tl;dr:
- all teams will have new roles that determine who can add or remove team members
- no exact timeline yet, this is just an early heads up
- when these changes land, the API may issue 403’s for certain mutates that previously succeeded
Hey folks,
We’re working on changes to the Teams resources and endpoints to improve permissions and management. We don’t currently have a clear specification we can share, but we want to give our developer community as much notice as possible.
Current Behavior
- Anybody on the team can:
- Update a team’s name
- Update a team’s description
- Update a team’s privacy type
- Add or remove members of the team
New Behavior
- Domains and teams will be able to limit which users can
- Update a team’s name
- Update a team’s description
- Update a team’s privacy type
- Add or remove members of the team
We will clarify the above behavior with more detail once we have finalized our specification
Impact
- The following calls may respond with 403 Forbidden, if the authenticated user lacks permission
- Updating the name, description, or privacy type of a team (e.g.,
PUT /teams/{geam_gid}) - Adding users to a team (e.g.
POST /teams/{geam_gid}/addUser) - Removing users to a team (e.g.
POST /teams/{geam_gid}/removeUser)
- Updating the name, description, or privacy type of a team (e.g.,
- Team membership resources will be modified to expose more data about whether they have permission to modify teams
Timeline
- proto-announcement: 2022-10-14 (today)
- announcement: mid-November
Yours in Developer Relations,
Sasha, on behalf of the Asana API Team