CAPABILITIES
Company Type
Topics
- All Asana features
- You’ve been invited to Asana; now what?
- Navigating Asana
- Different types of tasks
- Set up your ideal workspace
- How to use Asana help resources
- New navigation in Asana
- Asana desktop app
- Create tasks in Asana
- Collaborating in Asana
- Quick-start guide to Asana
- Getting started with Asana’s mobile app
- How Asana works
- Create projects in Asana
- Top features to discover
- Structure your projects clearly
- Assign tasks to teammates
- Comments, messages, and status updates
- Powerful Asana features for work management
- Stay informed with your Asana Inbox
- Maximize productivity with My tasks
- Create projects quickly with templates
- Manage and prioritize your tasks
- Automate and scale your work with the Customize menu
- Find work fast with search
- Connect your tools with Asana
- How to invite team members to Asana
- Reporting with dashboards
- Monitor initiatives and track work with portfolios and dashboards
- Reporting with workload
- Tracking project progress
- Top Asana integrations
- Planning with Asana calendar
- Asana for team leads
- Setting and tracking progress towards goals
- How to choose the right project blueprint for your work
- Plan and execute projects with a deadline
- Customize your projects and portfolios
- Share project updates
- How to cancel your Asana trial
- How to add payment details to a trial
- Make the most of your Asana trial
- My trial has ended, what happens to my tasks, rules, and workflows?
- How to sign up for a free Asana trial
- Purchasing a subscription after a trial
- Set goals during your Asana trial
- Turn your trial into a paid plan
- Invite others during your trial
- Add movement to your workflow
- Multi-home tasks to avoid information silos
- What is a workflow?
- Automate how work moves through stages
- Build the foundation of your workflow
- Assign work automatically with custom fields
- Use dependencies to kick work off at the right time
- Request a task review with a simple automation
- Control how tasks are added to projects
- Building cross-functional workflows in Asana
- Moving your everyday workflows to Asana
- Schedule tasks based on priority
- Form customization
- Task Templates
- Custom fields
- Formula custom fields
- Conditions and branching in rules
- Bundles
- Time tracking in Asana
- Dependency types
- Forms
- Email communication with form submitters
- Filtering and sorting custom fields
- ID custom fields
- Field mapping in forms
- Manual rule triggers
- Rule permissions
- Applying bundles to projects
- Rules integrations for cloud storage and file sharing
- Rule actions
- Sharing a form
- Variables in rules
- Rules integrations for productivity and communication
- Setting dates in rules
- Management dashboard for project templates
- Rules integrations and widgets
- Rule execution history
- Rule triggers
- Rules integrations for operations and support
- Bundles FAQ
- Bundle management and permissions
- Management dashboard for global fields
- Rules integrations for sales and services
- Reference custom fields
- Auto-shifting dates for dependent tasks
- Custom field types and limitations
- How to export all time entry data from Asana as CSV via API
- Approvals
- Workflow builder
- Rules
- Project templates
- Task dependencies
- Microsoft Teams and Asana integration
- Asana for Outlook add-in
- Asana for Gmail add-on
- Zoom meetings in Asana
- Asana for Tableau integration
- Power BI integration
- Google Sheets & Asana
- Google and Asana
- Google Forms and Asana
- GitHub and Asana integration
- Calendars and Asana
- Google Calendar + Asana
- Asana for Adobe Creative Cloud
- Google Smart Chips
- Instagantt + Asana
- Zapier and Asana
- Vimeo and Asana
- Chrome Extension + Asana
- Asana for Jira Cloud FAQ
- Jira Data Center
- Zoom transcripts for automation and AI Studio
- How to create a Zoom call notes workflow with AI Studio
- Enabling permissions for Asana-built and Microsoft 365 integrations
- Outlook Calendar and Asana
- Tray.io + Asana
- ServiceNow & Asana
- Wufoo and Asana
- Web forms & Asana
- Zendesk integration
- Asana for Jira Cloud
- Jira Data Center FAQ
