Introducing Task Schema Access Policies

Christian
Christian
  • Updated

Overview

Benchling is introducing access policies for workflow task schemas. Today, task schema access is fixed: organization admins have ADMIN access and organization members have CREATE access on every task schema, with no way to vary access by schema or by user.

This update brings task schemas to parity with entity schemas. Admins will be able to assign access policies per schema and per user, team, or organization, including two new access levels: READ and NONE. This makes it possible to limit task schema access to only the users who need it, and to shorten the list of task schemas a user sees when creating a task.

What's Changing

Before

Task schemas support two access policies, both assigned automatically by org role.

Organization Role Type Access Policy
Organization A Member Create
Organization A Admin Admin
  • Every org member has Create access to every task schema. 

  • Every org admin has Admin access to every task schema. 

  • There is no per-schema configuration.

After

Task schemas support four access levels: None, Read, Create, and Admin. Each can be assigned per schema, and for a user, team, or organization. 

Capability None Read Create Admin
See schema in listings / create menus 🔴 No  🟢 Yes 🟢 Yes 🟢 Yes
Open schema settings page 🔴 No  🟢 Yes 🟢 Yes 🟢 Yes
View schema definition (fields, lifecycle, output config) 🔴 No  🟢 Yes 🟢 Yes 🟢 Yes
Edit schema definition (fields, metadata, validation rules) 🔴 No  🔴 No 🔴 No 🟢 Yes
Edit flowchart config (flowchart-type schemas) 🔴 No  🔴 No 🔴 No 🟢 Yes
Update access policies / collaborators 🔴 No  🔴 No 🔴 No 🟢 Yes
Archive / unarchive schema 🔴 No  🔴 No 🔴 No 🟢 Yes
Clone schema (requires Admin on source) 🔴 No  🔴 No 🔴 No 🟢 Yes
Create task groups from this schema 🔴 No  🔴 No 🟢 Yes 🟢 Yes
Use schema in flowchart builder (read referenced schemas) 🔴 No  🟢 Yes 🟢 Yes 🟢 Yes

Read and None are the two new access levels. The ability to create task groups from a schema is the key capability that separates Create from Read.

Managing Access Policies

Once enabled, each task schema will have an Access Policies tab where admins can search for a user, team, organization, or app and assign an access level. This works exactly like setting individual schema permissions.

task_access_policies.webp

By default, all users retain view access to task schema objects. Granting an access policy controls where the schema is listed, who can create and edit objects from it, and who can manage access to it.

What's Not Changing

Enabling task schema access policies does not change any access your users already have. The access an org admin or org member has today carries over unchanged. Org admins keep Admin access and org members keep Create access on every task schema until you actively reconfigure access for a specific task schema.

Important Notes

  1. This change is permanent. Once task schema access policies are enabled on your tenant, they cannot be disabled.
  2. This is a platform-wide rollout. Task schema access policies will be rolled out to all Benchling customers to bring task schemas to parity with entity schemas. 

Rollout Timeline

Benchling plans to roll out task schema access policies by the end of August 2026 and it will be available to Validated Cloud customers in the 2026.4 release. 

FAQ

Will this change any access my users currently have? No. Your existing access policies carry over unchanged when the feature is enabled. Org admins keep Admin access and org members keep Create access on every task schema by default.

Can I turn this off after it's enabled? No. Once enabled, task schema access policies cannot be disabled.

Can I opt out of enabling task schema access policies? No. This is a platform-wide rollout meant to bring task schema access policies to parity with entity schema access policies. The access policies you have configured today can be retained after task schema access policies are enabled. 

Who can configure the new Read and None access levels? Any user with Admin access on a task schema can update its access policies, including assigning Read or None to other users, teams, or organizations.

What's the practical difference between Read and Create? Both can view the schema definition and use it in the flowchart builder. Create access additionally allows creating task groups from that schema. Admin access additionally allows editing the schema definition, editing a flowchart configuration, managing access policies, and archiving.

Will this affect existing tasks, task groups, or runs? No. This change affects schema-level access policies only. Existing task data, task groups, and execution history are unaffected.

Need Help?

If you have questions about this change or want to plan your access policy configuration ahead of rollout, contact your Benchling Account team or reach out to Benchling Support.

Was this article helpful?

Have more questions? Submit a request