Skip to main content

Sensitive data

Marking content sensitive restricts who can see it, regardless of tier. Use it for payroll, board figures, or anything that should be on a need-to-know list rather than open to the whole organisation.

Who can see sensitive content

A sensitive item is visible to exactly three groups:

  • Owners (T8) -- always.
  • The item's creator or owner -- you never lose sight of your own work by marking it sensitive.
  • Anyone on the item's access list -- see below.

Everyone else simply does not see it: it is absent from the library, folder pages, sidebar counts and recents, and opening a direct link returns "not found" rather than confirming the item exists.

Marking content sensitive

Marking and unmarking require the Architect tier (T6) or above. For dashboards, use Mark sensitive in the item's menu in the library; the same menu shows Unmark sensitive on items already flagged. Datasets, suites and cards carry the same flag and the same read-time protection. Each change is recorded in the audit log.

Cards over a sensitive dataset

The protection follows the data, not just the page. When a dashboard renders a card whose dataset is sensitive, each viewer's access is checked at data-fetch time:

  • viewers with access see the card normally;
  • viewers without access see an access-required message in place of the card's data. The rest of the dashboard renders as usual.

This means a builder can safely place a restricted figure on a broadly shared dashboard: the layout is shared, the number is not.

Access lists

The access list (shares) is what opens a sensitive item to people beyond its owner. Open Share from the item's menu to manage it:

  • grant view or edit to a specific member, or to everyone in the organisation;
  • revoke an entry at any time -- the change applies immediately.

Shares can be granted by the item's owner or by an Architect (T6+). Anyone who can view that content type can see who is on the list, so access is never a mystery. Grants and revocations are recorded in the audit log.

Good to know

  • Sensitivity and certification are independent: an item can be certified and sensitive at the same time.
  • An access-list entry on a non-sensitive item is harmless -- it only takes effect if the item is later marked sensitive.
  • If someone needs standing access to more than a single item, consider a role change or an access request instead of long per-item lists.