Skip to main content

At the moment, I’m struggling/obstructed to roll-out Guru to other departments because I cannot do it in a scalable way in order to protect sensitive information.

Currently, in my software collection, we have numerous folders and subfolders containing crucial resources such as installation guides, work instructions, and best practices across our software ecosystem. To ensure scalability, it is easier to grant reader access to the entire collection. However, there is a need to restrict certain cards or folders to specific reader groups or software team members. For instance, instructions on setting up a database connection with our ERP system should only be accessible to the relevant team members.

The challenge arises when granting readers access to the entire collection, as it becomes difficult to manage and organize information across multiple departments. As an example, within the HR collection, we want to provide employees with reader-level access to a wealth of knowledge while protecting sensitive information like job descriptions and related salary scales.

To address this, I suggest implementing more granular access controls within Guru. This would allow us to specify access permissions at the card or folder level, ensuring that only authorized individuals or groups can view certain sensitive information. By providing the right level of access to the right people, we can strike a balance between accessibility and data protection.

I believe implementing these access controls will greatly improve the usability and security of our knowledge base, enabling efficient collaboration while safeguarding sensitive information.

Thanks for the feedback, @Maarten Van der Straeten! I understand the issue you’re describing is a result of permissions in Guru being additive, meaning, you’ll find you can always grant more Groups permission to Collections and folders. Here’s a post that covers permissions examples in more detail (note: the screenshots are dated but the concepts are relevant): 

To use your example, I recommend testing creating a “Group 1” for all users and a “Group 2” for the members of HR leadership. Grant “Group 2” collection owner permission to the HR Collection. Then, “Group 2” can test using folder permissions to grant “Group 1” read only permission to the folder(s) within the Collection containing the information the general teammate should be privy to. “Group 1” will not be able to see the rest of the folders “Group 2” is privy to. This tactic to mange with Groups and permissions feels less disruptive than splitting up the folders across two different HR Collections, but of course that is an option, too.

Let us know if this raises any questions at all. Also, if other users reading this post want to share how they tackled a similar challenge with their team, we’d love to hear about it!

Hi Marie,

My inquiry is more focused on reader access. More levels of editing permissions is also something I’m waiting for: 

Maybe we can hop on a quick call to get more in detail on the article your shared because it’s something I discussed with our super helpful implementation strategist as well and because of our organizational context it’s not so obvious to set it up.

One idea was to create multiple collections to host our sensitive data but that would just blow up the collections and their maintenance.

  • Collection: HR Payroll
  • Collection: HR Recruitment
  • Collection: HR Management

An other idea was not to provide reader access to a collection by default, but rather split up your folder structure into public and private sections. I’m also not so found of this idea, because your adding complexity to your folder structure, but it was already better than to split it up into multiple collections.

  • Public folders & cards
    • Benefits
      • 401K Plan
      • Car Lease
    • Company
      • Events
  • Private folders & cards
    • Job profiles
      • Job A (containing sensitive info)
    • Interviews
    • Employee evaluations
The following idea has been merged into this idea:

All the votes have been transferred into this idea.
Terms & ConditionsCookie settings