Asana User Permissions

@Alexis I was thinking about this and have a great, easy, simple solution for your user permissioning changes, that I think would suit almost everybody who has replied in this thread. Firstly my suggestion doesn’t need to involve changes to members or guests functionality, only projects and tasks.

So in project actions and task actions a new section is added called “permissions”, when a user clicks this, a little dialogue box pops up and the user can then configure permission settings for the specific task or project only. It would read something like this…

Please set permissions for this project/task

Read and comment only (users can only read and comment)

completion and field setting only (users can only complete the project/ task and select field options)

Please assign users who can change these settings (a little section that allows only certain users to make further changes to these settings)

Default (all users have full access)

Reset these settings to default (a radio button for admins only to override the permission settings)

So yeah that would be it. Well actually you could add another line if it is doable:

these settings apply to | members and guests | guests only

So yeah, any newly created projects or tasks will be default (full access by anyone), after that, any user can set permisions. Then only the selected users can change those permissions, (these would be selected out of a list of users populated from the team or workspace the project/ task is placed under). Finally, there would be a radio button that would allow admins to reset the permissions in case anything went wrong (like all the users with permission to change the settings not having access to the task/project anymore, or someone leaving a task with a rude message as read only, haha)

That would be all that is needed to suit my needs, and probably many others too

Thank you.

Something along these lines is really, really needed. I hesitate to add new users because we’ve had accidentally deleted tasks, etc.

Friendly reminder to vote at the top of the thread if you’d like to see this feature.

My feedback is that I’m evaluating right now whether or not to move a bunch of our team’s workflows to Asana, and the egalitarianism is a major drawback. I don’t worry about dishonesty on my team, I worry about carelessness that costs us. Controls are needed.

Hi @Alexis @Sara I’m the CEO of a Digital Agency. I also have an MBA in Management of Technology. I do like Asana’s philosophy of promoting transparency. But, most businesses are not structured with the same culture and norms as your company and other technology companies that have more of a flat hierarchy. We have leadership, management and technicians. Therein, I can’t have my junior web developers with the same level of access as my Project Manager or CTO.

Despite having said that, we are a very transparent company with our clients. We currently have a PM tool that allows our clients to login and see what we are working on. They see all of the tasks, due dates and even all of our team’s comments and interactions around tasks. I just don’t want my clients (some of whom are in their late 50’s) inadvertently editing or deleting something. It will happen. We don’t want that risk to exist for our business or projects. Simple as that.

The idea of providing an ACL (access control list) is not mutually exclusive to your company mandate of “transparency”. Transparency relates to communication and access to information - not control/ownership of that information. In fact, if you look at this whole thread from your customers point of view, you’ll see that the requests actually indicate a desire to increase transparency without relinquishing control/ownership.

Your products is outstanding. I’ve had three designers that we work with tell us it was the best PM tool they have used. But, the lack of an ACL is a showstopper for us that prevents us from adopting it. I suspect this is the case for a lot of other agencies as well. I won’t mention here the other two platforms we are comparing Asana to. But, I will say, they both have an ACL…as does Dropbox, Slack, Confluence, LastPass, Invision, GatherContent…along all of the social media accounts and Google services our clients give us access to.

Don’t get hung up on the idea of an ACL. It’s standard, expected and necessary to comply with how the vast majority of businesses operate. I think your new client adoption rate will increase dramatically if you implement this feature. I also don’t think any of your existing customers will care because (presumably) an ACL will allow them to keep all users at the current level of full access.

You have my email. Drop me a line if you get a proper ACL setup. Otherwise, we’ll be going with another PM tool for the long-term.

Agree with the majority of the sentiment here. The impact an ACL would have on the usefulness of Asana would be immense.

We have just started using Asana as an agency but may be forced to abandon without proper user permission control. I would even argue that the current functionality actually limits the transparency we can have with clients, because we cannot add a client to Asana as a guest if they have the capability to delete things. In other words, if we could limit their access we would be able to invite them to the project; but because we can’t - they get no access at all, effectively eliminating transparency.

It would be a shame if we had to find another solution because my team, myself included, all agree that Asana has by far the best interface, and creates the best management experience when compared to other similar applications (we have tried over a dozen). No ACL is a deal-breaker.

I was super-surprised to find that there is no apparent way for me to lock a task or restrict what non-administrators can do with it (such as deleting the task or editing the description). There is a good chance that this is going to be a deal-breaker for us also.

Adding this new conversation here because it’s the same topic and highlights the frustration with lack of user permissions: Project Users and permissions - #3

Hi,

I am very new to Asana. I am trying the free plan at the moment. I have noticed something that I think is odd and I wanted to see if anybody here can tell me if this is expected behaviour or not.

I am setup as an organization using my company email domain and as a test I created a project, then sent an invitation to another email address of mine. Everything went as it should. However, what I have noticed is that the newly invited user is able to remove other users from the project, as well as changing the owner.

Is this normal? Shouldn’t only the person that created the project (the owner) be able to remove people from the project?

The documentation says that only the owner can make status posts, however I am able to do it as the guest (not just the project owner).

Is this correct?

Cheers!

Read this thread: Asana User Permissions. User permission are a huge problem on Asana.

Thanks for the link.

I think this is a deal breaker for us. When we want to bring an external member into a project (i.e a client that we are working with), we need more control as to what they can and cannot see/do.

I would like to bring an external member (client) into a project and restrict their access to the one project, as well as not allowing then to invite members to the project or other actions within the project.

Too bad, Asana seemed to have promise.

Cheers

Hi all! Thanks for your thoughtful input. This context really helps our team as we sort out our product vision moving forward.

Please remember to vote for this feature at the top of the thread!

How soon this feature will be launched?
It is very important!

Looks like the Asana team is doing a beta to allow only comments on a project. My team is trying it out in our strategies project as of today.

Check out the details here: Project permissions | Product guide • Asana Product Guide

Hi there,
The permissions structure of feng office is almost exactly what I’d like to have in Asana.
Feng Office Permissions
Hope it helps.

Can’t you do the first part of this (restricting access to just one project) by adding the client as a collaborator of the specific project, and not as a team member? It can be narrowed down to inviting them to specific tasks only, then they only see those.

This of course, is not as robust as the “comment only” Premium feature that is being tested right now. I’ve used this method though, when needing people to collaborate on very specific projects or tasks where they don’t need to see much else within my team.

I completely agree with this product feature of controlling specific permissions by user. I am evaluating buying Asana subscription and this feature is a deciding factor.

In our team, we have about 200 projects and about 4000 tasks and the inability to know if someone deletes a task is a real bummer. Even when we do realize soon enough ash a task has been accidentally deleted, there is no way to know who deleted it, so no way to easily recover the accidentally (?) deleted task. This is a sore point in our Asana experience.

You just issue Advanced Search, and specify project in question in IN PROJECTS, and Add Filter → More → Deleted…: DELETED. You should definitely be able to find these tasks unless someone intentionally permanently deleted the task (that required extra efforts for user to do).

Thanks Myroslav_Opyr, this works - If I know that something was deleted. My problem is that with a few hundred projects & about 4 thousand active tasks, it has become difficult to even know if a task was deleted.