Expand my Community achievements bar.

Join us LIVE in San Francisco on November 14th for Experience Makers The Skill Exchange. Don't miss out on this free learning event!
SOLVED

How do access levels work with inherited permissions?

Avatar

Level 1

Hi everyone, 

 

I was wondering how inherited permissions and access levels interact. We've discovered a few projects and requests that have inherited rights. We discovered a way to delete inherited rights, although we're not sure how this happened.

1 Accepted Solution

Avatar

Correct answer by
Community Advisor

Hi there! Inherited permissions deal with object sharing/access, whereas access levels deal with permitted behaviors. For example, you can specify if a role type can delete documents in an access level, that is not something related to an inherited permission (generally speaking).

If someone has inherited perms on a project that you didn't expect to, they likely have access to the program the project is under, so they inherit access to projects within that program.

Permissions work down, not up. So if someone has manage access on a portfolio, they will have access on the programs and projects within it (going down) unless otherwise specified on the program and/or project's sharing. On the other hand (going up), if you remove someone's access to a specific project, it's doesn't mean they won't have access to other projects in the program or the portfolio.

Here is an article that goes into sharing/inherited perms and has relevant links within: https://experienceleague.adobe.com/docs/workfront/using/basics/grant-request-object-permissions/shar... 

There is more to say here but this is generally the divide...lots of documentation on it in experience league. 

Please mark this correct if this was helpful to you in order to help others : )

If this helped you, please mark correct to help others : )

View solution in original post

2 Replies

Avatar

Correct answer by
Community Advisor

Hi there! Inherited permissions deal with object sharing/access, whereas access levels deal with permitted behaviors. For example, you can specify if a role type can delete documents in an access level, that is not something related to an inherited permission (generally speaking).

If someone has inherited perms on a project that you didn't expect to, they likely have access to the program the project is under, so they inherit access to projects within that program.

Permissions work down, not up. So if someone has manage access on a portfolio, they will have access on the programs and projects within it (going down) unless otherwise specified on the program and/or project's sharing. On the other hand (going up), if you remove someone's access to a specific project, it's doesn't mean they won't have access to other projects in the program or the portfolio.

Here is an article that goes into sharing/inherited perms and has relevant links within: https://experienceleague.adobe.com/docs/workfront/using/basics/grant-request-object-permissions/shar... 

There is more to say here but this is generally the divide...lots of documentation on it in experience league. 

Please mark this correct if this was helpful to you in order to help others : )

If this helped you, please mark correct to help others : )

Avatar

Level 4

Access level is the maximum permission a user has for any of that object in the system.

Sharing is the maximum permission for that user/team/group/role on an object and sub-objects.

 

For any given object you get the lessor of those 2 things.  So if you have manager as shared permissions, but read-only edit access level you will get read-only on the object.

 

If you try to assign a user individual permission to an object it will warn you about access levels, but groups, teams and roles can all have a mixture of access levels involved.

 

If you have multiple routes of shared access on an object, you get the highest level, unless a lower level is specified strictly for the user. 

 

So it's all a little confusing, but access level is your upper limit period throughout the system.  If you don't have the license to drive a semi-truck you can't legally do so, no matter how many semi-truck keys you have.  Conversely you can have a license to drive a commercial vehicle and no vehicles you can drive.  Either way you shouldn't be driving a big truck, but that doesn't impact your permission to drive a personal car that you do have keys and a license for.