Asana User Permissions



Thanks Myroslav_Opyr, this works - If I know that something was deleted. My problem is that with a few hundred projects & about 4 thousand active tasks, it has become difficult to even know if a task was deleted.


Exciting news! Check it out here: New: Comment and View Only Permissions


Thank you for the new feature of Comment and View Only Permissions.

But Asana still needs further member permission management feature urgently.
Imagine, any team member, even a member who is out of the company has permission to delete the whole team along with all its tasks and projects. This is unbelievable.


“Only Comment” is a great first step.
Now we wait the real user right management tools!


Exciting announcement number two! Now you can set Boards as comment-only :slight_smile:


Comment only is great but our organization is also finding the need to restrict who can create custom fields, create new tags, and archive/delete projects.


I have a payments project which is divided by sections so we can add payments to each section. (Each section is a internal company) that way we know from which company need some to be paid each payment. Someone in my team accidentally deleted one of these sections so we now lost all historical data regarding payments of that section as they all moved to another section and we can’t differentiate which are from the deleted section and the real for the current section.

With a simple user permission to add tasks but not delete or at least not permanently delete task this would never happen :frowning:


Is there any way to lock down comment fields permanently, so that once a comment has been entered and time-stamped, it can’t be edited or deleted? Or, is there any type of custom field that has this attribute?

Use case: I am helping a client use Asana to manage company goals. Sub-tasks are quarterly goals, and the goal-owners update the status of each goal 2x per quarter, using comments to the sub-tasks. When I showed the template to the CEO, his first question was, “Can users delete or change the content of a comment once it has been entered?” His concern is that he wants a permanent historical record of all updates on performance that can’t be altered or deleted, including by the person who entered an update. Is there any way to achieve this in Asana?


I have to chime in here also. Asana user permissions are absurd, normal users have way too much ability to muck things up, whether intentionally or not. One of the team members I onboarded said he was afraid because it felt like he had admin permission and wanted me to doublecheck that I set up his account right, this was after he already accidentally modified things.

Comment-only projects is a great step in the right direction. Though this is too limited, such as there being no ability to apply comment-only to recurring tasks. Even when the tasks are part of that comment-only project, once they are marked completed, they recur with a project-less state.

As the business owner trying to lock business operations in to a trusted system, I feel like I’m programming on a foundation of quicksand with Asana. There’s a lot that I really love about Asana, and it’s really disheartening to think that I have to go back to researching options for software that I can really build my business on.


Beware! Your data is at risk!!!

I have been using Free version of Asana (below 15 member team). Today one of my team members demonstrated how privacy & data security could be breached.

  1. I invited one of the team members via his office email id
  2. He receives email, using which he creates his account and starts using asana
  3. One day, he changes his email id from that of office to his personal
  4. How he has access to all information, notes, tasks, attachments thru his personal email which he can access whenever and wherever.

I also do strongly believe that that there has to be user mgmt with admin having most of the rights.

This is dangerous!


I envision Following rights

  1. Add / Delete Users
  2. Create Task / Delete Task
  3. Edit Task
  4. Change profile info
  5. Change email id
  6. See reports
  7. View Task


Umm… he has no more access than when he used the work email? What stopped him from accessing it whenever wherever with work email? That’s how asana works.


Agreed: Too often some people feel the need to loop in the world which creates discussions beyond the scope of the task.


Any updates on user permissions? Read-only, comment-only, edit rights, etc.; we’d like to increase transparency into projects by inviting specific users as view-only or comment-only but don’t want them to have edit access.


I have voted for change. see top of thread for vote button


Any updates on this topic? I’m evaluating Premium version of Asana right now and this seems like a real deal breaker for me. Really love the interface and the ease of use, especially for task and project management. But at the same time just cannot afford the data loss if one of the guests in the project decides to delete it (yes, it’s possible, guests can easily delete everything within a team).


Added trouble – We have a “Milestones” comment-only project whose tasks are linked to multiple downstream projects with editable access (easier for us to all link back to a single Milestone master project). The editing access of downstream projects overrides the comment-only access of the Milestone project. HUGE FLAW! If a task is comment-only, this should be the superseding configuration even if it is linked to other projects.


Any updates on this? A well defined Access Control list is a MUST, and sorely needed, unless I have missed something. I have also posted a reply in Notification for deleted threads.


We were ready to move our organization to Asana but this was a deal breaker. User permissions is flawed. You cannot allow the entire organization to edit tasks at will. We need better user permissions for Asana to really be the solution for PM.


We think it would also be useful to deny/permit (certain) users to create Teams on their own. We have fixed teams for different parts of our company and these should be created and managed by Asana Admins only.