- Asana and Workplace from Meta
- Splunk + Asana
- Salesforce in Asana integration
- Asana in Salesforce AppExchange (being deprecated)
- Slack and Asana
- API
- Asana app in Claude
- Asana app in ChatGPT
- Migrating time tracking data from Everhour to Asana
- Compliance management: API and integration support
- Progress, status, and connecting work to goals
- Goal types and templates
- Goals strategy map
- Write great goals with Asana Goals
- Weighted goals
- Viewing and filtering your goals
- Asana Goals FAQ
- The goal tracking process with Asana Goals
- Lead the goals management process in your organization with Asana Goals
- Goals privacy and sharing
- Get started with Asana Goals
- Email tasks to Asana
- Task actions
- My Tasks
- Scheduling tasks using start dates, due dates, and times
- Text formatting in Asana
- Task fields
- Rules in My tasks
- Converting tasks into projects
- Views in My tasks
- Custom fields in My tasks
- Save time in Asana
- Understanding tasks
- Subtasks
- Task comments and attachments
- Tags
- Custom task types and statuses
- Proofing
- Preparing data for CSV import
- Sections
- Gantt view
- Import data from other tools to projects in Asana
- Understanding projects
- Timeline
- Notes view
- Calendar view
- List view
- Project overview tab
- Managing tasks and dependencies with timeline
- Project owner and members
- Files view
- Critical path on timeline
- Project customization and views
- Gantt view FAQ
- Embedded media project view
- Advanced CSV import options
- Board view
- Shareable notes in Asana
- Project importing and exporting
- Teamless projects
- Project permissions
- Permissions overview
- Read-only links
- Task permissions
- Project privacy settings
- Custom field access levels
- Team sharing
- Forms access permissions
- Edit restriction on custom field values
- Private custom fields
- Asana custom field permissions
- Project admin access level
- Viewer project access level
- Team content permissions for team admins
- Domain-wide admin controls
- Sharing and limiting access to teams
- Team permissions
- Editor access level
- Individual project permissions
- Asana for Agile and Scrum
- Asana for team meetings
- Pipelines
- Ideas and brainstorms
- End-of-month close processes for Finance teams
- Giving feedback and approvals
- How to apply a RACI Matrix in Asana
- Project intake
- Organizational strategic planning
- Resource planning
- Plan and manage company goals
- Using Asana to track customer feedback
- One-on-ones
- Using Asana for project management
- Using Asana for your product roadmap
- Asana for Sales and Account Management teams
- How to use Asana for account tracking
- Video production calendar
- Marketing strategic planning
- Event planning with Asana
- How to create a content calendar in Asana
- Campaign management
- Creative production
- Managing design feedback and critique meetings
- Words to workflows in AI Studio
- Work smarter with Asana AI
- AI Studio FAQ
- AI Studio Plus
- Connect your Smart workflow with the right data sources
- AI Studio models
- Writing instructions in AI Studio
- How to structure a prompt in AI Studio
- Create Smart workflows with AI Studio
- AI Studio pre-built AI rules
- How the Use AI variable works
- Troubleshooting in AI Studio
- AI Studio - Human in the loop
- An admin's guide to AI Studio
- Introduction to Asana AI Studio
- AI Studio credit optimization
- AI Studio add-on and pricing
- eDiscovery Resource Center
- Multi-org deployment
- Mandatory two-factor authentication
- Enterprise Key Management (EKM)
- Asana EU Data Centre
- HIPAA Compliance
- Asana and Global Trade Compliance
- How to access the admin console
- Privacy and security
- Two-factor authentication
- Accounts
- Service accounts
- Setting SAML group mapping for licenses
- Multiple accounts and merging
- Data retention policy
- Asana account email policy
- Delete your Asana account
- Managing password settings in the admin console
- SAML group mapping and SCIM interaction
- Access and permissions
- IP allowlisting in Asana
- Compliance management add-on
- FedRAMP Compliance
- Permissions management add-on
- Global authentication settings
- Automatic guest removal
