[New] Team admins

Original announcement

Summary

There are API implications for Asana’s recent addition of team admins.

Team admins enable customers to implement role-based access control. Team admins can specifying which users can update team details and manage membership, providing a more secure and customizable experience.

A team admin is a role that exists within each Asana team. Team admins have access to team management features within the context of their specific teams. Note that a team can have one, multiple, or no team admins.

Usage

Previously, any member of a team had the authorization to:

• Update a team’s name
• Update a team’s description
• Update a team’s privacy type
• Add or remove members from the team

Now, teams with admins, can limit which users can perform the following actions:

• Update a team’s name
• Update a team’s description
• Update a team’s privacy type
• Add or remove members from the team

As a result of these changes, certain API calls may now respond with a 403 Forbidden status code if the authenticated user lacks the required permissions. These calls include:

• Updating the name, description, or privacy type of a team (e.g., PUT /teams/{team_gid})
• Adding users to a team (e.g., POST /teams/{team_gid}/addUser)
• Removing users from a team (e.g., POST /teams/{team_gid}/removeUser)

See an example of a full team record below, where all_team_members values may be configured to only_team_admins:

{
  "data": {
    "gid": "12345",
    "resource_type": "task",
    "name": "Marketing",
    "description": "All developers should be members of this team.",
    "html_description": "<body><em>All</em> developers should be members of this team.</body>",
    "organization": {
      "gid": "12345",
      "resource_type": "task",
      "name": "My Company Workspace"
    },
    "permalink_url": "https://app.asana.com/0/resource/123456789/list",
    "visibility": "secret",
    "edit_team_name_or_description_access_level": "all_team_members",
    "edit_team_visibility_or_trash_team_access_level": "all_team_members",
    "member_invite_management_access_level": "all_team_members",
    "guest_invite_management_access_level": "all_team_members",
    "join_request_management_access_level": "all_team_members",
    "team_member_removal_access_level": "all_team_members"
  }
}

We recommend reviewing team schemas for full documentation.

Questions & feedback

If you have any questions, feedback, or need further guidance on implementing these changes, please share them below. Your insights and expertise are invaluable.

Best,
Andrew