Changes to asset Admin permissions and new Plan Asset Admin role, now generally available!
Answers
-
@Michael Chohrach are you a member of the Early Adopter Program (EAP)? If not that may be why you did not see it. As our SYS ADMIN and Smartsheet Product owner myself and my admins are members of this program.
You can find more information here if you are not a member:
MARLANA KALINOWSKI
Sr. Business Analysts / Smartsheet Solutions
National Pharmacy Services | Genoa Healthcare
-
Yes, I am a member of the EAP. I can see the announcement on the main Announcements page but I would have expected to receive an email notification instead of having to be actively monitoring the EAP group page.
-
Check your notification settings under the "bell" icon. I have everything enabled under there because I like to see what is happening in the community😎
MARLANA KALINOWSKI
Sr. Business Analysts / Smartsheet Solutions
National Pharmacy Services | Genoa Healthcare
-
Yep, already have everything enabled there.
-
Hi Everyone,
Thanks again for your patience and feedback. We wanted to provide an update with Asset Ownership and the initial launch.
We launched on Wednesday but unfortunately we discovered additional issues with the Asset Ownership changes around multiple deactivated admins on an asset and decided to roll back the release. We are working on a fix and will update the community when we have a new launch date.
The release will contain the changes we originally listed:
- Introduction of the new Plan Asset Admin role
- Enabling Admins on an asset to have the same permissions as Owner (rename/delete)
- Updating the Access Request notification flow to
- Send access request to owner and admin(s)
- If owner is deactivated and no admins exist, send to Plan Asset Admin
- If no Plan Asset Admin is assigned, send to SysAdmin
If you have admins in a workspace or on an asset, they will get the access requests notification. This is to ensure the requests are going to people who are managing the asset and the requests aren’t bottlenecked on an individual person. It helps solve the issue when the owner is no longer at the company or on vacation and the access requests are not fulfilled.
If you have current Admins who should not be approving access, we recommend lowering their access level to be Editors. We are also looking at introducing a new permission on assets between Editor and Admin that may help in the future. This was hinted at in the following blog that also talks about some of the new features that are also coming.
For those who ran into issues with their dashboards, this was a separate issue that happened around the same time. The details are here for those who are interested.
-
@QuanT Thank you for the update, but I feel there is a flaw in the logic.
I have a scenario where I am an ADMIN on a workspace as an external Smartsheet Consultant. The Owner is present in the workspace too. I need ADMIN level access as I am making changes to filters, column properties etc which an EDITOR cannot do.
I received Access Request notifications on assets in this workspace, due to being an ADMIN. If the client downgrades me to EDITOR then I will NOT be able to perform my updates to the assets in the workspace. I need ADMIN access to do this. I DO NOT want to receive Access Permission Requests. There are lots of Admins on this workspace, all there to be able to create items, or update the workflows or edit conditional formatting, all the things that you need Admin access for. NONE of them should be receiving Access Requests, just the Owner of the workspace. This is a big issue for consultants.
With the changes, how can I be an ADMIN on a CLIENTS workspace without receiving Access Permission Requests?
-
Hi Debbie,
While we can't share more details at the moment, we are looking at introducing a new permission on Smartsheet assets between Editor and Admin in the coming months. This new permission set will be able to update filters, column properties, etc. When this releases, your customer will be able to downgrade you down to that new permission and you will be able to complete your tasks without receiving access request notifications.
-
Hi @Lekshmi Unnithan Thank you for taking the time to speak and give updates. That really helps us prepare for system changes like this. I have a couple of questions for @QuanT and yourself.
If one of the purposes was to allow users managing the assets (ADMINS in your example) to not bottleneck on an individual person, why wasn't Owner permission name just changed and allow multiple "Owner" permissions to an assets, etc. and leave Admin level alone? This would allow the creator of the asset the ability to add more (their own control level) than one to an asset?
OR
Just change Owner permission name and apply that new Plan Asset Admin checkbox option in Admin center and anyone who has that checked would receive user access alerts on assets they are Admin level on on? Again, allowing, SystemAdmins in this case, the ability to decide who should receive user access alerts and who shouldn't.
Additionally, only Licensed users should receive user access alerts on assets. A non-licensed user at Admin levels shouldn't be allowed to receive those user access alert emails. They are most likely an Admin on the asset to override locked rows/columns, etc.
If the above happens, and the Admin permission level user access alert emails come back, will they be rolled out the same time this new permission level between Admin and Editor? They should be tested together to give a better sense of those changes.
Thank you for your time reading my feedback,
Michael
Michael Halvey
"Strive for Progress, not Perfection."
