What you will achieve
By the end of this tutorial you will understand how Risksheet is configured, recognise the three configuration files involved, locate the sheet configuration on a Polarion LiveDoc, and make a small, safe change using the built-in YAML configuration editor. You will leave with a mental model of what belongs in each file and where to go next for deeper customization.Prerequisites
- Risksheet is installed on your Siemens Polarion ALM instance (see Installation)
- You are familiar with the grid and toolbar (see Understanding the Interface)
- You have administrator permissions on the Polarion project
The three configuration files
A risksheet is shaped by three distinct configuration files. Each lives as an attachment on the Polarion LiveDoc (or on a template document) and each addresses a different concern.
This separation matters for regulated industries (ISO 26262 automotive, ISO 14971 medical, IEC 61508 industrial, ISO/SAE 21434 cybersecurity). The sheet configuration is a declarative, auditable artifact that describes both WHAT the grid shows and HOW its values are calculated and styled: formulas, conditional formatting (cell decorators), and styles all live in the sheet configuration. The top panel template covers only the content of the information panel above the grid, and export presentation lives in its own template. Each layer can be reviewed, validated, and changed independently.
Where the configuration lives — Polarion vs. Risksheet
A common point of confusion is what is configured in Polarion itself and what is configured in the sheet configuration. The boundary is simple:
Severity, occurrence, detection scales and any other rating dropdown live in Administration > Enumerations in Polarion. A custom field on the work item is bound to one of these enumerations. The sheet configuration then references the field through a column entry, and the server loads the enum values automatically.
Risksheet does not have its own database. Every value you enter in the grid is a Polarion work item field. Permissions, versioning, audit history, and traceability are all provided by Polarion. Risksheet is the visual surface that organises and edits this data.
1
Open the sheet configuration
- Open your risksheet document in Polarion.
- From the toolbar, choose Menu > Configuration > Edit Risksheet Configuration.
- The configuration editor opens in a new browser tab.
2
Read the top-level sections
Scroll through the YAML. A real, working sheet configuration is made up of these top-level sections:
A section the engine does not recognise is simply ignored. (Beyond the core sections above, a few optional root-level keys also exist — such as a root
readonly flag — and the server injects read-only runtime fields, described in What to leave alone below.) If you came across older guides mentioning a top-level ratings, enums, or relations block, treat them as outdated: rating scales and enumerations live in Polarion, not in the sheet configuration.3
Confirm the data types
The The
dataTypes section names the two Polarion work item types the risksheet operates on. Locate it and confirm both entries look broadly like this:risk entry is the main row work item; the task entry is the downstream linked item (mitigations, safety requirements, controls). The name shown in the toolbar, the link role, and the zoomColumn used for navigation should all reflect your project’s vocabulary.risk and task are just keys. The underlying work item types can be anything in your project — requirements and test cases, hazards and controls, threats and countermeasures. Risksheet works as a generic two-entity traceability grid.4
Make a small, safe change
A good first edit is renaming a column header. Find a column in the Save. The configuration editor validates the YAML. If validation passes, return to the risksheet document and use the Refresh button in the risksheet toolbar (or reload the document) — the new header appears in the grid.
columns list and change only its header text:5
Recognise the styling pipeline
Highlighting RPN cells in green, amber, or red is a three-part collaboration inside the sheet configuration:
- A formula computes a value (for example RPN = severity x occurrence x detection).
- A cell decorator inspects the value and toggles a CSS class on the cell.
- A style defines what that CSS class looks like.
These thresholds are deployment-specific. Adjust them to match the risk acceptance criteria of your project or standard.
Style values must be wrapped in
{ ... } braces, as shown above. Without the braces the engine cannot parse them and the cell remains unstyled.What to leave alone
A few properties you may see in real configurations are managed by the server at runtime. Do not set them by hand — they are informational only:canAdmin— whether the current user has admin rightsreviewer— whether the current user is in reviewer modesource— path to the configuration source (document or template)templateName— name of the template the configuration was loaded from
Next steps
- Tour each section of the sheet configuration in Configuration Reference
- Learn about column types and calculations in Column Types and Formulas
- Apply visual hierarchy through cell merging in Risk Management Guides
- Customise styling for risk levels in Styling and Formatting
- Build saved column presets for staged workflows in Configuration Management
- Manage templates and inheritance in Templates
- See full working examples in Configuration Examples