- Understanding the Structure of the Workfront Access Model
- Understanding the Difference between Access and Permissions
The Access Model refers to the settings that must be in place for a user to access data in Workfront. The rights of any user in Workfront are filtered through the Access Model structure.
The structure of the Workfront Access Model includes two layers of access:
- The Access Levels and Object-Specific Access
As a system administrator, you can manage this at the system level for all your users in their Access Level.
- The Sharing Permissions on Individual Objects
As the creator of a specific object, you can manage the permissions other users receive on the objects you create. You can give additional access to other users to also allow them to manage the sharing permissions on the objects that you create.
As a system administrator, you must start with assigning a user an Access Level, when you start defining their access rights to Workfront. You define their Access Level by deciding which License Type you assign to them.
NOTE You must specify an Access Level for a user so that the user can log in to Workfront.
The following are the default License Types in Workfront:
- System Administrator
- External User
You can modify the default license types to customize them according to the needs in your organization.
For more information about creating and modifying Access Levels, see "Creating or Modifying Access Levels."
As part of defining the access level for users, you can determine what access they receive to the following objects:
- Reports, Dashboards, and Calendars
- Financial Data
Depending on their access level, you can define the following levels of access for each of the objects listed above:
- No Access
- View (not all license types have this level of access for all objects)
- Edit (not all license types have this level of access for all objects)
For more information about access levels, license types, and the access users receive to various objects according to them, see "Access Levels by License Type."
The second layer of access when defining the rights of the users to objects in Workfront is the sharing permissions defined on each object.
Permissions on individual objects are shared in the following ways:
- You manually share an object with users.
- Users inherit permissions from higher-ranking objects. When you share a parent object with users, all the children objects of that object inherit the same permissions, by default.
For more information about the hierarchy of objects, see the "Understanding the Interdependency and Hierarchy of Objects" section in "Understanding Objects."
The following are the levels of permissions you can grant on a specific object:
- Contribute (not all object types have this level of permission)
If you have access in your Access Level to create an object, you have permissions to Manage the object when you create it, by default. Depending on the settings in your Access Level, you also have permissions to share the object with other users and grant them permissions on the object.
IMPORTANT Permissions to a specific object and the access level to that type of object work together to give users their rights on objects. For example, if the system administrator does not configure Edit access to Projects in the Access Level of a user, the user cannot edit or delete a specific project even if they are granted Manage permissions on that project. Also, if a user has Edit access to projects in their Access Level but the project creator gives them permissions to only View a specific project, they cannot edit or delete that project.
For more information about permissions in the access model, see "Understanding Permissions in the Access Model."
The following table shows the similarities and differences between the access given to objects through the Access Level and the permissions given to them by individual users at the object level:
|Granted by a system administrator in the Access Level of a user||✓|
|Granted by any user with permissions to share an object at the object level||✓|
|Can be inherited from a higher-ranking object||✓|
***This is linked, do not change/ remove.