- Mobile apps security permissions
- Understanding user role permissions
- App management and integrations
- Asana Japan Data Center
- SecureAuth for Enterprise Organizations
- Profile field editability controls
- Claiming admin permissions on work items
- Provisioning and deprovisioning users with SCIM
- Authentication and access management options for paid plans
- Asana IP address ranges and hostnames
- Admin security controls
- Setting up Asana roles in Microsoft Entra ID with SCIM
- Setting up Asana roles in Okta with SCIM
- Admin and super admin roles in Asana
- Role-based access control (RBAC) with custom roles
- How to separate Asana accounts
- Data Residency for Asana
- Your Asana account
- Managing an organization
- University organizations
- Managing people in organizations
- Managing teams through the admin console
- Managing organization settings
- A guide to divisions in Asana
- Asana Sandboxes
- Workspaces and organizations FAQ
- Advanced division management
- Division access and management FAQ
- Manage approved workspaces
- Membership and collaboration in workspaces
- Managing members in an organization
- Understanding workspaces
- Managing workspaces
- Introducing Asana Gov
- Managing members and teams in a division
- License assignment in divisions
- Payments in CAD and KRW currency
- Payments in MXN and BRL currency
- Norway VAT
- New Zealand GST
- Indonesia VAT
- Iceland VAT
- EU VAT
- Changes to automatic payments in India due to RBI regulations
- Australia GST
- Adding payment methods for manually invoiced customers
- Upgrading or changing your Asana plan
- United Kingdom VAT
- United States sales tax
- Switzerland VAT
- South Korea VAT
- South Africa VAT
- Singapore GST
- VAT/GST & Sales Tax
- Accessing your billing page
- Payment methods and invoices
- Billing settings in the admin console
- Billing
- Subscription management and upgrades
- Philippines VAT
- Canada GST/HST, QST, and provincial sales tax
- Security and billing for divisions
- How to cancel your Asana plan
- Learn about Asana Premium features
- Learn about Asana Legacy Enterprise features
- Divisions
- Learn about Asana Starter features
- Learn about Asana Advanced features
- Modify your Asana plan
- Manage your growing Asana subscription
- Learn about Asana Business features
- Asana Personal Plan details
- Pricing and purchases
- View only
- Asana for nonprofits
- Asana subscriptions and pricing
- Troubleshooting browser and connectivity issues
- Accidental deletion
- Tasks and subtasks
- Security and permissions
- Navigation and display
- Upcoming discontinuation of personal projects spaces
- Asana Forum basics
- Salesforce AppExchange Integration Deprecation FAQ
- Asana Certification FAQ
- How do I get support from Asana?
- Recover deleted tasks, projects, and more
Role-based access control (RBAC) with custom roles
Available to organizations on Enterprise+ (or Enterprise with the Permissions Management Add-on).
Role-based access control (RBAC) with custom roles allows organizations to create and manage organization-level custom user roles, providing centralized control over what users can do in Asana. Super admins can define roles with specific permission sets and assign these roles to users—helping organizations meet security and compliance requirements and standardize how users work in Asana.
Related articles
- Understanding user role permissions
- Setting up Asana roles in Microsoft Entra ID with SCIM
- Setting up Asana roles in Okta with SCIM
Benefits of RBAC
- Centralized control: Manage organization-level permissions from the admin console
- Enhanced security and compliance: Meet security and compliance requirements with granular control over role permissions
- Standardized workflows: Create standardized ways of working across your organization by defining appropriate access levels by role
- Reduced administrative burden: Delegate user management to specified admin users and simplify admin workflows by integrating with a supported IDP for automated role assignment
How RBAC works
With RBAC, permissions are associated with roles rather than individual users, making it easier to manage access across your organization.
