Briefly describe (1-2 sentences) the Bug you’re experiencing:
Private Team name is visible to non-team members in Goals > Team goals show/hide teams menu. It shouldn’t be. This is a security issue. What if the team name is “Upcoming Layoffs” for example? This is inconsistent with treatment of other private objects in Asana where they are always hidden unless access is permitted.
Steps to reproduce:
Make a private Team
Ask an org member who is not a member of the private team to go to Goals > Team goals tab and click Show/hide teams. They will see the private Team there and shouldn’t
Yes, I did this in a client’s org and confirmed on screen share that they could see some teams in the dropdown that they were not members of and the teams were private.
It’s possible that the couple of users were Admins but I’m not sure. I can try to ask the client this when we have our next meeting.
If the engineers have confirmed private teams are not visible to regular users, but are visible to Admin users, that’s comforting to know and may be what’s at play here.
Thanks for the reminder, @Rebecca_McGrath. I reached out again and the clients just positively confirmed that a member could not see a private team in the dropdown; only admins.
So this is working as intended, and sorry for the false alarm (but it never occurred to me admins might have this ability, nor that most of those on our call were admins too!!).
Thanks again,
Larry
PS I’m not sure if/how to complete this in the Forum so will prevail upon you for that, as usual…
