Permissions overview

Overview

Permissions determine what information users can view and edit within Asana; allowing users/members to maintain the appropriate balance of collaboration and control, while giving peace of mind that your company's data is protected. For example, if you're working on a highly sensitive project, you need the project team to be able to collaborate, but you want to keep the information on a need-to-know basis. User, role, and access permissions allow you to achieve this balance.

How permissions work in Asana

In Asana, permissions occur at the object level, not the user Level with the exception of Guests and Limited Access Members.

Permissions are options that limit access to a team, project, or task.

In the Help Guide we have split permissions into sections so you can deep dive into: Task permissions, Project permissions, Team permissions and Comment-only user permissions.

What is an object level permission?

Object level permissions are used to determine if a user should be allowed to act on a particular object and the level of access. Permissions specify the access that users have to objects.

Using object permissions prevents a user from seeing, creating, editing, or deleting any instance of a particular type of object, such as a lead or opportunity. Object permissions lets you keep sensitive information hidden.

Users have access via an authorised person (Billing Owner, Project Manager, or admin, e.g). The authorization given to users enables them to access specific resources.

In Asana this means that a single user could have multiple levels of access, depending on the content that has been created and the permissions set by the content contributors.

Comment-only permissions for board and list projects in paid tiers allow teammates to view or comment on projects without giving them access to edit them.

Comment-only projects are available to Premium, Business and Enterprise teams and Organizations. You have the option to make projects comment-only or private. Private projects ensure sensitive tasks or information is accessible only to specific project members. Tasks themselves inherit the permissions of the project they are in.

We use permissions to specify the objects and fields users can access so users of Asana and contractors can accomplish a task or goal without seeing context they don't really need to see.

Asana hierachy

In Asana, permissions depend on the level of hierarchy you’ve granted a user.

If you add someone as a team member, they’ll be able to access all the public projects in that team and all the tasks in those projects. They won’t be able to access projects in other teams unless they are additionally added to those. If the team is public to the Organization (on a paid plan) all the projects under it will be public as well.

If you add someone as a project member (without also adding them to your team), they’ll be able to access all the tasks in that project. They won’t be able to access the other projects in your team unless you’ve also added them there.

If you add someone to just a task in your project (using the assignee field or add as collaborator) they’ll be able to access only that task. They won’t be able to access any of the other tasks in your project or any of the other projects in your team. If the team is public to the Organization, the projects under it are public as well.

Organizations in Asana contain conversations and tasks (those can be completely private or public). Teams and projects are just ways of sharing or limiting access to those things. Projects are containers of tasks and teams are containers of projects.

Who sees what in Asana

Who can see a task?

Who can see a project?

Who can see project conversations?

Who can see team conversations?

Who can see a team?

Who can see an Organization or a Workspace?

Admin rights in Asana

The Admin Console is the centre of administrative access.

The Admin Console is where administrators manage Asana services for people in an organization. The Admin Console's members view gives you an accurate count of registered members, pending invites, and guest users plus provisioning controls, so you can quickly add and remove users.

From one central place, you can easily gain visibility into and full control over your organization's Asana members.

Organization admins can add, remove, and manage members and their settings, and enforce password complexity.

Admins have even greater control with Asana Enterprise. Asana Enterprise customers have additional controls with SAML and our Admin API. They have the power to adjust permission settings.

Guest permissions in Asana

Guests can collaborate with vendors, contractors, and partners in Asana. Guests are users in a domain who have significantly fewer privileges than internal users. In an Organization they're defined by having an external email address (an email address where the domain name is different than the org's email domain).

You can use Asana to enable specific guest permissions while limiting access to information outside the scope of their job.

You can collaborate with clients, contractors, customers, or anyone else who does not have an email address at an approved organization email domain (i.e. @gmail.com or @yahoo.com). These people would become Organization Guests.

Members can access all public projects and tasks in the Organization, while Guests can only see what is explicitly shared with them, regardless if the project or task in question is marked public or private.

What can a Guest in an Organization access?

Guests have limited access within the Workspace or Organization they’re invited to and only see what is explicitly shared with them. If you share a task with them; they will only see that task. If you share a project with them; they will see that project and all tasks within that project.

Guests added at a project level can create projects. The only way to prevent a Guest to create a project is to add them at the task level.

Guests cannot create teams.

Guests will have access to all paid features in an Organization or team they’re invited to, however they are unable to create/edit/delete custom fields or search for them using the Advanced Search tool. They will only be able to input or edit the values of existing custom fields.

What is a private user?

If two people are seeing each other as a Private User, they are both Guests. If Guests see this, that means they are not working in either the same team or project together; this is to ensure that if you’re working with clients, they cannot see one another’s names unless you want them to.

Once they are both working in the same project or team, their names will be displayed for one another.

Tailor permission settings:

You can use Asana’s permission settings to tailor what information an external collaborator has access to.

Limited Access Members: If you don’t want a temporary collaborator to access confidential team information, you can make them a Limited Access Member. This way, they will only see only those projects, tasks, or conversations that you specifically shared with them. This option is available for both private and public projects.

Those who don't have access to all projects within your team will appear as Limited Access Members in your Team Settings Members tab. Limited Access Members can see projects and tasks they've been added to, but not conversations or other projects in the team.

Privacy controls

Asana provides in-product admin controls, user and object-level permissions, plus the ability to define which third-party applications are accessible to your team.

Permissions are a means of controlling and regulating access to specific functions. Some types of permissions cover functions that may have privacy implications, such as the ability to access personal data by making hidden teams.

Read more about how we protect and secure your data.

Asana has established a comprehensive GDPR compliance program. Read about the significant steps Asana has taken to align its practices with GDPR.