Follow
Creating or Modifying Access Levels

***

As the system administrator in Workfront, you can use access levels as permission guidelines for your users. Defining access levels and assigning them to users determine what the users can do in the application.   

Overview of Workfront Access Levels

Access levels are the foundation of permissions for users in Workfront, allowing or restricting them to perform certain activities.

There are six default access levels in Workfront. Each access level is designed with a particular user role in mind.

There is a correlation between the access level associated with a user and what areas they have available in the Global Navigation Bar in Workfront by default.

The six default access levels are:

  • External User: Designed for users who do not use Workfront but need to review, download or view documents occasionally. They can also see calendars that have been shared with them. You cannot modify this access level. 
  • Planner: Designed for project, team, and resource managers, or anyone who is responsible for creating projects, portfolios, programs and assigning work (tasks and issues) to other users. Timesheet,  work and document approvers, and report builders should also be given this access level.
    A planner has access to all the areas in the Global Navigation Bar by default. 
  • Requestor: Designed for users who request work from others in Workfront. This license limits the users to just the Requests tab in Workfront, by default. They can make requests and update those requests, or upload and approve documents, but they cannot be assigned to work themselves. 
    Requestors can only see the Requests area in the Global Navigation Bar, by default. 
  • Reviewer: Designed for executives, who request work from other users in Workfront, and also review and approve work. Reviewers cannot be assigned work themselves. Their My Work area in the Global Navigation Bar is replaced by the My Updates area where they can find the objects they need to approve, or comment on. They also have access to the Requests and Documents areas in the Global Navigation Bar, by default. 
  • System Administrator: Designed for a user in charge of administering the Workfront system. They have access to every setting at the system level and they can see and manage all the information entered in Workfront by all other users. System administrators have access to all the areas in the Global Navigation Bar, by default. You cannot edit this access level. 
  • Worker: Designed for users who perform the work in Workfront. They can be assigned to work, but they have limited access for creating other objects. They cannot create projects, portfolios, programs or reports. They can approve work and documents, but they cannot approve timesheets. 
    Workers can access all the areas in the Global Navigation Bar, but their People area has been renamed to Teams. Workers can only view teams they belong to and the work of those teams in the Teams area. 

Creating a New Access Level by Modifying an Existing One

We recommend leaving the default access levels unchanged, to refer back to them, after your users have been set up. 

You can create your own access level by copying an existing one. 

To create a new access level from a default one:

  1. Navigate to the Setup area in the Global Navigation Bar. 
  2. Click Access Levels.
    default_access_levels__1_.png
  3. Select the access level you want to copy and modify, then click Copy.
  4. Specify a Name for your access level. The default is Access Level Name (Copy), where Access Level Name is the access level you copied.
  5. Specify a Description for your new access level. We recommend that you specify a brief description about what an user with this access level is allowed to access. 
  6. The License Type is the license level of the access you selected to copy. 
  7. Set the level of access for all the objects listed in the access level.
    These are the objects users can view or edit.
    If you do not want users to have access to an object, select No Access.
  8. Click the gear icon to define detailed viewing or editing permissions for the object.
  9. On Projects, use Fine-tune your settings to help establish sharing of projects that a specific user creates. Use rules to determine if other users will have access to view, manage or contribute on the projects that the user with this access level creates. This establishes default rules regarding with whom projects will be shared, eliminating the need for project managers to do this on new projects.
    This option is not available for Work, Request and Review licenses. 
  10.  In the Allow administrative access for ... section, identify which administrative access permissions users with this access level have. For more information about administrative access, see "Administrative Access."
    This option is not available for Work, Request and Review licenses. 

  11. In the Set additional restrictions ... area, set any restrictions that you want to place on the access level.
    It is recommended to set restrictions for external users or vendors (anyone not in your company) regarding access to information on tasks, projects, updates, announcements, other companies, teams and groups. 

  12. If your Workfront system is set up for users that belong to multiple companies, you can restrict the visibility into other users based on what company they belong to, in the People in other companies should only view users from ... section.
    You can restrict the users to see just users from their own company or from the company you designated as a Primary Company. For more information about the primary company, see "Understanding and Managing Companies."

