Understanding the Access Model


The Access Model refers to the settings that must be in place for a user to access data in Workfront. The rights of any user in Workfront are filtered through the Access Model structure.

The structure of the Workfront Access Model includes two layers of access:

The Access Levels and Object-Specific Access

As a system administrator, you must start with assigning a user an Access Level, when you start defining their access rights to Workfront. The Access Level is defined by the type of License they are assigned. 

NOTE You must specify an Access Level for a user so that the user can log in to Workfront.

The following are the default license types in Workfront:

  • System Administrator
  • Planner
  • Worker
  • Reviewer
  • Requestor
  • External User

You can modify the default license types to customize them according to the needs in your organization. 
For more information about creating and modifying Access Levels, see "Creating or Modifying Access Levels."

As part of defining the access level for users, you can determine what access they receive to the following objects:

  • Projects
  • Tasks
  • Issues
  • Portfolios
  • Reports, Dashboards, and Calendars
  • Documents
  • Users 
  • Templates
  • Financial Data

Depending on their access level, you can define the following levels of access for each of the objects listed above:

  • No Access
  • View (not all license types have this level of access for all objects)
  • Edit (not all license types have this level of access for all objects)

For more information about access levels, license types, and the access users receive to various objects according to them, see "Access Levels by License Type."

The Sharing Permissions on Individual Objects

The second layer of access when defining the rights of the users to objects in Workfront is the sharing permissions defined on each object. 

The following are the levels of permissions you can grant on a specific object:

  • View
  • Contribute (not all object types have this level of permission)
  • Manage

If you have access in your Access Level to create an object, you have permissions to Manage the object when you create it, by default. Depending on the settings in your Access Level, you also have permissions to share the object with other users and grant them permissions on the object.  

IMPORTANT Permissions to a specific object and the access level to that type of object work together to give users their rights on objects. For example, if the system administrator does not configure Edit access to Projects in the Access Level of a user, the user cannot edit or delete a specific project even if they are granted Manage permissions on that project. Also, if a user has Edit access to projects in their Access Level but the project creator gives them permissions to only View a specific project, they cannot edit or delete that project.

For more information about permissions in the access model, see "Understanding Permissions in the Access Model."

***This is linked, do not change/ remove.