User roles
- Standard roles: Asana includes a set of standard roles that have both inherent, non-configurable permissions and a set of configurable permissions. Custom roles are based on standard roles and inherit the non-configurable permissions and configurable permission defaults.
- Super admin: This is the top-level administrator role with full control over the Asana organization, including managing users. Permissions for this role cannot be modified and custom roles may not be created based on this role.
- Admin: Organization admins have access to the admin console and have access to admin settings, including managing teams and members, and limited control over domain settings. Super admins can adjust user management permissions for this role, including delegating role management to the admin or custom admin role.
- Member: This is the default role for users with an internal email address (e.g., @yourcompany.com). Members have standard access to collaborate within your Asana organization.
- Guest: This is the default role for users with an external email address (e.g., @yourclient.com). Guests are intended for collaboration with people outside your primary organization and have limited inherent permissions. External users can only be assigned the guest role or custom roles based on the guest role. Similarly, internal users cannot be assigned the guest role.
- Custom roles: Super admins can create custom user roles based on the standard roles and modify the configurable permissions.
RBAC permissions
Control what actions users can perform across Asana, including creation, deletion, account permissions and more. Visit our permissions overview article for more information.
Getting started with RBAC
Follow the steps below to set up roles and permissions for your organization.
Step 1: Accessing RBAC settings
You can view and configure all user roles in one place from the Manage roles page in the admin console.
- Navigate to the admin console in Asana.
- Click the Manage roles tab in the Members section of the left navigation bar.
- Here you’ll see the list of roles for your organization along with some basic information about them, including the role description and the members list for each role.
- When you first get started, only the standard roles will appear here; once you’ve created custom roles you’ll be able to view them from this page as well.
Step 2: Creating a custom role
Custom roles should be created when more precise controls over the permissions a user or group of users should have in Asana are needed.
- From the Manage roles tab, click Create role in the top right corner.
- Provide a name and description for the custom role (e.g., "Project manager", "Marketing team member").
- Tip: Specific names and clear descriptions can be helpful later on as your list of roles increases or if you plan to delegate role management to other admins.
- Select the standard role to base the new custom role on. This will affect the non-configurable and configurable permissions available to the role, as well as the type of user that can be assigned into the role (internal vs. external).
- Configure the permissions to grant to this role.
- Click Create role.
- You’re now ready to begin assigning users to this role
Step 3: Modifying roles
Roles should be modified as your organization needs change.
- Select the role you wish to modify from the Manage roles tab.
- Review the current permissions associated with the role on the Edit role page.
- Edit the role details and permissions as needed.
- Save your changes.
- Updated permissions settings will now apply to all users with the role.
Step 4: Role assignment
Assigning users to user roles gives control over the permissions a user or groups of users has in Asana.
- In the admin console, click Manage members on the left navigation bar.
- Locate the user you want to assign a new role to.
- Click the Role drop down.
- Select the new role to assign.
- Tip: Learn more about managing member role assignment at scale through our IDP integration - if you’re managing roles through the IdP, your IdP will be the source of truth for user roles and will override changes in the admin console.
- Learn how to set up Asana roles in Okta.
- Learn how to set up Asana roles in Microsoft Entra ID.
- Tip: Learn more about managing member role assignment at scale through our IDP integration - if you’re managing roles through the IdP, your IdP will be the source of truth for user roles and will override changes in the admin console.
Tip
You can bulk assign roles through CSV user import. Learn more.
Step 5: Set role defaults
Role defaults set the role new users receive when joining Asana
- In the admin console, click Security on the left navigation bar.
- Locate the Role defaults setting.
- Select the default roles for internal and external users.
Tip: Role defaults apply when people sign up to join your organization, are invited by other users and in less common scenarios where automatic role assignment occurs. Select default roles with permissions you are comfortable with any user receiving by default. Users’ roles may always be adjusted from the Members tab in the Admin Console.
Frequently asked questions
Role management
Who can create, manage and assign roles?
By default, only super admins can create and manage roles. The standard admin role (and custom roles based on admin) can assign users to an existing user role, but cannot create new custom roles or modify role permissions. Super admins can manage admin user management permissions to either grant the ability to manage roles or restrict the ability to assign roles.
Can the permissions of standard roles be modified?
Yes, super admins can modify the configurable permissions associated with standard roles to better fit their organization's needs.
If I create a custom role based on "Member" and updates are later made to the "Member" standard role, will my custom role also change?
No, the configurable permissions for custom roles are independent after creation. Changes to the configurable permissions of a standard role will not automatically apply to existing custom roles based on it. New custom roles created after changes are made to standard roles will use the current permissions of the standard role as the starting default.
Can I rename the standard roles to better fit my organization's terminology?
No, standard roles may not be renamed.
Can I customize the standard "Super Admin" role?
No, the permissions for the Super Admin role are fixed and cannot be modified.
Can division admins manage roles within their specific division?
No, currently RBAC is available to organizations only, and role permissions apply to users at the organization level.
Role assignment
Can I change the default role assigned to new internal or external users?
Yes, this can be done using the ‘Default role’ setting in the security tab of the admin console. Additionally, there are role-level defaults that set the role for new users invited by users with that role. We recommend using these defaults thoughtfully to avoid permission escalation.
Can multiple roles be assigned to a single user?
No, each user can only have one role assigned at a time.
What user role does a user get assigned to?
Everyone in Asana has a user role. Here are the different ways role assignment can happen:
- For existing users: When you transition over to using RBAC to manage user roles, users will retain their existing user role by default (Super admin, Admin, Member or Guest). From there, Super admins and Admins with user management permissions can add additional custom roles and assign users to roles.
- For new users, the role the user receives can vary based on how they join your org:
- Invited users:
- In-app invites: When users are invited to Asana from the app, the role the new user receives is the default member or guest role.
- Admin console: When users are invited from the admin console, super admins and admins with role assignment permissions are able to set the role for the new user during the invite step
- Sign ups: When new users sign up from Asana.com to join your org, they will receive the org-wide default role. This role starts out as the standard member role, but can be configured through the domain wide settings
- SCIM integration: if you’re managing roles through the IdP, your IdP will be the source of truth for user roles and will override changes in the admin console. Learn how to set up Asana roles in Okta.
- Invited users:
- There are a few less common scenarios where users may receive a role automatically:
- Domain migration: When a domain migration occurs, users from the source domain are assigned the target domain's org-wide default role. Changes to verified org emails: When a verified email address is added or removed from an organization, this can change existing users’ role type from external (guest) user to internal user or vice versa. When this happens, affected users will receive the org default role corresponding to their new role type.
- Tip: Manage role defaults to keep your org secure by ensuring that new users always have the right level of access to your org from the start.
What role will a user receive if they are invited by multiple users before accepting their invite?
If a user is invited by multiple users before accepting their invite, they will receive the role from the first invite. If the user is invited by an admin from the admin console, this role assigned by the admin will take precedence over any other invite role. Super admins or admins with the role assignment permission can view pending invites and change users’ role in the admin console.
If a user's role is changed, are they automatically notified?
No, users are not automatically informed about role or permissions changes.
Are users able to see their role or request role changes from the Asana app?
No, users are not able to see their user role and there is currently no way to request upgraded permissions through Asana. The user experience differs based on the permission; in some cases, features are completely hidden whereas for others, users see the feature in a disabled state.
Organization settings
How do organization default settings interact with user roles?
Organization default settings are in place for some of the permissions that may also be customized at the role level via RBAC. These settings can be accessed in the admin console in the Security and App settings tabs. They include:
- Guest invite and trusted domain setting
- Upload files
- Download files to mobile app
- Use personal access tokens
- Use Apps
If a permission is disabled or modified at the organization level using the organization default setting, this will override role permissions and it will not be configurable at the role level. In order to configure the setting at the role level, the org default setting must be turned on.
I have previously used organization settings to change permissions in my domain. Will these defaults remain in place when I start using RBAC?
Yes, when you begin using RBAC, the permissions settings that have been configured already for your domain will remain in place and be reflected in the permissions for RBAC roles. This means your starting defaults for standard roles may be different from what the Asana default for each role looks like.
Overall permissions framework
How do user roles interact with permissions on projects or other work objects in Asana?
The RBAC user role and permissions determine a user's capabilities across an entire Asana instance, whereas object access level permissions determine a user's capabilities specific to a particular Asana object. The Asana permissions system works together to address a range of access control use cases.
The following table compares RBAC user roles with object access levels
|
Comparison |
RBAC User Role |
Object Access Level |
|
Who assigns the role? |
Org super admin |
Object admin |
|
Where is the role managed? |
Org admin console |
Object share modal or settings |
|
What is the scope of the role permissions? |
Applies org wide, across all objects |
Applies to a single object |
|
Example permissions |
|
|
How does a user’s license interact with their role?
License and role are independent of each other but both affect what a user can ultimately do in Asana.
- User access to features in Asana is determined by their license.
- User permissions in Asana are defined by their role.
In order to take an action in Asana, a user needs both a sufficient license and role.
As an example, two users may be assigned the project manager custom user role in Acme org. This role has ‘Create company goal’ permissions on.
- User A has a full Enterprise license and can create company goals
- User B has a View only license and may not create company goals because they are restricted by license type. User B must be upgraded in order to take all actions permitted by their role
Troubleshooting tips
Users can't perform actions despite having the appropriate role
- Check if the action is restricted at the object level
- Verify that the permission is enabled for their assigned role
- Verify that the user has the proper license
AI permissions
Asana's AI Permissions within RBAC allow admins to manage deployment of AI features on a role-by-role basis.
Admins can currently control four AI-related permissions within RBAC:
Asana AI: Disabling the top-level Asana AI permission disables the sub-permissions (e.g., Core AI, Proactive AI, etc.) for members of a particular role.
- Core AI: This sub-permission allows members of a particular role to engage with core Asana AI features for on-demand content creation, summarization, and analysis (e.g., smart chat, smart summaries, and smart editor).
- Proactive AI: This sub-permission allows members of a particular role to engage with Asana AI features that proactively generate content without direct user prompting (e.g., proactive summaries on goals or projects).
- AI Automations: This sub-permission allows members of a particular role to create and modify rules or automations using generative AI (e.g., AI Studio). If disabled, AI Automations owned by members of this role will not run.
How do role-based AI permissions interact with organization-wide settings?
Organization-wide AI settings enable and disable Asana AI for all users within an organization, while RBAC AI Permissions enable similar choices solely for members of a particular role. Organization-wide AI settings can be found in the "Asana AI" section of the admin console. Organization-wide AI settings take priority over AI permissions within RBAC. This means that, for any user to access AI features, those features must first be enabled for the entire organization. If you have disabled Asana AI overall, no one can use it within your domain, regardless of their role-specific permissions.
What is the default setting for AI permissions on my existing roles?
By default all AI permissions are enabled for all standard and custom roles. You must edit a role to disable these permissions and restrict access. If a user has AI permissions but the organization has turned off AI, the user will not be able to use AI features.
What do users see if an AI permission is disabled for their role?
If a user's role does not include an AI permission, they will either not see the entry point for that feature, or the feature will appear as disabled. This indicates that their access has been restricted by an admin.
Do these controls prevent users from interacting with AI entirely?
No — these controls are not intended to entirely shield users from AI. For example, users without AI RBAC permissions may be able to trigger AI Studio rules created and owned by others. If you wish to disable AI for your organization, use the organization-wide setting.