Data Separation for Planning Items

phil_bool_unifi
Tera Guru
Tera Guru

Hey SPM Community, 

I was a bit surprised to find that, whilst the Data Separation plugin hides Projects and Demands successfully, the Planning Items created from those Projects and Demands are not hidden by the same engine.  I recognise the Planning Item table isn't covered in the list of captured tables, but since this service requires a lens to work (only introduced when using Portfolio Planning / Strategic Planning) I'd expected this to be included.

I'm now looking at two possible approaches, and I'd like your feedback or suggestions:  

Firstly, can we extend the existing Data Separation functionality to Planning Items?  Has anyone tried this?  My first, quick exploration into this suggested you can't create custom ACL's on the Planning Item table, so even if we added the Planning Items table as a supported table, and extended the script to run the same checks using the equivalent fields on planning items, this wouldn't be a complete or effective solution.  Has anyone got an approach that works for this?  

Secondly, although less desirable, my fallback approach is to prevent Data Separated items from creating planning items.  That should be possible by updating the Planning Item Integration to ignore records that don't have the 'group for non data separated entities' in the 'data separated groups' field.  However, there's the possibility a project or demand will be added to a secure portfolio after creation, so I need to use a Flow or Business Rule to check if this value changes on a project/demand that has already had a planning item created, and if so, delete the Planning Item.  This doesn't seem like rocket-science, but feels scruffy.  Has anyone tried this, or anything similar?  Any experiences to share would be appreciated.

1 ACCEPTED SOLUTION

phil_bool_unifi
Tera Guru
Tera Guru

Okay, if anyone is reading this in the future, I've heard from Hi today that Data Separation is not getting any more enhancements, and is deprecated from Yokohama.

If anyone has any insight into how 'marking projects as confidential' will be possible in Yokohama, please add a reply here or message me!


Hi said: 
As per our discussion over call with our internal team, we got to know that
1. SPM Data separation will not be getting any more enhancements. We are planning to deprecate in Yokohama time frame.
2. There are enhancements coming to ACLs and Data filters which will help make it easier to implement data separation use cases. Some enhancements are available with Xanadu and a few more will be coming in Yokohama and Zurich.
3. We are collecting use cases and intend to publish recommendations and how-to guides for commonly observed data separation scenarios.
4. We are working on adding the ability to mark projects as confidential. This functionality will tentatively be available in Yokohama.
We are not supporting this app further and there will be platform solution in Y that you can leverage to implement data security.

View solution in original post

7 REPLIES 7

Thanks Joseph.  It actually uses groups to control access - the only roles needed are the standard project manager / demand manager roles.  However, this is all moot, because the product is now deprecated, so it looks like you made the right call.

phil_bool_unifi
Tera Guru
Tera Guru

Okay, if anyone is reading this in the future, I've heard from Hi today that Data Separation is not getting any more enhancements, and is deprecated from Yokohama.

If anyone has any insight into how 'marking projects as confidential' will be possible in Yokohama, please add a reply here or message me!


Hi said: 
As per our discussion over call with our internal team, we got to know that
1. SPM Data separation will not be getting any more enhancements. We are planning to deprecate in Yokohama time frame.
2. There are enhancements coming to ACLs and Data filters which will help make it easier to implement data separation use cases. Some enhancements are available with Xanadu and a few more will be coming in Yokohama and Zurich.
3. We are collecting use cases and intend to publish recommendations and how-to guides for commonly observed data separation scenarios.
4. We are working on adding the ability to mark projects as confidential. This functionality will tentatively be available in Yokohama.
We are not supporting this app further and there will be platform solution in Y that you can leverage to implement data security.

Hi, I would be happy to talk to you in detail about "Project Confidentiality". Please feel free to reach out to me via email: kartiknitin.dasani@servicenow.com