Guest permissions

While I don’t mind the auto-populate feature and can understand it’s usefulness, I have guests that I have invited to my organization and various projects and since deleted them from every task, team, and project and they still appear in the auto-populated list of potential assignees. I would think it’s safe to say if they are not part of any team or project in my organization then I would not want them showing up in the backend.

2 Likes

We recently had a situation where a consultant was added to a private project that they should not have had access to. I echo others concerns above. We have a premium account. Would it be possible to prevent “Guests” from appearing in the dropdown menu or at least the dropdown menu for a private project?

The work-around we found was to have the project lead create a separate workspace for the consultant project and add them to that workspace, rather than adding to projects within our org. Not ideal, but at least we can ensure that outside collaborators won’t accidentally have access to confidential info!

Hey @Monica! Unfortunately, as it stands any member of your Organization (Guest or Member) will appear in your drop-down menu, I am afraid there is no work around that. The best way to avoid this situation at the moment is to let your Team know where they can’t add Guests. In the drop-down menu, Guests are materialized with a little globe beside their name which makes it easier to identify them

. The workaround you found is also a great solution! And if you ever need to transfer some content from this seperate Workspace to your Organization, you can always do so using Kothar (http://kothar.net/projects/organise-asana.html )

1 Like

Thanks, Marie. I’m glad to see that we aren’t missing something!

1 Like

Hi @Marie, We are a paid org. I noticed that if one of our users creates a separate workspace to collaborate with consultants those spaces are limited to 15 members. Those users are encouraged to upgrade, but we already have a paid account. Is there a way for Org admins to create a workspace that has a higher limit of users?

Hi @Monica! Each Premium plan only applies to one specific space, so the plan for your Premium Organization won’t apply to the Workspace your colleague has created to collaborate with consultants. This workspace would have to be upgraded separately. The best way to have for your consultants to benefit from your Premium plan is to invite them as Guest within your Premium Organization. Hope this helps, let me know if you have additional questions! :slight_smile:

1 Like

Hi Marie, thanks for your response!

Has Asana considered restricting guest users to only be added to public projects? Or to have an alert that asks if a user is sure that they want to add a guest user to a project? We really want to ensure that an outside collaborator cannot be accidentally added to a private project in Asana. We keep confidential information in some Asana projects that we want to keep secure.

As I described above, we have created separate workspaces to manage our projects consultants but are finding this workaround presents a few issues:

  • It doesn’t seem like the new workspace has the same premium license the old workspace does so I am missing the ability to use premium Asana features like custom fields, which I was using in my old project under the hminnovations.org workspace.

  • It doesn’t look like tasks can be shared across workspaces. I was often creating one task and then assigning to multiple projects in the workspace. Doesn’t look like this is possible now so I think I’ll need to duplicate tasks.

We’d love to find a better way to restrict guest users. It seems like I’m not the only user who has encountered this issue – does Asana have any plans to address this?

Thanks,
Monica

1 Like

@Monica there has been changes in workspaces regarding guests, if you look up Limited Members. One thought I had is that the name given a member or guest is free form not their email of course. In regards to accidental additions, could you add a suffix to guest names to help prevent accidental additions.

Thanks for your reply @Monica. We have recently introduced new users permissions (Project permissions | Product guide • Asana Product Guide) to limit access for specific users such as Guest users for example. Having said that, there is no way to completely prevent a full member of your Org to invite a Guest into a project containing sensitive information. I like you idea to have an alert to notify members they are about to invite a Guest into a project, this is definitely something I can escalate to our Product Team.

Regarding your new set up:

  • It looks like your Organization is Premium, however, this Premium plan only applies to your Organization, which means that the new Workspaces you have created would need to be upgraded separately if you want to benefit from Premium feature there too.

  • hminnovations.org is an Organization (not a Workspace). In Organizations, you can create multiple Teams but all these teams remain in the same Organization, which is why you could create a task and assign it to multiple projects with your Organizations. However, Workspaces are different, they are a self-contained Team and content can’t be moved as easily between Workspaces than it can be moved within an Organization. You can always move content using Kothar http://kothar.net/projects/organise-asana.html, but it is quite manual and probably not really adapted to what you are looking to achieve.

I believe the best set up in your case, would be an Organization with Team replacing your multiple Workspaces. I would advise you to check out our Hidden Teams (Team permissions in Asana | Product guide • Asana Product Guide), they might be a great solution to keep your sensitive content hidden from your Guest users.

Hope this helps Monica, but as always, if you have any questions, feel free to let me know!

2 Likes

Hello Marie,
I started using Asana for 5-6 years ago. During this time, when assigned a task to an external user (guest), the system will only give him access to view and comment on the shared / assigned task(s) only. Guest cannon view and comment all other tasks in the whole project.

Now i started using Asana again and she that once a project has been shared to an external user, then guest user gets access to the whole project which is not so convenience.

There are some tasks and info in the project which we don’t want guest to see.

Can you please explain why your team have made this change?

Thanks in advance.

Stupid Discourse system, it doesn’t allow me to edit and correct my text :frowning: Hope you understand the context in my previous post

No problem at all! :slight_smile: This is really strange @Kimi, if your Guest only has access to one specific task, they shouldn’t be able to see the rest of the project; they would only see the project if they were added as project members (Setting Up a Project in Asana | Product Guide • Asana Product Guide). If they are not project members and being able to see the entire project, I would advise to reach out to our support team (Asana Support - Help Center • Asana) to verify that this is not related to a bug. Our support team will definitely be able to look into this in more details! Hope this helps :slight_smile:

Hi Maria,
Maybe because I haven’t used Asana for 5-6 years. But I just found out how thing works now.

Use-case: I have two projects.

  1. Project 1 will be shared to all many guest users and they can see all tasks and info in this project. Project 2 can only be viewed and managed by me, it means that guest can only see task(s) or sub-task(s) of this project if a task is shared to guest(s).

I have solved this use-case with different Bullets in 2 screenshots below

  • Bullet A and C: are two projects I’ve created.
  • Bullet B & D: are people I’ve invited to be part of my 2 projects, as you see Bullet D, there is only one person who are part of the project Bullet C, this person is me. It means that all tasks in the project Bullet C can only be managed and viewed by me.
  • Bullet E: I have added two external guests to follow task Bullet F in project Bullet C . These two users can only view Sub tasks of task Bullet F.

1 Like

Yes @Kimi you are a 100% right! :clap:Let me know if there is anything else I can help you with!

1 Like

No Marie, not on this thread, but i need some help with another thread Tagging a Project & Top Level Project Review - #6 by Kimi

, maybe you can help?

Hi,

I agree with Monica. Not sure of the rationale behind allowing a guest (not specifically allocated to a project) the ability to appear in the assigning dropdown of a task.

Consider this… We run a software dev house with multiple clients and projects. I create a Hidden Team for my new client. I add the client as a guest to the team. We create projects under the team. We add tasks and when we want to assign a task to someone, all guests appear. Doesn’t make sense to me?

Regards,
Graham.

2 posts were split to a new topic: Restrict Guest permissions

3 years later and this is still a HUGE Problem. How can Asana let this happen? This is a huge security and privacy risk! We’ve had people accidentally assign one client guest to another client’s task on accident and it OVERRIDES any permission level. There should be a pop up alerting us that you are assigning to an email address/person that was not initially given permission to the team/task/project. It’s really disappointing.

Please fix this!