Permissions overview

In Asana, permissions control the level of access users have to view and edit information. This enables users to balance collaboration and control while ensuring that company data remains secure. For instance, when working on a confidential project, the project team should be able to collaborate, but the information should only be shared with those who need it. 

Permissions mainly occur at the object level and are options that limit access to things like teams, projects, or tasks. 

What is an object-based permission?

Object-based permissions determine the type of access you have as a member depending on which team, portfolio, project, or task you've been invited to.

For example, if you add someone to a team, they can access all the projects in the team with team only or shared with organization privacy settings. However, they can only view projects set to private to members in that team if they are invited directly to the project. Object-based permissions allow you to keep sensitive information hidden.

You can also add collaborators to a task without adding them to the project that the task lives in. These task collaborators won't have access to other tasks in the project. Authorized members, such as a project admin or project editor, can give you access to view or edit projects if needed.

In Asana, a single user can have multiple access levels, based on the content created and the permissions given.

Overview of Asana structure

Task access and permissions

Access to a task depends on the task's privacy setting, and may also depend on the privacy settings of the project in which the task may live. For a detailed overview of the scenarios where someone can access a task, visit our task permissions article directly.

Project access and permissions

Projects benefit from three privacy settings, as well as commenter and editor roles for increased control over project data. Our project permissions article is the most comprehensive guide to managing privacy and permissions for projects.

Team access and permissions

Visit our team permissions article for the best insight into team privacy and sharing, including the team admin roles.

Organization and workspace access

Organizations are only accessible by Asana users who have signed up for an account with their company email address, or were specifically invited into an organization. Admins can control invite settings via the admin console.

Workspaces are only accessible by Asana users who have been explicitly invited into the workspace by a current workspace member.

Admin rights

The admin console is where admins can manage Asana for your organization. The members tab provides an accurate count of the members, guests, and pending invites. Also included are security options and provisioning controls. This allows you to easily add or remove users as needed, giving you complete control over your organization's members from a single, central location. 

Guest permissions

Guests are users that don't share the organization's email domain. Guests can only access what is explicitly shared with them. Use guests to collaborate with clients, contractors, customers, or anyone without an approved organization email domain.

Learn more about guests and their permissions in our Guests FAQ Help Center article. 

Privacy controls

Asana provides in-product admin controls, user and object-level permissions, plus the ability to define which third-party applications are accessible to your organization.

Read more about how we protect and secure your data.

Asana has established a comprehensive GDPR compliance program. Read about the significant steps Asana has taken to align its practices with GDPR.

Was this article helpful?

Thanks for your feedback