Problem Statement
Currently, Smartsheet’s native “Request Access” functionality provides very limited governance and administrative control for enterprise environments.
When users request access to a sheet, report, or dashboard:
- The permission level is automatically predetermined (commonly Editor)
- Users cannot specify the level of access needed
- Business justification fields are optional and cannot be enforced
- Admins cannot customize or standardize the request workflow
- Event Reporting lacks sufficient contextual data to support governance auditing and security reviews
This creates operational and compliance challenges for organizations attempting to manage access at scale.
Requested Enhancements
1. Allow Users to Select Requested Permission Level
Provide configurable access-level selection within the native request dialog, such as:
- Viewer
- Commenter
- Editor
- Admin
Admins should also be able to configure which permission levels are requestable.
2. Allow Admins to Require Business Justification
Provide the ability to make the “Reason for Access” field mandatory.
Additional enhancements could include:
- Minimum character requirements
- Custom prompt text
- Conditional requirements based on permission level requested
Example:
- Viewer access → optional reason
- Admin access → mandatory business justification
3. Add Customizable Access Request Forms
Allow System Admins to customize the request workflow with:
- Custom fields
- Dropdowns
- Approval routing
- Manager approval requirements
- Expiration/duration requests
This would significantly improve governance capabilities without requiring external workaround solutions.
Event Reporting / Audit Improvements
While Smartsheet Event Reporting currently captures many sharing and permission-related events, there are still important governance gaps for enterprise access reviews and auditing.
Specifically, administrators currently cannot reliably report on:
- The business justification/reason submitted when requesting access
- The actual individual who approved or granted the access request
Additional governance-focused metadata in Event Reporting would significantly improve auditability and access management transparency.
Requested enhancements:
- Include the user-submitted access request justification in Event Reporting
- Record the actual approver/grantor of access requests (not only the asset owner when applicable)
- Improve visibility into the end-to-end access approval workflow
These improvements would help organizations strengthen:
- Security auditing
- Compliance reporting
- SOX/internal controls
- Access certification reviews
- Incident investigations
- Enterprise governance processes
Currently, organizations often need to rely on email notifications or external workflows to retain this governance information, which limits centralized reporting and audit capabilities.
Business Impact
Many enterprise customers are building custom workflows outside of Smartsheet using:
- Forms
- Power Automate
- Bridge
- APIs
simply to compensate for limitations in the native access request process.
Providing stronger built-in governance controls would:
- Reduce administrative overhead
- Improve security posture
- Increase enterprise adoption
- Improve audit readiness
- Reduce dependency on external tooling
Why This Matters
As Smartsheet continues expanding enterprise capabilities, governance and auditability become increasingly critical.
Native access requests should support:
- least privilege access
- approval transparency
- enterprise compliance standards
- configurable governance policies
instead of relying on fixed, lightweight collaboration workflows.
This enhancement would make Event Reporting significantly more actionable and valuable for enterprise administrators.
