More flexible default asset permissions

Setting up and managing default asset permissions for existing implementions is a nightmare for larger organisations.

If you have several custom security groups you need to go in and configure all the sharing for each individual asset type and for each individual group.

I understand why this is needed but to go through the interface step by step for a large implementation is tedious and error prone. To make matters worse you need to do it on sandbox and production.

There should be some additional basic features:

  • An API endpoint to manage the groups
  • The ability to make the mapping for default asset permissions in Excel or elsewhere and upload them
  • The ability to manage re-assignment of security on existing assets when you make changes to the groups months/years after implementation

If you drastically change your sharing model today it is a huge challenge to align old assets to the new model. Maybe the whole idea of using default asset permissions that get assigned on creation is outdated should be revised into a more dynamic model where you can make drastic changes later on.

18 votes

Active · Last Updated


  • Karen White-Oracle
    Karen White-Oracle CX Marketing Consulting Manager Posts: 16 Employee
    edited Feb 3, 2023 1:49PM

    I agree with this.

    I am working with an organisation who have decided to set Asset Level Security. They have 10 regional security groups, so we are creating 10 new security groups and update the Default Asset Permissions with the new security group, which is very time consuming. When creating the new groups they are automatically added to all existing assets! So they will need to go into every asset and delete the non-relevant security groups.

    I would like to see functionality whereby when creating a new security group you can:

    • select whether to add to existing assets permissions or not
    • select whether to add the new Security Group to all assets under Default Asset Permissions.