[ New ] Private custom fields

Summary

We’ve improved the privacy settings for custom fields, giving you more control over who can access both the fields and their associated values. This update allows different visibility levels to be set for custom fields within a project, independent of the project’s overall privacy settings.

Now, users can directly manage field visibility, enhancing access control and making it easier to protect sensitive data. Administrators can tailor these settings to fit their organization’s specific needs, offering a more flexible approach to user access.

Privacy can be configured through two new settings:

• privacy_setting (string): The privacy setting of the custom field. Note that administrators in your organization may restrict the values of privacy_setting. Must be one of: public_with_guests, public, private
• default_access_level (string): The default access level when inviting new members to the custom field. This isn’t applied when the privacy_setting is private, or the user is a guest. For local fields in a project or portfolio, the user must additionally have permission to modify the container itself. Must be one of: admin, editor, user

For additional details on private custom fields, please review the guide article in the Asana Help Center.

Who is affected

These changes will impact developers who manage custom fields and who require precise control over field visibility. Inaccessible fields are automatically filtered out of container-based queries (e.g., a project’s custom_field_settings), so apps should continue working without any changes.

Use cases relying on loading particular fields by ID should be reviewed to ensure compatibility.

Usage

This change is reflected on any endpoint which exposes the custom field resource, including:

• GET /custom_fields/{custom_field_gid}
• POST /custom_fields
• PUT /custom_fields

Here’s an example of a full record of a custom field, with privacy_setting and default_access_level properties:

{
  "data": {
    "gid": "12345",
    "resource_type": "custom_field",
    "name": "Status",
    "type": "text",
    "enum_options": [
      {
        "gid": "12345",
        "resource_type": "enum_option",
        "name": "Low",
        "enabled": true,
        "color": "blue"
      }
    ],
    "enabled": true,
    "representation_type": "number",
    "id_prefix": "ID",
    "is_formula_field": false,
    "date_value": {
      "date": "2024-08-23",
      "date_time": "2024-08-23T22:00:00.000Z"
    },
    "enum_value": {
      "gid": "12345",
      "resource_type": "enum_option",
      "name": "Low",
      "enabled": true,
      "color": "blue"
    },
    "multi_enum_values": [
      {
        "gid": "12345",
        "resource_type": "enum_option",
        "name": "Low",
        "enabled": true,
        "color": "blue"
      }
    ],
    "number_value": 5.2,
    "text_value": "Some Value",
    "display_value": "blue",
    "description": "Development team priority",
    "precision": 2,
    "format": "custom",
    "currency_code": "EUR",
    "custom_label": "gold pieces",
    "custom_label_position": "suffix",
    "is_global_to_workspace": true,
    "has_notifications_enabled": true,
    "asana_created_field": "priority",
    "is_value_read_only": false,
    "created_by": {
      "gid": "12345",
      "resource_type": "user",
      "name": "Greg Sanchez"
    },
    "people_value": [
      {
        "gid": "12345",
        "resource_type": "user",
        "name": "Greg Sanchez"
      }
    ],
    "privacy_setting": "public_with_guests",
    "default_access_level": "user",
    "resource_subtype": "text"
  }
}

Timeline

These changes are immediately available.

Hi, could you pls double-check with me?
Does it mean I can update privacy_setting / default_access_level via API endpoint?
I’m asking this as I can’t find the data object in body param when I’ve searched in the API docs.