plan name in the Planner and Alignment pages.
If the parent plan is set to private and you do not have access to it, then you'll see the child plans unaligned in the Alignment page and in the Parent plan column, you'll see Private plan instead of the parent plan name.
Can I change the plan owner?
- If a plan is assigned to a team, and you change the team owner, then they'll automatically inherit the plan ownership.
- If there is no team assigned to a plan, then the plan owner would be the one who created it and you'll not be able to change them!
If a private plan is assigned to a team, will the team members automatically inherit edit access even if they're not owners or collaborators in the plan?
The team members will automatically inherit view access to the plan! You need to manually give them edit access from the Share modal.
What do collaborators do?
Like the name suggests, they collaborate on the goals, i.e., add or edit goals, add the existing users in the workspace to the goals, change owners, due dates and targets, add risks and relationships and so on. However, if you wish to restrict their access only to the goals that they collaborate on, then you can assign them can view access from the Share modal.
Can a Viewer be assigned ownership of a goal?
Yes! You can assign viewers as owners to goals. But remember that, only the admins or those with edit access on that goal can make progress updates or edit the goal (due dates, tracking, etc.,). The viewer as an owner of the goal can just review them and leave comments!
If an owner or collaborator is removed from a private plan, will the access permissions be retained?
Yes, they'll still retain their original access to the plan. You can revoke it by clicking remove against their name in the share modal.
Can we restrict permissions at a goal level so that the user cannot edit the plans in which they belong! i.e., if we do not want them to update anything except the goals they work on, and at the same time do not want to change their role as “viewer”?
Yes, you can restrict permissions at a goal level too!
- Set everyone in the workspace to have can view or no access, i.e., making the plan viewable or private.
- Expand the Owners and collaborators section, assign can view access against those users whom you wish to restrict permissions at their goal level.
While they'll still be able to view the plans and its components, they'll be able to edit only the goals they own or collaborate. Even if they own or collaborate on an objective, they'll not be able to edit its success criteria (measures, actions or projects)!
Can a viewer be granted edit permissions? What happens if they're assigned as owner or collaborator in a plan?
Yes, but the permission will default to "can view"! If they're assigned as owner or collaborator, they would get added to the share modal with a "can view" access!
I'm drafting an early version, and do not want it to be available to a wider audience. However, I want a few of them to weigh in and give feedback alone!
You can set the plan as private, i.e., "no access" to everyone in the workspace, and give "can view" access to the relevant people from the Share modal. Those who have "view access" can weigh in on your plan!
Can we restrict access and permissions to certain parts of the plan?
No, granular level of access is not supported. Access control is applied to a plan as a whole and cannot be restricted to certain elements of it! If you do not wish to expose some objectives, then we suggest to break down the plan, and move those objectives to a separate plan, and make it accessible to a smaller group!
Can we lock down some fields in the sidebar so that only particular users can edit the locked fields?
Not at this point! In this case, you can give "can view" access to those people instead of "can edit" so that they do not have permission to edit these fields!
What happens when someone who is not an owner or collaborator of a private plan is tagged in the updates or comments made in the plan? Will they automatically inherit edit access?
No! If they're tagged in an update, then they'll receive a notification that someone has mentioned them in an update. However, the update will be hidden when clicking on the notification! Also, it'll be hidden from their home page as well!
In case of being mentioned in a comment, there'll be no notifications and this information is completely hidden!
During the free trial period, I had set permissions to certain plans. What happens once the free trial is over?
Once the trial is over, none of these permissions are changed!
For example, you've set the "Company Strategy" plan to "no access" during trial. After the trial, in case, you've not upgraded, then the plan will still retain its privacy. And, you cannot change its access to public, nor can you provide anyone else view/edit access, since permission is behind paywall! Only the admins, owners, and collaborators who've overriding permissions will still have access to this plan.
Also, if you had enabled view/edit permissions to anyone else who is not an Admin, before the trial ended, they'll also retain those view/edit permissions!
What happens if a private objective is contributing to a public objective or shared with a public plan?
For users who do not have access to the private plan where this objective sits, they'll not be able to see the contributing objective in their plan. However, when they try to edit their objective from its Sidebar, they'll see a message - "This objective contains some private contributing objectives"!
Can I export the plan or share them externally?
Not at this point! You can neither export nor share it with anyone outside your workspace!
What happens to Updates when a plan is converted to private or when an objective in which the update was made is moved to private plan?
All the updates created before the release of private plans will still be visible even if a plan is converted to private. All subsequent updates made after the plan is set as private will be hidden (includes new updates from an existing plan after it is converted to private).
If an objective is moved from a public plan to a private plan, all the previous updates will remain public, users will have to manually delete them to avoid the wider organization seeing that. All the new updates created after the objective becomes private will be hidden for those who do not have access to this private plan.
What happens when a dashboard or report has data from a private plan?
Private data on dashboards or reports will be visible to all users who have view/edit access to the dashboard or report. If a user doesn’t have access to the private plan, they won’t be able to select it as the data source in the widget or table. Also, when they try to access the context from the Sidebar of the objectives, measures, projects or actions, they'll not be able to see those!
But for a user who has access to the private plan, we want to let the user decide if they want to share the data publicly. We provide the context via a banner on dashboard or report and planner to inform the users so they can convert the dashboard or report to private if they want to keep the information confidential.
I want most of the plans in my workspace to be private. Is this possible?
Yes, you can make any number of plans private. But one of the key values that we provide is transparency and collaboration across the organization. So, for some reason (highly sensitive or confidential, or because of internal competition), if you wish to keep many plans private, then we recommend you to create a separate workspace and move those plans there! This can reduce the complexity and confusion around access control but also can provide transparency to the users in the same organization at the greatest extend. Also, restrict the number of "Admins" in that workspace since they've overriding access permissions! Please note that we don’t support aggregated reporting for multiple workspace for now.
I'm an Admin, and am still not able to grant anyone access. My free trial period just got over!
Permissions are behind paywalls! Even if you're an admin, and if the free trial is over, you'll not enjoy those benefits of a premium tier! Please upgrade to premium or enterprise tier to experience Cascade to its fullest!
A user was removed from the team but I can still see that they hold edit access to the plan!
Check if they own or collaborate on a goal in that plan, If yes, then their access will not be revoked when they're not part of the team and you need to manually change their access from the Share modal.