There are two versions of access rights in Pigment - current and legacy. This article explains the differences between the two versions and why you may want to consider upgrading from legacy to current access rights. 

Both security versions are fully supported by Pigment and there are no current plans to deprecate the legacy version. In the event we decide to deprecate the legacy version, don’t worry! We'll provide advance notice and clear guidance on next steps.

Which version am I working in?

There are two ways to check which version you’re working in:

1. In your Application, click the menu (…).
2. Go to the Roles, permissions & access page.
3. Do one of the following:

   • Click Roles, and then click + New Role. If you see Unspecified, then you’re working in the legacy version of access rights. Current access rights do not have Unspecified as an option.
      

     

     
      

   • Click Data access rights. If you see Version: Legacy, then you’re working in the legacy version of access rights. Current access rights do not display a version type.
      

     

     
      

What are the differences between current and legacy access rights?

Both versions are fully supported by Pigment, with no loss of functionality or security features. The differences between legacy and current access rights are outlined in the table below:

What are the benefits of migrating from legacy to current?

• Better performance. Since blank values in access rights Metrics are treated as restrictive in the current access settings, you have the flexibility to use blank instead of false to apply restrictions. This results in sparser Metrics and it may benefit model performance.
• Independent rule handling. Current access rights handle each access rights rule independently. This allows for multiple rules to be applied to a Block while preventing access rights formulas from timing out. 
• Improved transparency. By requiring default Read and Write settings for each Role, current access rights treat blank values in access rights Metrics as restrictive, that is, No Read or No Write. This adds an extra layer of control to your data access.
• Access rights on Snapshots. This feature enables you to be more autonomous in managing your Snapshots and access rights. It allows you to stay self-sufficient, especially if you’re required to set up large Snapshots at the start of each financial year.
  For more information, see Manage access rights and permissions in a Snapshot.
• Latest and upcoming Pigment features. Any new features relating to access rights in Pigment will only be available with current access rights.
• Long-term support. All upcoming Pigment documentation and training will be aligned with current access rights.

Why should I upgrade?

Upgrading offers several advantages, making it worthwhile to explore your options. However, there’s no urgency to upgrade at the moment, as we’re not planning to deprecate the legacy version at this time. In the event we do plan to deprecate the legacy version, we will inform you in advance with any steps required.

If you’re considering an upgrade from legacy to current version access rights, now might be a good time to review your existing access rights settings?

Here are a few factors worth considering:

• Access Rights on New Snapshots. Starting September 27th, 2024, current access rights allows you to edit access rights on new Snapshots. This allows you manage and modify permissions directly within the Security folder. By doing so, you can apply controlled updates to access rules without impacting other dependencies within the Application or triggering unnecessary data recalculations.
• Independent Handling of Access Rights Rules. You want to handle access rights rules independently. The current version allows for multiple rules to be applied to a Block while not leading to timeouts of access rights formulas.
• Previous Errors. You’ve previously encountered "maximum cardinality exceeded" or "timeout" errors when applying multiple access rights rules in your Application.
• Anticipating Growth in Members. You anticipate that your number of Members will grow significantly in the next few months and your access rights setup will need to grow accordingly.

To make the most of your Pigment experience, we recommend connecting with your Customer Success Manager to review your legacy access rights and discover the benefits of an upgrade.

How can I migrate to the new version?

Migrating to the new version of access rights requires a complete review of your Workspace's security model. Before upgrading to current access rights, a few essential preparatory steps are needed to ensure a smooth transition:

1. Review Roles. Check all the Roles within your Applications and ensure that no Role has read  or write permission set to Undefined.
2. Review Access Rights Metrics. Ensure that none of the cells in your access rights Metrics are blank. During the upgrade, any blank cells will automatically default to No Access. Additionally, review and adjust your formulas to ensure that they align with the intended access permissions.
3. Plan the Upgrade: When you're ready to proceed with the upgrade, the next step is to schedule your migration. Simply contact our Support team to request and coordinate the upgrade at a time that suits you best. During this process, we'll collaborate closely with you to rebuild the security model for your entire Workspace.

Upgrading from legacy to current access rights brings several benefits - why not speak with your CSM or log a support ticket today to find out more?