Deleting tasks without access to the project

Hi,

to not loose any tasks due to deletion we are using access roles to not allow users deleting tasks. Also we have splitted editor and project manager access roles (editor our normal coworkers which are not allowed to change dates, share project or folders, or delete tasks, project managers which are allowed to change dates and share projects and tasks).

Now we encountered a problem: if a project manager shares/assignes a task from his project to a coworker this coworker can delete the task. This works as long as the coworker does not have any access role in the project defined.

So two examples:

1) projectmanager shares a task with a coworker, coworker has no access role defined in the project (so is not able to see any other tasks or even the project) --> coworker is able to change dates of the task and to delete it, projectmanager can change dates but not delete the task

2) projectmanager shares a task with a coworker and also gives the coworker access to the project as editor --> coworker is not able to change dates of the task and also not to delete it, projectmanager can change dates but not delete the task

So is it possible to set the standard access for case 1 to edtor? At the moment it seems to be Full Access.

To say that the prject manager shall always give access to the project is not a way, as some coworkers do not need to see the whole project but only their task.

Any idea to avoid the security risk of case 1?

0
Комментариев: 5
Spot On Innovative Approach Stellar Advice
Avatar

Hi Sven Passinger,

Thank you for your question!

Access Roles are set on the space/folder/project level, not on the task level. So when you only share a task with a user, and not the space/folder/project, then the user's permissions on the task will be determined by their license type. In order for the Access Role to be applied, a space/folder/project with this Access Role must also be shared with the user.

So in your case, a possible solution would be to create a new space or folder that is shared with your users. You can then set the Access Role for the users on this new space/folder. When your project manager needs to share a task with a user without sharing their whole project with them, they can tag the task to this new space/folder. The task will be shared with the user and the Access Role set on the new space/folder will be applied.

Please let us know if you have any questions and have a productive day! 😃

Aaron K. Community Team at Wrike Wrike Product Manager Узнайте о самых популярных функциях Wrike и советах по его использованию

Aaron K. Wrike Team member Узнайте о самых популярных функциях Wrike и советах по его использованию

0
Действия с комментариями Постоянная ссылка
Spot On Innovative Approach Stellar Advice
Avatar

Hi Aaron K.,

understood. So if I share a space with someone and put a task in he should have the rights as set in the space. That would be logical. Unfortunately this seems not so in my case. 

My case: In the space the user is set to read only access. Then I have a project with selective sharing inside the space and not shared with the user. Then I share inside the project with the user. So I would expect, when I share a task inside the project that the user gets the read only access from the space as highest level of rights. But he gets Full rights. 

0
Действия с комментариями Постоянная ссылка
Spot On Innovative Approach Stellar Advice
Avatar

Hi Sven Passinger,

The Access Role that a user will have on a task is determined by the immediate parent location (space/folder/project) of the task. In your example, the user has Read Only access to the space, but no access to the project (it's not shared with them). Without an immediate parent location shared with the user to determine an Access Role, the user will have Full access to the task (with permissions equivalent to their license type).

The solution is to tag the task to a parent location (space/folder/project) that is shared with the user and has the Access Role setup for them. Let's look at the example you described:
Here is a Private space that has been shared with Regi G. He has been given the Read Only Access Role.

A project within that space has Selective Sharing Enabled. The project is Private and Regi cannot see it, but the task within this project is shared with Regi.

Because Regi has no access to the immediate parent location, he gets an Access Role of Full.

But if the task is tagged to a second location, a space/folder/project that is shared with Regi, for example our "Selective Sharing Space" from the first screenshot.

Then Regi's Access Role on the task is instantly changed to reflect his Access Role on that shared location, Read Only.

Please give it a try and let us know what you think! 😃

Aaron K. Community Team at Wrike Wrike Product Manager Узнайте о самых популярных функциях Wrike и советах по его использованию

Aaron K. Wrike Team member Узнайте о самых популярных функциях Wrike и советах по его использованию

0
Действия с комментариями Постоянная ссылка
Spot On Innovative Approach Stellar Advice
Avatar

Hi Aaron K.

I think this is no practical way. Because:

So I have in a project a task I want to give to a designer. He should not be able to see the whole project. So I have to make an extra project where this designer has editor rights. As no other designer needs to see the task this place would only be for this specific designer. So for each designer we then have an extra location. That is wasted time for this kind of organizing tasks and not acceptable for a tool for working efficiency. 

So no it is not practicable. Why not taking access rights from higher level or why not giving read only rights as standard. Full rights are dangerous because the user can delete. And deleting means forgetting a task. For a tool which is for project management this is really not acceptable.

0
Действия с комментариями Постоянная ссылка
Spot On Innovative Approach Stellar Advice
Avatar

Hi Sven Passinger, thank you for sharing your use case! I'm sorry to hear that you didn't find Aaron's solution practicable. I'm going to move your post to the Product Feedback forum now. 

Lisa Community Team at Wrike Wrike Product Manager Become a Wrike expert with Wrike Discover

Lisa Wrike Team member Become a Wrike expert with Wrike Discover

0
Действия с комментариями Постоянная ссылка

Folllowing List for Post: Deleting tasks without access to the project
[this list is visible for admins and agents only]

Вверх
Didn’t find what you were looking for? Write new post