Major Flaw: Editors should NOT be able to delete projects they don't own, should NOT be able to make themselves owner of it.

Two intertwined major design flaws here:

1.) Anyone you grant editing permissions to can immediately delete your project (private or public), such that it is unrecoverable. Only owners should be allowed to delete a project.
2.) Anyone you grant editing permissions to can remove you as the owner and/or make themselves the owner, without your approval. Ownership changes should require the approval of an existing owner.

This is a serious permissions flaw, from my perspective. I’ve tested and confirmed that anybody you add as an “editor” can in fact remove you as the owner, make themselves the owner, and even completely delete the whole project – all with no confirmation required from the legitimate project owner. Furthermore, there is no ability for the original project owner to recover their project at all – it’s completely deleted outside of their control.

Thus you have to COMPLETELY trust any employee or collaborator to whom you grant editing permissions on a project. This is quite uncomfortable, given that we’ve invested years of development and note-taking into some projects, and an intern could unwittingly wipe all of this out if they think they are just cleaning-up their own account by deleting projects they’re no longer interested in.

In fact, I’ve discovered that a user with editor permissions doesn’t even need to make themselves the project owner – they can irreversibly delete the project just as an editor. This should not be allowed. Only project owners should be able to delete a project. Only project owners should be able to transfer ownership.

That is true, Asana is all about transparency and guidelines over constraints, just like someone can come in the office, open a desk, take the papers and burn them :sweat_smile:

They are recoverable if you contact the support.

But I completely understand the need for more permission settings. I am pretty sure we have other threads on the topic, @Marie and @Emily_Roman will be able to help!

Hi and thanks for the mention @Bastien_Siebman!

@Charlie_Wilson, thank you for sharing your feedback with us! We already have existing threads on these topics, so I would recommend you to add your vote on these instead:

We’re planning to continue implementing more robust admin controls as part of our paid plans, and will certainly take this feedback onboard. If you aren’t yet, you can Follow our Announcements category to keep up to date with what’s new in Asana! 📨