Understanding OKR permissions and privacy: not obvious parent-child logic!
Hi,
Wanted to share our experience and evolving understanding of OKR permissions and privacy to see if it matches with what others see and need.
Step 1 – Viva Goals provides a feature to make Objectives or Key Results “private” by setting the permissions to “Only selected people can view and align”. Given we have some Key Results that expose sensitive financial results, for those KR we set the permissions to just a limited set of people. This all feels good as a little “lock” appears beside the KR.
Step 2 – Some of those private KRs are grouped under a parent Objective that we also make “Private” as everything under the Objective is private. However, some of the private KRs are grouped under Objectives that also have KRs that are public, so those parent objectives are kept “public”.
Outcome: we assumed that all the KRs that we made private are indeed private. But to our surprise, this does not seem to be the case. When the private KR is child to a public Objective, then people who are NOT in the permission list can this see the KR and its result. Exactly what we wanted to avoid!
In the case of private KRs that are child to a private Objective, the general public can see the private Objective but they can not open it and see any of its child: which is good! (even though we thought they would not even see the private objective!).
So our conclusion is that to make KRs truly private they NEED to be grouped under a Private objective, not a public one. And it needs to be clear that this private Objective is actually visible to all. This is a relatively acceptable workaround once one is aware of it. However the User Interface of Viva Goals is deceptive in the way that it lets the KR creator think that its KR is private, when it actually is not.
Have others used the OKR privacy settings and see similar outcomes? Other experiences or recommendations on how to make sure private OKRs are truly private?
Hi,Wanted to share our experience and evolving understanding of OKR permissions and privacy to see if it matches with what others see and need.Step 1 – Viva Goals provides a feature to make Objectives or Key Results “private” by setting the permissions to “Only selected people can view and align”. Given we have some Key Results that expose sensitive financial results, for those KR we set the permissions to just a limited set of people. This all feels good as a little “lock” appears beside the KR.Step 2 – Some of those private KRs are grouped under a parent Objective that we also make “Private” as everything under the Objective is private. However, some of the private KRs are grouped under Objectives that also have KRs that are public, so those parent objectives are kept “public”.Outcome: we assumed that all the KRs that we made private are indeed private. But to our surprise, this does not seem to be the case. When the private KR is child to a public Objective, then people who are NOT in the permission list can this see the KR and its result. Exactly what we wanted to avoid!In the case of private KRs that are child to a private Objective, the general public can see the private Objective but they can not open it and see any of its child: which is good! (even though we thought they would not even see the private objective!).So our conclusion is that to make KRs truly private they NEED to be grouped under a Private objective, not a public one. And it needs to be clear that this private Objective is actually visible to all. This is a relatively acceptable workaround once one is aware of it. However the User Interface of Viva Goals is deceptive in the way that it lets the KR creator think that its KR is private, when it actually is not.Have others used the OKR privacy settings and see similar outcomes? Other experiences or recommendations on how to make sure private OKRs are truly private? Read More
