Hi everyone,
I was wondering how inherited permissions and access levels interact. We've discovered a few projects and requests that have inherited rights. We discovered a way to delete inherited rights, although we're not sure how this happened.
Solved! Go to Solution.
Hi there! Inherited permissions deal with object sharing/access, whereas access levels deal with permitted behaviors. For example, you can specify if a role type can delete documents in an access level, that is not something related to an inherited permission (generally speaking).
If someone has inherited perms on a project that you didn't expect to, they likely have access to the program the project is under, so they inherit access to projects within that program.
Permissions work down, not up. So if someone has manage access on a portfolio, they will have access on the programs and projects within it (going down) unless otherwise specified on the program and/or project's sharing. On the other hand (going up), if you remove someone's access to a specific project, it's doesn't mean they won't have access to other projects in the program or the portfolio.
Here is an article that goes into sharing/inherited perms and has relevant links within: https://experienceleague.adobe.com/docs/workfront/using/basics/grant-request-object-permissions/shar...
There is more to say here but this is generally the divide...lots of documentation on it in experience league.
Please mark this correct if this was helpful to you in order to help others : )
Hi there! Inherited permissions deal with object sharing/access, whereas access levels deal with permitted behaviors. For example, you can specify if a role type can delete documents in an access level, that is not something related to an inherited permission (generally speaking).
If someone has inherited perms on a project that you didn't expect to, they likely have access to the program the project is under, so they inherit access to projects within that program.
Permissions work down, not up. So if someone has manage access on a portfolio, they will have access on the programs and projects within it (going down) unless otherwise specified on the program and/or project's sharing. On the other hand (going up), if you remove someone's access to a specific project, it's doesn't mean they won't have access to other projects in the program or the portfolio.
Here is an article that goes into sharing/inherited perms and has relevant links within: https://experienceleague.adobe.com/docs/workfront/using/basics/grant-request-object-permissions/shar...
There is more to say here but this is generally the divide...lots of documentation on it in experience league.
Please mark this correct if this was helpful to you in order to help others : )
Access level is the maximum permission a user has for any of that object in the system.
Sharing is the maximum permission for that user/team/group/role on an object and sub-objects.
For any given object you get the lessor of those 2 things. So if you have manager as shared permissions, but read-only edit access level you will get read-only on the object.
If you try to assign a user individual permission to an object it will warn you about access levels, but groups, teams and roles can all have a mixture of access levels involved.
If you have multiple routes of shared access on an object, you get the highest level, unless a lower level is specified strictly for the user.
So it's all a little confusing, but access level is your upper limit period throughout the system. If you don't have the license to drive a semi-truck you can't legally do so, no matter how many semi-truck keys you have. Conversely you can have a license to drive a commercial vehicle and no vehicles you can drive. Either way you shouldn't be driving a big truck, but that doesn't impact your permission to drive a personal car that you do have keys and a license for.
Views
Likes
Replies
Views
Likes
Replies