Skip to content
English
Submit a Support Ticket
Contact us
  • There are no suggestions because the search field is empty.

Does Asana Support Role-Based Access Control (RBAC)?

Yes — Asana now supports true Role-Based Access Control (RBAC).

As of late 2025, Asana offers organization-level RBAC with custom roles, available to:

  • Enterprise+ customers

  • Enterprise customers with the Permissions Management Add-on

This feature gives super admins centralized control over what users can do across the organization, allowing permissions to be managed by role rather than individually.

What RBAC Means in Asana

RBAC lets you define and manage custom roles at the organization level, ensuring teams have the right level of access while maintaining compliance and consistency.

  • Centralized control: Manage all user permissions from the Admin Console

  • Custom roles: Create roles with tailored permissions (e.g., “Project Manager,” “Finance Reviewer”)

  • Standardized workflows: Apply consistent permission structures across teams

  • Security and compliance: Enforce least-privilege access and reduce risk

  • Delegated management: Allow trusted admins to manage users or assign roles via Okta or Microsoft Entra ID

Standard and Custom Roles

Role Type Description
Super Admin Full control of the organization; manages users and settings. Permissions can’t be modified.
Admin Manages teams, members, and settings. Super Admins can delegate limited user management permissions.
Member Default for internal users (e.g., @yourcompany.com). Standard project and collaboration access.
Guest Default for external collaborators (e.g., clients). Restricted access to shared work only.
Custom Roles Created by Super Admins and based on one of the standard roles. Configurable permissions allow precise control.

Setting Up RBAC

  1. Go to the Admin Console → Members → Manage Roles

  2. Create a custom role with a name, description, and base role

  3. Adjust permissions to match what the role should be able to do

  4. Assign roles manually, in bulk via CSV, or through your identity provider (SCIM integration with Okta or Entra ID)

  5. Set default roles for new internal and external users under Admin Console → Security → Role Defaults

AI Permissions Within RBAC

Super admins can now control access to Asana AI features on a per-role basis, including:

  • Asana AI (top-level toggle)

  • Core AI (on-demand tools like Smart Chat and Smart Summaries)

  • Proactive AI (auto-generated summaries and insights)

  • AI Automations (AI Studio workflows and generative rules)

*Organization-wide AI settings still take priority.

If AI is disabled for your org, it’s off for everyone regardless of role permissions.

How RBAC Differs from Object-Level Permissions

RBAC manages organization-wide access, while traditional Asana permissions (projects, tasks, teams) still control access within specific work objects.
Both layers work together:

  • RBAC = what a user can do globally

  • Object access = what a user can see or edit locally

Tips for Admins

  • Use custom roles for functional teams (e.g., Marketing Analyst, IT Support, HR Partner)

  • Regularly audit roles and assignments to maintain least-privilege access

  • Integrate with Okta or Entra ID for automated provisioning

  • Test new roles with a limited group before rolling out org-wide

  • For teams without RBAC, continue managing access at the project/team level as before

Legacy Note

Before this update, Asana used a context-based access model — permissions were managed at the team, project, or task level, not globally. That model still applies to all non-Enterprise customers, but Enterprise+ orgs can now fully centralize access with RBAC.