User Policy Access Management
Written by Michelle Henley
Updated at November 20th, 2025
Table of Contents
This powerful enhancement gives organizations granular control over user access and data visibility. Employees will seamlessly interact with only the requests, dashboards, and data relevant to their roles, enhancing security, compliance, and operational efficiency.
How to Access Policy Management
Go to Admin → Access Management, then click on the Policy Management tile. (Tile is available only to admins with the Manage Access Policies privilege)
Creating A Policy
Step 1: Click Create Policy.
Step 2: Enter a Policy Name and Policy Description to define the policy's purpose.
Next, you’ll see two key fields related to the policy’s status:
Policy Status:
This displays the current state of the policy. When creating a new policy, this will show as "New" by default.
| Status | Indicator | Description |
|---|---|---|
| New | White | The policy has just been created and not yet saved. No rules or settings have been applied. When creating a new policy, this will show as "New" by default. |
| Draft | Light Blue | The policy has been saved but is still being configured. It’s not yet active. |
| Active | Green | The policy is fully configured and actively enforced based on its defined rules. |
| Inactive | Black | The policy has been deactivated. It exists in the system but does not currently apply to any users. |
Inactive / Active Toggle:
Use this toggle to control whether the policy is currently active.
Setting A Rule Set Type & Privilege Type
Step 3: Click the dropdown under Rule Set Type and choose one of the following options:
- Insights
- Requests Product
Step 4: The options available in the Privilege Type dropdown will depend on the Rule Set Type you selected:
If you selected Insights:
- View Insights – Controls which data a user can access within the Insights.
- Access Reporting Insights – Controls which dashboards a user is allowed to view within Insights.
If you selected Requests Product:
- View All Requests – Limits the data visible in the "View All Requests" table.
- Request Tiles – Determines which request type(s)s a user is allowed to submit from the Gateway.
⚠️ You must select at least one Rule Set Type and one Privilege Type, or the system will display an error message.
📌 Note: You can add multiple Rule Set + Privilege Type pairs by clicking the ➕ (Add) icon. To remove a rule, click the ➖ (Remove) icon.
Adding Conditions
Add Conditions to define when the selected Rule Set and Privilege Type should apply. Conditions allow you to restrict access based on request attributes or user context.
📌 For example: In this example, we’ll restrict access so that a user can only view Reporting Insights for Conflict of Interest (COI) requests submitted from Canada.
Step 5: Rule Set Type = Insights
Step 6: Privilege Type = View Insights
Step 7: Click Add Condition.
Step 8: Set the first condition to Request Submitter Country → is → Canada.
Step 9: Click Add Condition again to create a second row.
Step 10: Set the first condition to Request Type→ is → Disclose a Potential Conflict of Interest.
The settings should look like this:
The User’s Value checkbox allows you to create a single rule that dynamically applies to each user based on their own attribute (such as country, function, sub-function, business area, division, or company) from master data.
Attributes listed above are based on the submitter’s HR information at the time the request was last submitted or reassigned to a new submitter.
| ✅ If "User’s Value" is Checked | ❌ If "User’s Value" is Not Checked |
Example:
One rule works for everyone based on their personal data. |
Example:
You’ll need to create separate rules for each country or region. |
Note: If you select both a specific value (e.g., Canada) and check “User’s Value,” the rule includes both conditions.
Adding Additional Conditions (Optional):
Optional: Repeat this process for each Rule Set section where you'd like the restriction to apply—such as both Insights and Request Products.
📌 For example, you can add a secondary rule to restrict View All Requests so a user can only see Conflict of Interest (COI) requests where the submitter's country is Canada.
Step 11: Click Add Rule Set
Repeat Step 5: Rule Set Type = Request Products
Repeat Step 6: Privilege Type = View All Requests
Repeat Step 7: Click Add Condition.
Repeat Step 8: Set the first condition to Request Submitter Country → is → Canada.
Repeat Step 9: Click Add Condition again to create a second row.
Repeat Step 10: Set the first condition to Request Type→ is → Disclose a Potential Conflict of Interest.
The second rule should look like this:
Submit Policy
Step 11: To save your policy, click Submit Policy in the top right corner.
🔔 Reminder: To make your policy live, ensure the Active/Inactive toggle is set to Active before submitting.
Assigning Users to the Policy
Step 12: After submitting the policy—even as a draft—the Users tab will appear. From here, you can search for and manually select the users who should be assigned to this policy.
- Use the search bar in the top right to search by user name or user email.
📌 Currently, it is possible to save a policy without assigning users, but this behavior may be changed in the future to require at least one user be assigned.
Note: Policies cannot be automatically assigned to user groups (e.g., all users in the Finance department). Admins must manually add any users who should be assigned the policy.
Step 13: Once all users have been selected, click Save User Assignment(s).
See related links: