ÃÛ¶¹ÊÓƵ

Create and modify custom access levels

As an ÃÛ¶¹ÊÓƵ Workfront administrator, you can create custom access levels and apply them to users. As you work with access levels, it is important to understand how they work together with the object permissions that users grant when they share objects with each other. For more information about access levels, see:

IMPORTANT
We strongly recommend that you leave the built-in access levels unchanged so that you can refer to them after you set up your users. To customize an access level, copy the default access level and modify the copy. You can do this for every access level except for System Administrator and External User.

Access requirements

Expand to view access requirements for the functionality in this article.

You must have the following access to perform the steps in this article:

table 0-row-2 1-row-2 2-row-2 layout-auto html-authored no-header
ÃÛ¶¹ÊÓƵ Workfront plan Any
ÃÛ¶¹ÊÓƵ Workfront license

New: Standard

or

Current: Plan

Access level configurations You must be a Workfront administrator.

For more detail about the information in this table, see Access requirements in Workfront documentation.

Create or edit a custom access level

  1. Click the Main Menu icon Main Menu in the upper-right corner of ÃÛ¶¹ÊÓƵ Workfront, or (if available), click the Main Menu icon Main Menu in the upper-left corner, then click Setup Setup icon .

  2. Click Access Levels in the left panel.

  3. Select the access level you want to copy and customize, then click Copy.

    Or

    If you are editing an existing access level (that you copied previously), click its name.

  4. In the box that displays, do any of the following to start configuring the custom access level:

    table 0-row-2 1-row-2 2-row-2 layout-auto html-authored no-header
    Name

    Type a name for your access level.

    If you just copied an access level to create a new one, the default name is Access Level Name (Copy), where Access Level Name is the access level you copied.

    Tip: We recommend that you include the original name of the access level in the name of the copy. For example, at ACME company, a copy of the Standard access level might be named ACME Standard.

    Description Type a description for the access level. It's helpful to list here what an user with this access level will be able to access.
    License Type Make sure that the license selected here is the one that is most closely associated with the type of access level you are creating or editing. The selected license determines what settings are available for the access level. For more information, see New licenses overview or Licenses overview.
  5. (Conditional) If Standard or Plan is selected in the License Type box, scroll to the section Allow administrative access for and select administrative access permissions for those who will have this access level.

    table 0-row-2 1-row-2 2-row-2 3-row-2 4-row-2 5-row-2 6-row-2 7-row-2 8-row-2 layout-auto html-authored no-header
    Approval Processes

    Create and manage approval processes for use throughout the system and for specific groups.

    Without this access, users can create only adhoc approval processes on items they have access to manage.

    Companies

    Add new and edit existing companies in Workfront.

    Without this access, users can only view existing companies.

    Custom forms

    Create and manage all custom forms within their group.

    Without this access, users can only attach existing forms to the objects they have access to contribute or manage.

    Exchange rates

    Add new currency in Workfront.

    Without this access, the user can add an existing currency only to a project they create.

    Expenses

    View all expenses on objects in Workfront.

    Without this access, the user can only view the following:

    • Expenses on projects, tasks or issues they manage
    • Their own expenses
    • The expenses of their subordinates

    NOTE: This does not allow the user to create new Expense Types.

    Job roles

    With this access, the user is allowed to do the following:

    • View and edit existing job roles
    • Add new job roles
    • Edit role billing and cost rates

    For important information about access to financial data that is available to a Standard or Planner user with administrative access to job roles, see Standard or Planner users with administrative access to job roles.

    Milestones in my group

    View all the milestone paths in the system under the Milestone Paths menu in Setup. Users can also edit or delete any milestone paths belonging to any of their groups. Users cannot manage (edit or delete) milestone paths that are not assigned to their of groups.

    Without this access, users can only view existing milestone paths and apply them to projects they have access to manage.

    Reminder notifications

    Create and manage reminder notifications in Workfront.

    Without this access, users are limited to receiving and viewing notifications.

    Timesheets & hours

    Group administrators can assign timesheet profiles to users in the groups and subgroups they manage.

    Without this option enabled, group administrators cannot assign timesheet profiles to other users in the groups and subgroups they manage, although they can create them.

    All other users with a Standard or Plan license can view all hours and timesheets in Workfront.

    Without this option enabled, users can view hours only on:

    • Projects, tasks or issues they manage
    • Their own timesheet
    • A timesheet of someone that reports to them
    • A timesheet they approve
  6. Click Set additional restrictions, then set any of the following restrictions for the access level.

    note important
    IMPORTANT
    For external users such as vendors (anyone not in your organization), we recommend that you restrict access to tasks, projects, updates, announcements, other companies, teams and groups.
    table 0-row-2 1-row-2 2-row-2 3-row-2 4-row-2 5-row-2 6-row-2 layout-auto html-authored no-header
    Never give access to the whole project when assigned to a task or issue

    Prevents users assigned to tasks or issues to also gain permissions to the parent project, even if the project permissions allow that.

    For more information about configuring the permissions on a project, see the section in the article Edit projects.

    Never inherit document access from projects, tasks, issues, etc... Prevents documents from inheriting the permissions set on their parent object.
    View only updates in which they have been included in the conversation

    Enables users to see only comments where their name or the name of their team has been included.

    NOTE: This prevents users from subscribing to items in Workfront. For more information about subscribing to items, see Subscribe to items in ÃÛ¶¹ÊÓƵ Workfront.

    Never allow users to delete comments

    Prevents users from deleting the comments they make on items.

    NOTE: No one can delete the comments of other users.

    View only companies, groups & teams they belong to

    Allows users to view and share items only with companies, groups, and teams they belong to.

    NOTE: Users with Requestor licenses cannot view companies they do not belong to, even if this option is selected.

    Never allow visibility of Planned Hours or Actual Hours Prevents users from seeing the Planned and Actual Hours of work items they have access to. They can, however, see Actual Hours they log themselves, or hours that are logged by someone who reports to them.
    Never allow users to delete announcements Prevents users from deleting announcements in the Announcement Center. For more information, see Send announcements.
  7. (Conditional and optional) If your Workfront system is set up for users that belong to multiple companies, restrict the visibility to other users based on what company they belong to in the section People in other companies should only view users from.

    You can restrict the users to see just users from their own company or from the company you designated as the primary company. The primary company typically represents your Workfront account where most of your users work. For more information about the primary company, see Create and edit companies.

    note note
    NOTE
    If two users belong to two different companies, but they can both see users from the primary company, they can see the Updates area associated with the primary company.
  8. (Optional) To configure access settings for other objects and areas in the access level you are working on, continue with one of the articles listed in Configure access to ÃÛ¶¹ÊÓƵ Workfront, such as Grant access to tasks and Grant access to financial data.

  9. Click Save.

    After the access level is created, you can assign it to a user (unless it is a System Administrator access level).

    For more information, see Edit a user’s profile.

    For information about how an ÃÛ¶¹ÊÓƵ administrator assigns a System Administrator access level to a users, see Grant a user full administrative access.

Standard or Planner users with administrative access to job roles planner-users

If you grant a Standard or Planner user administrative access to job roles, the Edit Role Billing & Cost Rates setting is automatically enabled for the user automatically.

Later, if you disable administrative access to job roles for the user, job roles are still visible to the user because the Edit Role Billing & Cost Rates setting is still enabled.

If this happens and you need to remove the user’s access to view job roles, you need to disable the user’s Edit Role Billing & Cost Rates permission setting. For instructions, see Grant access to financial data.

recommendation-more-help
5f00cc6b-2202-40d6-bcd0-3ee0c2316b43