Workfront

DavidBa · 3/6/18

Hello, My company is new to Workfront. During my implementation I was surprised to learn the level of access an Admin user has in the system. I come from an IT background and we are implementing Workfront to help manage IT projects. It is very rare to see a user in a business system have access to everything, I understand that the Admin users need access to the system Setup options but I don't understand why they also need access to all projects, templates, requests, workflows, queues, etc. I went through the recommended training for projects, templates, requests, workflows and feel that PMs should authorized to these functions leaving Admins to only handle the system setup functions and provide the authorize users to other functions. Are there any Workfront users who have had to address this concern? I would like to here how you are handling this. Dave Barry Dawn Foods

VicAl · 3/6/18

Hi Dave, I work in IT as well and am the System Administrator for Workfront (and also a PM in our PMO). We use it for projects and Agile Scrum work and more. I understand your concern, but I will say I have found it useful to have the full access because I frequently get questions or issues about people's projects, tasks, issues, etc. Coincidentally many times it has to do with people not being able to access projects, tasks, issues, etc. Then there's creating reports for management, etc. If I don't have access to the projects it won't show the data. Of course I can ask them for access, but it would become time consuming (at least for everything that I'm doing in my role). I can see both sides of what you're saying, and that it may not be completely necessary to have all that access. But since I'm a member of the PMO having access to people's projects isn't detrimental. We have full transparency, so in our case there really shouldn't be anything I'm seeing that is top secret or out of bounds. So for us, the access has not become an issue. I haven't looked it to it much because we won't be using it at this time, but there is a new Group Admin functionality that was just added in this release. From what I read it will allow you to pick and choose with people in that Admin Group can do. Perhaps that's an option to explore. Vic Alejandro, PMP, CSM | IT | Sr. IT Project Manager Denver Water | t: (303-628-7262) | c: (303-319-6473) "http://www.denverwater.org/"> http://www.denverwater.org INTEGRITY | VISION | PASSION | EXCELLENCE | RESPECT

pco88 · 3/6/18

Plan licenses do not have to have Admin functionality as well as there is now Group Admin functionality that you can also use which would be sorta like a lesser admin functionality although we haven't actually made use of that yet. The main Administrator should have access to everything - you want to be able to troubleshoot before you send off a ticket to helpdesk. Polly Co

WinfieldDe · 3/6/18

Hi Dave, At my last company, where I also implemented Workfront and was an admin, we had 3 system admins in our department & gave PM's access to create portfolios, programs, etc. and man did it get messy fast. We had PM's deleting Portfolios/Programs that shouldn't have been & we had them creating things they didn't need to be! We tightened up the reigns A LOT on the PM's access level, because it was a lot of babysitting/clean up on our side that we had do on a daily basis. We found it best that our admins were the "gate keepers" of Workfront. With too many hands in the pot, you'll lose all the organizational benefits that Workfront provides :) As Polly mentions, in the 18.1 release, they did release a "Group Admin" functionality, but we have yet to explore/test in our system. Winfield Dean Intercontinental Hotels Group PLC

SkyeHa · 3/6/18

We have a similar experience as Winfield. Any time we try and give the PMs more responsibility, it fails based on the inability of PMs to work in concert (to make sure that they don't affect each other negatively), and based on the fact that we all have specific skills and some of us are just not good at managing Workfront. Keep in mind (at least for my company) the PMs have a job. It's to manage their project. Workfront is supposed to help this, but they aren't interested in spending a lot of time programming Workfront to meet their needs. For the few who have this sort of geekiness inherent in them, we turn them into system admins and we trust that they aren't using that visibility to go looking into projects for more information than they need to have. How is it that being a system admin in Workfront should be different than being a system admin in general? -skye

EricLu2 · 3/6/18

Hi: We have a Sunshine Rule at my Company (We're in Florida) – Everything is visible to everyone. Having a SysAdmin with visibility into everything isn't a problem, as everyone can see everything. A PM should not be keeping secrets. The problem with not being able to subdivide the work of a SysAdmin is that I can't have one person take care of creating/deactivating users without also giving them permission to everything else. For us, having Omniscient Admin access limits our ability to split up the role of a SysAdmin without giving people lots of privilege they don't need. Eric

DavidBa · 3/7/18

Thank you all for your comments, they are very helpful. I'm not too concern within my IT department but I hope to expand the use of Workfront in our R&D department where they may have requests and projects that are of a more confidential nature. I will look into the Group Admin function with my Workfront implementation team. Dave Barry Dawn Foods

SkyeHa · 3/7/18

Dave -- are you going to LEAP this year? Seems to me that @Darin Patterson gave a session talking about this type of scenario in 2016 and I know someone in a different company who was facing the same issue (marketing campaigns that needed to be kept deeply secret from the rest of the company). It's always worth having a conversation about it. But I think normally if it has to be this secretive, the secretive department would need to look into a separate instance of Workfront. -skye

darinpatterson · 3/11/18

Thanks for the callout Skye. I'll be at Leap in Nashville this year as well with a follow up presentation. Happy to chat about that topic and more and the event. Cheers. Darin Patterson Workfront

MarieKe1 · 3/12/18

Dave - At our organization we also had the issue of confidential projects. In general, we follow total transparency, with everyone seeing everything. But, an instance did come up where this could not be followed. We handled this by creating a confidential portfolio that did not have share rights - no global sharing - we only shared with those we specifically wanted to provide access. We also had specific project templates that provided different project rights/access. As long as projects were created from the non-sharing templates, then even if an assignment was made outside of who 'should' see the project - they only had access to their assigned task. Our key here was that the person creating the confidential projects had to follow the process. So far, this is working for us. Marie Kelly The MetroHealth System

EricLu2 · 3/12/18

Marie – We do the exact same thing, successfully. Eric

StefaniaSl · 3/14/18

We are currently facing the same problem of having a totally secret project that only certain people can have access to. Fortunately for us the Admins are part of the project. We created a separate portfolio and gave specific people access to the portfolio. This portfolio is excluded from any daily reporting but we did duplicate the needed reporting in this portfolio. Maybe that will work for some of you. 1 Verizon Way | Basking Ridge, NJ 07920 Stef Slobuski | ( (908) 559-8606 | : (973) 476-7011 * : Stefania.Slobuski@VerizonWireless.com The information contained in this message and any attachment may be proprietary, confidential and privileged or subject to the work product doctrine and thus protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify me immediately by replying to this message and deleting it and all copies and backups thereof. Thank you.

Workfront

Admin Authority access to everything

Learn

Documentation

Community

Support

Resources

Adobe account

Adobe