Overview

The Restricted Access feature strengthens security and protects data in projects shared across Business Units (BUs). With this feature, users from shared BUs only get limited access. They can perform assigned actions but do not get full project access based on their role.

Previously, sharing a project across BUs gave invited users full access based on their role. This led to security risks:

• Users could edit or delete sections beyond their assigned scope.
• Admins and Managers could take over the project.
• Subject Matter Experts (SMEs) could unintentionally perform administrative actions.

Sharing Levels

Complete Access for Primary and Secondary BUs

A user with an Admin role assigned to both the Primary Business Unit (PBU) and Secondary Business Unit (SBU) will have complete access to projects from both BUs. This is expected behavior as the user has explicit access to both BUs.

Unintended Access to Shared Projects

A user with an Admin role assigned to only the Primary Business Unit (PBU) can gain unintended full access to a project or module from the Shared Business Unit (SBU). This is a security risk as the user inherits full access based on their role.

Restricted Access

Restricted Access applies only when users gain project access through Module Level Sharing (project sharing), not through User Level Sharing (direct BU sharing).

Enabling Restricted Access will prevent the user from gaining full control over the module. The user will only be able to view and respond to assigned questions.

Example

Restricted Access limits users from shared BUs to:

• Viewing assigned questions.
• Responding to assigned questions.
• Reviewing assigned questions (if added as reviewers).

They cannot:

• Access the entire project.
• Modify project structure.
• Assign authors.
• Delete or export the project.

Configuration Options

Contact your Customer Success Team, or customersuccess@responsive.io, to enable this feature.