Workfront

CBuckwal · 1/22/24

We have confidential requests that our whole group can submit, but only a few people can view the completed request due to the confidential information. I need to be able to limit the confidential requests from the whole group's view, but allow request visibility to the small group allowed to see the request contents. How can I do that? I would like to remove group view to the Submitted Requests page, but that doesn't seem possible. Support suggested using companies but I don't think that is a good solution for this since these requests are within our full work group. The request queues for the confidential requests have to be open to all for submission, so limiting the queue view in details won't help. Any suggestions would be appreciated.

skyehansen · 1/22/24

I feel like there's something missing from your explanation. Otherwise there's no way Support would have suggested using Companies as a solution.

What is visible to ANY user on the Submitted Requests page, is based on a combination of their permission on a project by project basis PLUS any other permission they have to the request itself. Specifically we are talking about the projects that house the other requests.

When your users go to the Submitted Requests page, they should be able to see their own requests, and then requests that are in any project that they have permissions to see.

From this point on, it just becomes a question of how you have configured your projects and there are a couple of options here.

0) check your queue and queue settings -- your queue project should not be broadly shared if it's possible to instead configure the "Who can add requests to this queue" section in Queue Details. This will lock down the ability for people to randomly get shared to that project and see everything.

1) you could opt to route the confidential requests in a different way, to a more locked down project that fewer users can see.

and / or 2) you could additional opt to configure the project settings (edit your project and go to the access section) so that users who gain access to the request in some way (e.g. by being assigned to the request), do not gain any additional access to the project (this would allow them to see all the requests just because they got assigned to one.)

CBuckwal · 1/22/24

Thanks very much for your quick reply. I'll explore the very helpful options that you listed.

For reference and to make sure that I didn't leave anything out in my original post, my support ticket text for this question is copied below:

"Is there any way to hide the Requests-Submitted page? I don't see that as an option in layouts. We have a workflow where a request topic is open to all users but the requests submitted to this topic need to remain confidential and only visible to the intake team associated with the confidential request. Any suggestions would be appreciated, since this type of workflow will be used with many groups."

skyehansen · 1/22/24

What a strange answer. Maybe the tech support person read your question backwards? Or maybe I'm reading your question backwards? Who knows.

Based on both your sets of questions, I would probably have you create a routing rule specifically for your Confidential queue topic, and route requests using this queue topic to a separate Confidential Requests project. In this Confidential project, make sure people who are assigned to tasks and requests do not get additional access to the project. If you want a smaller group of users to be able to see ALL the requests in here, share the Confidential Requests project with that smaller group.

CBuckwal · 1/23/24

I'll give that a try. Thanks for your help.

CBuckwal · 1/30/24

I've set up the confidential queue topics routing to confidential projects with very limited permissions and that has worked out well. The only issue that I see is that Request owners can edit their own Requests and copy it, convert to a project or task, add to Boards (user access level depending), although the confidential project only has the Requestor with contribute-edit custom field permissions from the Requestor submitting the request to the confidential queue topic. Has anyone found a work around for that issue?

skyehansen · 1/30/24

Ultimately, that part sounds like a training issue. The workaround would be training the user not to do this. For example, it's easy to set up a report showing if anything has been converted into a project, and who did this action. Our project and request statuses are linked to each other, so it's also very visible when this happens, as the request status will change -- but having a report is certainly a nice addition. For example, if someone converts a request to a project, the request status will change to "Project: Setup" right away. When the project status changes to active, the request status will change to "Project: Active"

The team responsible for this workflow can unlink the request from the project and one of your admins can delete it, as well as escalating in whatever way makes sense for your company (15 minute training meeting, chat with user's manager, etc.). For our company, we would try and discover why the user felt the need to create a project and set up a workflow to accommodate this if it's necessary.

We have a similar workflow with confidential requests. A few of them do get converted to projects every year, but we have 10000 requests a year, so this isn't something that happens often. Our workflow team is good about letting us know, and if they happen to miss one, we usually catch it on cleanup. It's also an opportunity for creating a Fusion automation that detects when this happens and simply deletes it immediately.

CBuckwal · 1/30/24

Great ideas! Thanks very much.

CBuckwal · 2/13/24

One additional question about confidential groups, which would be used for sharing the confidential request converted projects and be attached to queue topic confidential landing projects. Should any confidential groups only be created as a top level New Group? There doesn’t seem to be risk of accidental sharing if the confidential group is a sub group of a main group. But I'm not sure of this since I’ve done some testing with the groups, but still very much in the build phase of the confidential projects. Thanks

RandyRoberts · 1/24/24

Is this what you're wanting to hide? If so, you can't and it's violating all our confidentiality policies. Our executives have complained about this for years.

CBuckwal · 1/30/24

Yes, I was referring to the Submitted Requests page in my initial question. But the answer that I received allowed me to add permissions to the confidential requests to they aren't available to view by all users. But I think it would be nice if we could edit the layout or hide the Submitted Requests page, since it doesn't really offer a lot of options to view the Request information.

Workfront

Hide Confidential Requests in the Submitted Requests page or hide the Submitted Requests page

Learn

Documentation

Community

Support

Resources

Adobe account

Adobe