Workfront

CathyGl · 3/24/21

I’m hoping to hear from others on how you manage calendars. At the moment I’m struggling with a best practice around calendars owned by people who were deactivated or need to be deactivated.

I read and understand the options listed on Workfront One, here’s where I’m at.

I’m not alerted that a calendar is owned by someone when deactivating them. On the surface it seems easy to just check before deactivating someone, but I just had this happen. We had a user that was once a Planner, created an email deployment calendar that’s used by an entire region, then moved to a new position in the company and became a Reviewer. As a result of the shift his license was changed and his layout template changed to a reduced view with no access to calendars. Fast forward a bit, now he has l left the company and needs to be deactivated. When logging in as him to check for open account activity before deactivating him, the Calendar link was hidden in his layout template‚Ä¶I’m sure you get where I’m going.

I thought about following the instructions on One and having a person (admin, group admin or otherwise) copy the calendar owned by someone getting deactivated so they can become the owner. But what happens when the new owner leaves? We’re back to square one.
I also thought about creating an admin account, who then becomes the owner of calendars, but am concerned about sharing the account credentials with multiple people.
I also thought about changing the person’s (the one that owns the calendar and needs to be deactivated) account name to something like,

First name: Calendar Owner
- Last name: <name of calendar>
- Email address: <dummy version of my email address>

Have you found a way to manage this successfully?

Doug_Den_Hoed__AtAppStore · 3/24/21

Hi Cathy,

Practically, I'd go with option 2, and to mitigate your concern about sharing credentials, encourage you to think about having only one SysAdmin account (pause, while crowd gasps), used only as needed by the inner sanctum of SysAdmins who would otherwise all use their own personal, powerful, but not-quite-SysAdmin level accounts. In this fashion, all of the most important Workfront "plumbing" (including Calendars in particular) is then owned by "the" SysAdmin account, independent of promotions and churn, and philosophically (although I admit it takes some getting used to), the notion of logging in As SysAdmin becomes more intentional, and perhaps even governed.

@Shawn Loutensock‚ this one seems up your alley; any other battle scar advice you can offer?

Regards,

Doug

skyehansen · 3/24/21

I'd vote on Heather's idea first: https://one.workfront.com/s/idea/0870z000000XiOnAAK/detail and second, I recommend you train all users from the start, that any calendars they develop for outside use should be shared with a system admin who will then document, copy, and publish it, using your Service Account (the generic system admin).

Summary:

1) the service account owns the copied calendar and not the original. (not sure who would need the pwd to this account)

2) the original calendar creator can be given manage rights to the copy to continue development and should probably delete the original.

3) the copy happens long before the owner leaves and there's documentation on the intention behind the calendar which is great since fields change, get deleted or are added and now that you can add custom date fields to a calendar you need to know who to notify when you change or add custom dates anyway.

4) the documentation is audited yearly and calendars are either deprecated or enhanced as needed.

CathyGl · 3/25/21

Thank you @Doug Den Hoed‚ and @Skye Hansen‚ both great ideas to consider. It sounds like you both use a generic admin account.

Doug, the model of having system admins as group admins is interesting. If you have multiple people logging in to the Sys Admin account have you heard of issues with two people logging into it at the same time?

@Skye Hansen‚ Thanks for the link to Heather's idea. I upvoted it. I would love to see some focus time on the calendars area in general. We use it a lot, we have calendars for showing open paid media slots so people can submit requests to grab those openings and what is booked and go-live dates, calendars for our email deployment (as noted) for each region, webinar event schedule, to name a few.

Doug_Den_Hoed__AtAppStore · 3/25/21

Hi Cathy,

No, Workfront does not restrict the same user from being simultaneously logged in multiple times.

Ethics vs Economics aside, the practical flaw in broadly exploiting that ability is the lack of auditability: in order to know who did what within Workfront (i.e. via Update Feed, Notes, Entered By fields, and Audit logs), Best Practice is to provide each user their own named user id and entrust them to protect it with a password they do not share.

In this case, however, for the cost of one extra License and some prudent conventions around sharing a single SysAdmin license, the benefit is the continuity gained by ensuring that core aspects of Workfront are centralized under a single "permanent" account's ownership, and that work done with that account is done carefully and deliberately.

My colleague @NRYN R - inactive‚ first put me onto the concept a couple of years ago, having himself learned The Hard Way and might be able to add some additional insights. I am now a fan in principle, although (as I admitted) I do find it a bit jarring to get used to, particularly in my unique position with access to all of our client's Workfront environments, most of which, with SysAdmin privilege.

Regards,

Doug

CarolynGl · 2/2/22

I'd just add a suggestion to upvote this idea as well -- we really should be able (as named Sysadmins) to change the owner of a Calendar without having to resort to these workarounds! https://one.workfront.com/s/idea/0874X000000oNv0QAE/detail

Workfront

What's your method for handling Calendar Owners that need to be deactivated?

Learn

Documentation

Community

Support

Resources

Adobe account

Adobe