There’s no actual “public/private” property on a task object. From a data model standpoint, a public task is simply a task that is not assigned to any projects or teams, and thus is accessible to the entire organization. If you just create a task and don’t assign it to any projects, by definition it’ll be a public task.
You can see a little more about this topic here:
(FYI I moved your post to the “Developers & API” forum section since, while I know it mentions Zapier, it’s more of an API question.)
I looked at this some more and actually I’m unsure about it now. In the Asana UI, there is that “Make public” button (well, link) at the top of tasks. I played with changing that for a task that’s attached to a project and I can’t find any difference in the task’s underlying data when it’s toggled public or private.
There is an internal flag that is set when you click “Make public to…” in the UI. However, the API does not (and will not) expose what this flag is set to or let apps set it themselves. Visibility and access control is a complicated piece of our product, and exposing the wrong kind of information can be extremely misleading.
For example, if you see a task in the API that says the task has not been made public, and you are the only collaborator, you might assume that the task is private to you, but that’s not always correct. The task could have a parent task that you cannot see, and anyone who can see the parent task can see your task. The task could also have been multi-homed into a private project, and so all members of that project can see your task. This misinformation is a larger security risk than no information at all, which is why we do not expose this in the API.
If you want your app to create tasks that are visible to a particular team or workspace, I would recommend creating a public project in Asana, and then adding your tasks to that project so they inherit the project’s public visibility.
Hi @Joe_Trollo, we are looking for a way using the API to get a list of users that can edit or access a given task ID. Is there a simple way of handling this or will we have to use multiple API calls to check lists of projects, parent tasks, collaborator lists, etc… to build a proper list.
Without the ability to see the Private/Public flag for a task, is it even viable to build a complete list of users that has access or can edit?
Hi @cscarola, because of the complex and numerous access control rules, it is not possible to determine an exact list of users that can modify a task, even if you did make all those API calls. Even a “public vs. private” flag would not accurately convey who can modify a task, as a task could be publicly visible but be in a comment-only project and therefore is not editable to all users.