You can create sheets, dashboards, reports, forms, and workspaces using Smartsheet. Your plan owns these items to mitigate potential hurdles related to accidental deletions, orphaned items, or lost access requests.
USM Content
This article discusses information relevant to both user models. If you're unsure about your model type, learn how to determine the model your plan is on.
When you create an item, you automatically gain Owner permission to use it. You can then share that item with other collaborators and grant them access by assigning Admin, Editor, Owner, Viewer, or Commenter permissions.
However, it's important to note that items you create are primarily owned by your plan. This ownership model facilitates managing access requests and avoids the risk of losing valuable items when an individual leaves your company's Smartsheet plan.
How do access request notifications work?
Our ownership model ensures that access requests aren't lost or unattended. For example, if a collaborator has Owner or Admin permissions on the item and goes on vacation or is out on leave, someone who is available and has the right permissions on the item can still get notified and review the access request, allowing for uninterrupted service.
The logic is as follows:
Is there an active Owner or Admin on the item?
- If yes, the notification is sent to all of them
- If not, are there any Plan Asset Admins?
- If yes, the Plan Asset Admins receive the notification
- If not, the System Admins receive the notification
How System Admins and Plan Asset Admins can grant access
There are multiple ways in which System Admins and Plan Asset Admins can help grant access whenever item Owners or Admins aren't available.
1. Give themselves Admin permissions
To access the item, either the System Admin or the Plan Asset Admin needs the item's URL.
Here's how to obtain the URL:
- Download the sheet access report from the Admin Center.
- Locate the Key column for the relevant item.
- Attach the key to the following URL: https://app.smartsheet.com/b/home?lx=<INSERT_YOUR_KEY_HERE> to create the item's URL.
If they don't have access to the item, opening it lands them on the access denied page. By selecting the Share to self button, they can access the item as Admins. After that, they can grant access like an item Admin would.
2. Manage requests button
Even if the System Admin or the Plan Asset Admin has zero access to the item, but the item is part of their plan, they can use the Manage requests button to bring up pending access requests and grant access without giving themselves Admin permissions.
3. Share or Request to edit button
When the System Admin or the Plan Asset Admin already has some type of access to the item, they can use the Share or Request to edit button in the top right corner to access extra options and give themselves Admin permissions or manage access requests.
Plan Asset Admins
Plan Asset Admins serve as the backstop to ensure access requests go to someone other than the System Admin in instances where no Owner or Admin is assigned to an item.
System Admins can assign the Plan Asset Admin role to any licensed user. Plan Asset Admins receive access request notifications if there isn't an Owner or Admin defined on the item.
What are Plan Asset Admins allowed to do?
Plan Asset Admins manage access requests on items where no other user has Owner or Admin permissions. They don't have item Admin or Owner-level permissions like the ability to rearrange columns, lock/unlock rows, create forms, add dependencies, etc., unless they're also granted (or grant themselves) item Admin permissions on that item.
By default, Plan Asset Admins don't have access to view or edit the contents of an item. Learn more about sharing permissions levels and role capabilities.
To assign the Plan Asset Admin role
- In Admin Center, select the Menu icon in the upper left corner.
Navigate to Users and Groups > User Roles and Reports.
The User Roles and Reports page (User Management page in the legacy model) displays.
- Hover over the user and select them. The right panel displays.
Check the Plan Asset Admin checkbox.
Brandfolder Image
System Admins
System Admins can handle access requests, grant access when needed, and assign themselves as Admin.
- By default, System Admins can't open items to view them.
- Any permissions granted for items are logged and auditable through Event Reporting in plans where the feature is active. Learn more about monitoring how your organization uses data.
- To ensure existing System Admins can't access specific items, you may need a separate plan and not grant access to any other users.
Other things to know
- As System Admin, you can create a sheet access report in Admin Center to get a list of all items within your plan.
When someone deletes a Smartsheet item, it stays in the recycle bin for 30 days. During that period, they can still retrieve the item from the recycle bin.
Only the Admin who deleted an item can restore it.
- System Admins and Plan Asset Admins can't see the content of an item if they don't have Viewer or greater permissions on the item.
Why do I need a Plan Asset Admin?
The Plan Asset Admin serves as the backstop to ensure that access requests are sent to someone other than the System Admin in instances where an item doesn't have an Owner or Admin assigned.
I'm getting way too many access requests because I’m an Admin on multiple sheets and workspaces. What should I do?
We recommend lowering your access to the Editor permission on the item. If you need Admin access to use specific features, request to be upgraded to an Admin temporarily, perform your task, and downgrade your access back to Editor.
I’m concerned System Admins can assign permissions to anything. What do I do with confidential data that System Admins shouldn’t have access to?
- Your company manages the items, and, by default, System Admins can’t open items to view them. When a System Admin assigns themselves permissions to an item, the event is logged and auditable.
- To ensure existing System Admins can’t access specific items, the team requiring special confidentiality may consider using a separate plan that they manage independently and not granting access to any other users.
Why are sheets owned by unlicensed users or non-Members on my plan still active? I thought Smartsheet deactivated items not owned by licensed users or Members.
Previously, when you removed a user's license or Member status, all items they held Owner permissions on were deactivated. Now, Smartsheet transfers Owner permissions of these items to the plan itself rather than deactivating them. This ensures your processes remain functional, regardless of changes to a user's permissions, license, or Member status.
If I remove a user from my plan, does the sheet become inaccessible to them?
Previously, when you removed a user, any sheets they held Owner permissions on would become inactive, making those sheets read-only for all users, including the removed user.
Now, when you remove a user, they can still access and edit the sheets, as these sheets remain active. To prevent the removed user from accessing the sheets, the System Admin must transfer Owner permissions and remove sharing from that user, which revokes their access to all items in your plan.
Alternatively, you can avoid this issue by having the System Admin deactivate the user instead of removing them, since deactivated users can no longer sign into their Smartsheet account.
How do I get a list of all my items in a plan?
System Admins can create a Sheet Access Report in Admin Center to get a list of all the items in their plan.
I granted permissions, but the user can’t use them
If a System Admin downgraded the user to a free user type, their seat type makes it impossible for them to use permissions that are higher. If the user needs higher-level capabilities, they need to be granted a Member seat type. Only a System Admin can upgrade their seat type.