Access levels and license types

Question

I only just realized that when license types changed to Standard/Light/Contributor/External many of our user's access levels changed to those default types as well. Prior to the change we had a lot of custom access levels set for various user groups, but it seems like those are no longer relevant. Are access levels and licences essentially the same thing now? Has anyone else experienced this?

Secondly, we want the bulk of our users to only have access to projects that they are involved with, but in my discussions with Workfront support it seems like the only way to do that is to grant them access to projects on an individual basis (see below). Does anyone know a way around this? We ideally by default only want users to be able to view their projects in the system and nothing else.

Thank you!

Workfront support response:

By default, Workfront access levels apply broadly, which means users with “View” access can potentially see all projects and documents. If you'd like users to only see the specific items they’re involved in (such as projects they’ve submitted or proofs they’ve been added to), here’s how you can set that up:

Recommended Approach:
Limit Default Access
Set the user's access level for Projects and Documents to “No Access” or “View” (if minimal visibility is acceptable).

Use Permissions for Specific Access
Grant access to individual projects or proofs by:

Adding the user to a project team

Assigning them a task

Including them in a proof workflow

Letting them submit a request

These actions will automatically give them the appropriate access to those specific items.

Project Settings
Ensure that your project settings are configured so that only invited users can access them. This helps prevent broad visibility.

Optional: Bulk Share or Use Templates
For existing items, you can bulk-share access. For new projects, consider using templates to share with the right users automatically.

KatherineLa · Answer

Hi there,

You've got two different concepts in your question, I'll start with the License Types versus Access Levels one first, it's a little easier.

In "old" Workfront, we had 5 License Types (Plan, Work, Reviewer, Requestor and External). In the new structure, that's collapsed to 4 (Standard, Light, Contributor, External). It's not a 100% perfect mapping, but I think of it as if Plan/Work collapsed into Standard, Light is unique and focuses mostly on approvals and then the old Reviewer/Requestor mostly collapsed into Contributor.

As instance admins, we take those license types and create Access Levels from there, to further sub-divide those features into role-appropriate abilities for our users. When I'm explaining these to folks, I explain them as something like your drivers license. They govern the core features that can be accessed at all, much like my drivers license says I can drive a passenger vehicle or a motorcycle, but wouldn't allow me to drive a semi or a school bus. We've got 15 of those, though they all map to one of the 4 license types.

What might look confusing is that when the switch happened, you also suddenly had new Access Levels that did match those new License Types. Honestly, I promptly removed them from our instance, I don't want the clutter. My old ones are just fine. Each Access Level then maps to one of the License Types. I attached a screenshot here showing a few of ours.

If you want to double-check that the new, possibly unwanted, access levels aren't in-use, you could go into the User page and group by 'Access Level'. Check to see that nobody is assigned the extra ones, and then remove them. Alternately, you could keep them around but just mark them as Do Not Use, or Sample Level so you could look at them easily in the future.

The next part is about record-level security, and I'll answer that in a separate response. That continues the silly drivers-license analogy part.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded