If you invite an external guest (e.g., clients or vendors) to a project, those guests can invite other external guests without any admin control. The only way to prevent this is by spending $3,000 on an Enterprise plan.
This is a data security and privacy issue that Asana will not acknowledge. There is no reason why a company would want external guests to have the ability to invite other external guests.
I guess your message contains your answer: this is an Enterprise feature. You can’t expect all the security and privacy features for a basic plan, isn’t it?
I disagree. A business tier plan is not a basic plan. It is the highest level plan available for purchase on Asana’s website and is designed for teams and companies. A company should be able to expect a reasonable degree of privacy and security with respect to its data.
Allowing an external guest to provide full access to anybody it so chooses (with, for example, the ability to delete the project) without any admin control should worry all companies on a business plan. It essentially renders the guest feature useless.
I would expect Asana to charge for more sophisticated privacy and security features. But charging to prevent others from accessing your data? Perhaps Asana should start charging users for using passwords too. The proper thing to do is to make the default setting the most restrictive and offer less restrictive settings to admins on higher tier plans.
Finally, upgrading to an enterprise level account is far more palatable for larger organizations. A company with 2 users is required to pay for 5 seats to upgrade. I recognize this requirement has been the subject of much debate in the past, but it becomes even more relevant when basic privacy and security features are only available for enterprise users.
Hi @GregB , a new feature called Team Admins is on the way! This may give you some control over Guests inviting other guests on the Team Level. Depending on your Asana structure, this could hopefully help in adding additional control and privacy. Eg. you could create a Team per client (with guest accounts), instead of a Project per client.
Thanks for raising the new admin teams feature. Asana support told me it would not resolve the guests inviting guests issue. However, I look forward to trying it to see if there isn’t some configuration that we could use to address the issue.
Hi @GregB , Asana support are right regarding controlling guests inviting guests at project level, however the below caught my attention, which appears to be applicable at the Team level. I understand that you might need to restructure your Asana hierarchy to achieve this though, so I can relate!
Thanks, @Richard_Sather. I have absolutely no problem restructuring our Asana hierarchy if that solves the issue. Our organization does not have access to the new team settings yet, but I will happily report back once we have been able to try it out. I appreciate you raising this as a potential solution.