Understanding the Workfront Access Model


The highlighted information on this page refers to functionality not yet generally available. It is available only in the Preview Sandbox environment.

Understanding the Structure of the Workfront Access Model

The Access Model refers to the settings that must be in place for a user to access data in Workfront. The rights of any user in Workfront are filtered through the Access Model structure.

The structure of the Workfront Access Model includes two layers of access:

  • The Access Levels and Object-Specific Access
    As a system administrator, you can manage this at the system level for all your users in their Access Level.
  • The Sharing Permissions on Individual Objects
    As the creator of a specific object, you can manage the permissions other users receive on the objects you create. You can give additional access to other users to also allow them to manage the sharing permissions on the objects that you create.

The Access Levels and Object-Specific Access

As a system administrator, you must start with assigning a user an Access Level, when you start defining their access rights to Workfront. You define their Access Level by deciding which License Type you assign to them.

NOTE You must specify an Access Level for a user so that the user can log in to Workfront.

The following are the default License Types in Workfront:

  • System Administrator
  • Planner
  • Worker
  • Reviewer
  • Requestor
  • External User

You can modify the default license types to customize them according to the needs in your organization.
For more information about creating and modifying Access Levels, see "Creating or Modifying Access Levels."

As part of defining the access level for users, you can determine what access they receive to the following objects:

  • Projects
  • Tasks
  • Issues
  • Portfolios
  • Reports, Dashboards, and Calendars
  • Documents
  • Users 
  • Templates
  • Financial Data
  • Resource Management

Depending on their access level, you can define the following levels of access for each of the objects listed above:

  • No Access
  • View (not all license types have this level of access for all objects)
  • Edit (not all license types have this level of access for all objects)

For more information about access levels, license types, and the access users receive to various objects according to them, see "Access Levels by License Type."

The Sharing Permissions on Individual Objects

The second layer of access when defining the rights of the users to objects in Workfront is the sharing permissions defined on each object. You can share objects with other Workfront users, or even share some objects publicly with others who do not have a Workfront license.

For more information about permissions in the access model, see "Understanding Permissions in the Access Model."

Permissions on individual objects are shared in the following ways:

  • You manually share an object with users.
  • Users inherit permissions from higher-ranking objects. When you share a parent object with users, all the children objects of that object inherit the same permissions, by default.
    For more information about the hierarchy of objects, see the "Understanding the Interdependency and Hierarchy of Objects" section in "Understanding Objects."

The following are the levels of permissions you can grant on a specific object:

  • View
    This level of permission includes the following:
    • Sharing system-wide: all users in the system can see the object (not available for all objects)
    • Making an object available outside of Workfront to anyone without a Workfront license (not available for all objects)
    • Sharing with an email address (available only for documents)
  • Contribute (not available for all objects)
  • Manage

If you have access in your Access Level to create an object, you have permissions to Manage the object when you create it, by default. Depending on the settings in your Access Level, you also have permissions to share the object with other users and grant them permissions on the object.  

IMPORTANT Permissions to a specific object and the access level to that type of object work together to give users their rights on objects. For example, if the system administrator does not configure Edit access to Projects in the Access Level of a user, the user cannot edit or delete a specific project even if they are granted Manage permissions on that project. Also, if a user has Edit access to projects in their Access Level but the project creator gives them permissions to only View a specific project, they cannot edit or delete that project.

The following table illustrates what objects can be shared with other users in Workfront: 

Object Share with Workfront users Share publicly  Share through email with anyone
Custom Form    

Understanding the Difference between Access and Permissions 

The following table shows the similarities and differences between the access given to objects through the Access Level and the permissions given to them by individual users at the object level:

  Access Permissions
Granted by a system administrator in the Access Level of a user  
Granted by any user with permissions to share an object at the object level  
Can be inherited from a higher-ranking object  

***This is linked, do not change/ remove.

This article last updated on 2019-04-11 21:28:12 UTC