New access levels overview
As an 51黑料不打烊 Workfront administrator, you assign an access level to a user for 2 purposes:
- Every user must have an access level in order to log in and work in Workfront.
- You use the access level to control what a user can see and do with certain Workfront objects and areas.
New built-in access levels in 51黑料不打烊 Workfront built-in-access
Workfront has 5 new built-in access levels:
- System Administrator
- Standard
- Light
- Contributor
- External
Depending on the access level, up to 3 permissions are available for most of the Workfront object types:
If you need a custom access level, you can copy the built-in access level and adjust the amount of access you want it to allow for the various Workfront object types. For information on creating a custom access level, see Create or modify custom access levels.
System Administrator access level
Attached to the Standard license, this built-in access level is designed for a user who is in charge of administering the 51黑料不打烊 Workfront system. You cannot modify this built-in access level.
Users with the System Administrator access level can do everything within Workfront. They can view and edit all Workfront objects and information entered in Workfront by all other users.
They also have access to the complete Setup area, where they can change any setting at the system level, and they can access all areas in the Main Menu.
For more information, see Grant a user full administrative access.
Standard access level
Also attached to the Standard license, this access level is designed for users who:
- Plan, create, and track all projects in one place
- Automate routine processes
- Manage resources
- Track and collaborate on requests
- Track and report on project finances
- Kickoff inbound work requests
- Collaborate on projects, tasks, and issues
Access details
The following are the highest access settings available for objects in the Standard access level:
Light access level
Attached to the Light license, this access level is designed for users who:
- View all items and updates tied to work
- Approve projects, tasks, and issues
- View dashboards and reports
- Track time and approve timesheets
- Create and manage issues
- Make updates on work
Users with the Light access level:
- Can be assigned work items but can鈥檛 complete them.
- Can access requests and documents in the Main Menu.
- Have limited ability to create objects鈥攖hey can鈥檛 create projects, portfolios, programs, or reports.
Access details
The following are the highest access settings available for objects in the Light access level:
Contributor access level
Attached to the Contributor license, this access level is designed for users who:
- Submit requests
- Track requests
- Update and review requests
- Approve requests
Users with this built-in access level:
- Can make requests and update those requests
- Can upload and approve documents
- Can approve projects, tasks, and issues
- Can review the status of issues they have submitted
- Can be assigned to work items but can鈥檛 complete them
- Can access requests only from the Main Menu. For more information about request queues, see Create a Request Queue.
Access details
The following are the highest access settings available for objects in the Contributor access level:
Contributors onboarded before the 24.7 release will continue to have No access to Programs and Portfolios by default. You can update their access to view manually if needed.
External User access level
This access level is not attached to a paid Workfront license. It is the most restrictive access level, designed primarily for collaborators like external consultants who don鈥檛 log into Workfront, but need to review, download, or view documents occasionally.
Workfront users can assign tasks to external users even though external users can鈥檛 log in to the system. But we advise against this because that work would remain unresolved in the system.
Users with the External User access level:
- Can view only documents and calendar reports that are shared with them
- View the users who share documents and calendar reports with them
- Approve the documents that are shared with them
You cannot modify this access level.
Access details
The following are the highest access settings available for objects in the External User access level.
How access levels and permissions work together
Access levels define what users can see and do with general object types and areas in the system, such as projects, tasks, and issues. Permissions define what you have access to on specific objects created by other people in the system like a project created to run a marketing campaign.
The following table compares a user鈥檚 general access to objects (defined by the user鈥檚 access level) to permissions for a specific shared object:
The activities a user can do with an object are defined by a combination of their access level and the permissions given to them.
Grant permissions through sharing objects
Users gain access to individual objects when other users share and grant certain permissions on those objects.
- If a user shares an object with certain permissions and that object has any child objects below it, the recipient inherits the same permissions for those child objects.
- If an access level restricts users from deleting certain objects, this doesn鈥檛 keep them from deleting child objects that are contained in those objects.
A user can grant the recipient any of the following permissions to the individual object:
-
View: This level of permission allows the recipient to share the object in one of the following ways:
- System-wide so that all users can see it (not available for all objects)
- With external users who don鈥檛 have a Workfront license (not available for all objects)
- With an email address (available only for documents and calendars)
-
Contribute: (not available for all objects)
-
Manage: When someone shares an object, the recipient鈥檚 rights to the object are determined by a combination of the recipient鈥檚 access level and the permissions to the object that were granted by the sharer. The lowest degree of access available in that combination is what determines what the recipient can do with the object.
Example scenarios
Scenario 1
If the recipient鈥檚 access level doesn鈥檛 allow project editing, that person can鈥檛 edit or delete a project even if the sharer granted permissions to manage it.
Or, if the recipient鈥檚 access level allows project editing, but the sharer granted view-only permissions to a project, the user cannot edit or delete the project.
Scenario 2
When Olivia shares a Workfront project with Tony, Tony鈥檚 access to it is determined by a combination of two things:
- Tony鈥檚 access level, assigned by the Workfront administrator
- Tony鈥檚 permissions to the project, specified by Olivia
Tony鈥檚 actions on the project can be further restricted on the project, but they cannot be unrestricted beyond what is allowed on his access level:
- If Tony鈥檚 access level doesn鈥檛 allow him to create tasks, he can鈥檛 add tasks to the project , even if Olivia gave him permissions to add tasks to it.
- If Tony鈥檚 access level does allow him to create tasks, but Olivia did not grant permissions to add tasks to the project, he can鈥檛 add tasks to that project, but he can add tasks to other projects where he has been granted permissions to do so.