-
Hi @Lekshmi Unnithan / @QuanT,
Thank you for finally providing some clarity and additional information we have all been waiting for. When this was launched (per-maturely IMO) last week for those few nightmarish hours, i was overwhelmed by 20+ people informing me they received requests to assets within their dept. And although i too received those emails, i was still able to control who can access those assets due to downgrading all admins the week before in preparation for this roll-out. But now that this was rolled back and the eta is still pending, i have to grant admin rights back to those i removed temporarily and fear that if i do grant them back, that your team will just roll out the new one without informing us again causing another nightmare for us SA's.
As @MHalvey and @Debbie Sawyer mentioned/suggested above, rolling this out based upon your DRAFT action plan, still has too many variables/issues that still need to be tested. I don't want to speak for others who are following this as closely as i am, but I would highly suggest testing and testing and more testing before adding a NEW Permission option making sure it has satisfied all possible issues that can/will occur once rolled out.
If the NEW Permission User (Adv. Admin / Owners Assistant / whatever you will call it) is going to follow those permissions you outlined above, then great, but if your still unsure, then as i have mentioned before, to create the "toggle off the Account Notification Requests from the Admin Center" so that the account SA's can control these types of account notifications for companies like ours/others who already have an on-boarding / access process in place, rather than having to deal with unauthorized access / permissions from current admins who are not familiar with their company's specific protocols. This is just my two cents and hope that your taking all of our concerns/suggestions/comments seriously as we are the ones who are using this expensive program under the assumption that it can/will meet our companies needs based upon the plan(s) we purchased. 😊
Julie Becker ☠️
Construction Project Engineer / Coordinator & Software Program Oversight Mgr. 😉
Successful People Are Not Gifted; They Just Work Hard, Then Succeed On Purpose‼️
-
-
@Julie Becker I just want to point out that anyone with admin permissions can grant admin permissions to anyone else, at any time. This has always been the case.
And I do agree that more testing and a new permission level would be fantastic. And communication of these upcoming changes directly to system admins via email would highly be appreciated.
-
Hi @Samuel Mueller - yes i am aware of the current Admin's sharing ability, but all our users know they cant share outside their own dept. since i run sheet access reports monthly and lecture anyone who deviates from our protocols, but the concern i have is them granting permission to outside users (who may/maynot have an official account with us) or users not in their dept, as those go to the owner/me so that i can investigate who they are and why they need access to possible sensitive data. Most users just share without thinking and giving them power to just share to anyone who asks is where i draw the line. hope that makes more sense 😁
But thank you for the clarification (i should have worded it differently).
Julie Becker ☠️
Construction Project Engineer / Coordinator & Software Program Oversight Mgr. 😉
Successful People Are Not Gifted; They Just Work Hard, Then Succeed On Purpose‼️
-
Hi Everyone,
Thanks again for your patience and feedback. We wanted to provide another update with Asset Ownership and the initial launch.
We were able to fix the issues around multiple deactivated admins on an asset and are working on rolling out phase 1 of the asset ownership changes on March 25, 2024.
As previously mentioned, the release will contain the changes we originally listed:
- Introduction of the new Plan Asset Admin role
- Enabling Admins on an asset to have the same permissions as Owner (rename/delete)
- Updating the Access Request notification flow to:
- Send access request to owner and admin(s)
- If owner is deactivated and no admins exist, send to Plan Asset Admin
- If no Plan Asset Admin is assigned, send to SysAdmin
As a reminder, if you have admins in a workspace or on an asset, they will get the access requests notification. This is to ensure the requests are going to people who are managing the asset and the requests aren’t bottlenecked on an individual person. It helps solve the issue when the owner is no longer at the company or on vacation and the access requests are not fulfilled.
If you have current Admins who should not be approving access, we recommend lowering their access level to be Editors. We are also looking at introducing a new permission on assets between Editor and Admin that may help in the future. We will definitely reach out to SysAdmins via email and Community when we have more details to share about the new permission and its estimated release timing.
Thanks.
-
Hi @QuanT - any thoughts as to whether Smartsheet will provide a tool for identifying assets that currently don't have an Admin? This will help us insure that a "local" admin exists rather than routing access requests to the Plan or System Admin? Thanks.
-
1) Will we still be able to transfer ownership as we have been doing?
2A) Is the notice below correct under the update: deleted items will go to the owner's delete folder and only the owner can recover?
2B) What happens if the owner is gone and ownership hasn't been transferred?
Thank you.
Categories
- All Categories
- 14 Welcome to the Community
- Smartsheet Customer Resources
- 63.9K Get Help
- 410 Global Discussions
- 220 Industry Talk
- 457 Announcements
- 4.8K Ideas & Feature Requests
- 143 Brandfolder
- 136 Just for fun
- 57 Community Job Board
- 459 Show & Tell
- 31 Member Spotlight
- 1 SmartStories
- 298 Events
- 37 Webinars
- 7.3K Forum Archives