  13. Click Save Changes.
    After the access level is created, you can assign it to a user. For more information about assigning an access level to a user, see "Assigning Access Levels to Users."

Creating a New Access Level

We recommend always copying a default access level and modifying it according to your needs to create a new access level. For more information about copying and copying and modifying an existing access level, see "Creating a New Access Level by Modifying an Existing One."

As a system administrator, you can also create a new access level, not by copying an existing access level. 

To create a new access level: 

  1. Navigate to the Setup area in the Global Navigation Bar. 
  2. Click Access Levels.
    default_access_levels__2_.png
  3. Click New Access Level.
  4. Specify a Name for your access level. 
  5. Specify a Description for your access level. We recommend that you specify a brief description about what an user with this access level is allowed to access. 
  6. Select a License Type. You have four options to choose from, which correspond to the four access levels that can be edited:
    Plan
    Work
    Review
    Request 
  7. Set the level of access for all the objects listed in the access level.
    These are the objects users can view or edit.
    If you do not want users to have access to an object, select No Access.
  8. Click the gear icon to define detailed viewing or editing permissions for the object.
  9. On Projects, use Fine-tune your settings to help establish sharing of projects that a specific user creates. Use rules to determine if other users will have access to view, manage or contribute on the projects that the user with this access level creates. This establishes default rules regarding with whom projects will be shared, eliminating the need for project managers to do this on new projects.
    This option is not available for Work, Request and Review licenses. 
  10.  In the Allow administrative access for ... section, identify which administrative access permissions users with this access level have. For more information about administrative access, see "Administrative Access."
    This option is not available for Work, Request and Review licenses. 

  11. In the Set additional restrictions ... area, set any restrictions that you want to place on the access level.
    It is recommended to set restrictions for external users or vendors (anyone not in your company) regarding access to information on tasks, projects, updates, announcements, other companies, teams and groups. 
    set_additional_restrictions_in_access_levels.png

    Consider the following options:
    • Never give access to the whole project when assigned to a task or issue: If the project access settings allows users assigned to tasks or issues to also gain permissions to the project, selecting this option will prevent that. 
      For more information about configuring the permissions on a project, see the "Access" section in "Editing Projects."
    • Never inherit document access from projects, tasks, issues, etc...: By default, documents inherit the permissions set on their parent object. Selecting this option will prevent that.
    • View only updates in which they have been included in the conversation: Selecting this option will allow users to see only comments where their name or the name of their team has been included. 
      NOTE Selecting this option prevents users from subscribing to items in Workfront.
      For more information about subscribing to items, see "Subscribing to Items in Workfront."
    • Never allow users to delete comments: When selecting this option, users cannot delete the comments they make on items. No one can delete the comments of other users.
    • View only companies, groups & teams they belong to: Users can view and share items only with Companies, Groups, and Teams they belong to.
    • Never allow visibility of Planned Hours or Actual Hours: Users cannot see the Planned and Actual Hours of work items they have access to. They can, however, see Actual Hours they log themselves or hours that are logged by someone who reports to them.
    • Never allow users to delete announcements: Prevents users from deleting announcements in the Announcement Center. For more information about Workfront announcements, see "Viewing and Sending Announcements."
  12. If your Workfront system is set up for users that belong to multiple companies, you can restrict the visibility into other users based on what company they belong to, in the People in other companies should only view users from ... section.
    You can restrict the users to see just users from their own company or from the company you designated as a Primary Company. For more information about the primary company, see "Understanding and Managing Companies."
  13. Click Save Changes.
    After the access level is created, you can assign it to a user. For more information about assigning an access level to a user, see "Assigning Access Levels to Users."

Assigning Access Levels to Users

Once access levels are created or modified, they can be applied to a user by editing their profile, or in the process of creating a new user. For more information about assigning an access level to a new user, see "Creating New Users."

To understand what kind of access users have on various objects based on their access level, see "Access Levels by License Type." 

***

Luke: should we replace this article with what I have below: https://support.workfront.com/hc/en-us/articles/216669668

**DON'T DELETE, DRAFT OR HIDE THIS ARTICLE. IT IS LINKED TO THE PRODUCT, THROUGH THE CONTEXT SENSITIVE HELP LINKS. **