Purpose

The purpose of this policy is to establish different levels of access within Smartsheet to ensure secure and effective management of projects while maintaining data integrity and access control.

Roles and Access Levels

The following roles are defined, each with specific access and permissions:

1. System Administrator

Access Level: Unrestricted

• Permissions:
  • Full access to all Smartsheet workspaces, sheets, reports, and dashboards
  • Manage and configure user accounts, including adding or removing users
  • Assign and modify permissions for all users
  • Configure security settings, including multi-factor authentication (MFA) and integration settings
  • Monitor activity logs and audit trails for security compliance
  • Create and manage global templates and automation rules
  • Manage API access and third-party integrations

2. Project Manager

Access Level: Manager

• Permissions:
  • Create and manage project-specific workspaces, sheets, reports, and dashboards
  • Assign and modify permissions for team members within their project scope
  • Edit and update project-related data, including tasks, schedules, and resources
  • Configure project-specific automation workflows
  • Share reports and dashboards with stakeholders as needed
  • View and track project-related activity logs

Access Control Measures

• Least Privilege Principle: Users should have the minimum level of access required for their responsibilities.
• Regular Audits: System and Security Administrators should periodically review user access.
• Role-Based Access Control (RBAC): Users should only be assigned roles aligned with their duties.
• Multi-Factor Authentication (MFA): Required for all System Administrators and strongly recommended for other roles
• Access Requests & Approvals: Any changes to access levels must be formally requested and approved by the appropriate administrator.

Conclusion

This policy ensures a secure and efficient working environment within Slack, protecting sensitive information while enabling collaboration. Any modifications to this policy must be approved by the System Administrator and reviewed periodically.