Expand my Community achievements bar.

Join us LIVE in San Francisco on November 14th for Experience Makers The Skill Exchange. Don't miss out on this free learning event!

Allow group admins to have full access for 'User Admin (All Users)' without making CREATE AND DELETE mandatory

Avatar

Level 4

1/16/19

We would like to see the ability for Group Admins to be User Admins WITHOUT being required to also give them access to DELETE users.

Since Workfront allows users with logged hours to be deleted, we have already run into an issue where a user with time billed was deleted. And now we have no way to tell who those hours belong to, which has caused some probably with our revenue reporting.

In order to avoid this in the future -- we removed the ability for our group admins to delete users.

Unfortunately, when we took away the ability to delete users -- it then removed the User Admin access rights, as Create and Delete are both required to give that functionality.

Now our group admins are unable to even add users, as they get an error stating they do not have access to the job role. They are also unable to edit the federation ID -- which we require as we have SSO enabled (as I assume most other enterprise level users do as well).

We don't think you should be able to have access to DELETE users in order to successfully be able to add users and update federation id's.

I suspect other large enterprise companies, especially those whose revenue recognition is tied to hours and users, will run into this issue where a user is accidentally deleted and then they have big headaches.

If you have, please vote!

If you have not already, please take this as a WARNING and a PLEA for help. :)

------------------------------------------------------------------------------------------------------

Below is the feedback we received from WF support about both of these:

Job Role:

The product manager over this area has let me know that to be able to assign a user a job role which you do not have yourself, you must either be a system administrator or a plan license user with the "User Admin (All Users)" access in your access level.

Federation ID:

The ability to delete users is not directly tied to the ability to edit the Federation ID. The ability to edit the Federation ID comes from the "User Admin (All Users)" checkbox in the Users section of the Access Level. Even if you have "User Admin (Group Users)", "Create", and "Delete" all checked, you cannot edit the Federation ID. The problem for you guys is that "Create" and "Delete" are mandatory with "User Admin (All Users)".

1 Comment

Avatar

Employee

1/10/24

Thank you for the submission! We think this is a good enhancement to the Workfront platform overall and this product area in particular!

 

Workfront currently prioritizes large-scale, foundational enhancements such as the new Reporting experience and changes to the core data model, so this item does not fit in our near-term roadmap. As such, I am marking this as Declined now, but we'll keep this in our backlog for the improvements for this area so that we can revisit the decision in the future.

Status changed to: Declined