This topic will walk you through group level permissions and how to edit them.
User permissions in Ironclad are managed at the group level. Administrators in Ironclad have access to the Groups page to manage user permissions for all users in the company’s instance.
The sections below walk you through the various group permission settings and how to edit them.
- Click on your name in the top right corner, and then select Company Settings > Users & Groups.
- Click on the Groups tab to view all groups in your company’s instance.
- Select a group, and then click Edit Group to view the group’s permissions in Ironclad.
The Starting Workflows permission defines which Workflow Designer definitions the group can launch from their Dashboard. We recommend that you specify which workflows are available for the default Everyone group, and create additional groups to set permissions for a smaller subset of users. For example, you can give the Everyone group access to launch NDA workflows. In addition, you can allow users in the Account Executives group to Start Workflows for Master Service Agreements.
The Workflow Access permission defines which workflows the group can access by default. Users with Workflow Access do not necessarily need to be named as an active workflow Participant to view and engage in the workflow.Users with Workflow Access can see all workflows, including historic workflows, launched from the selected Workflow Designer definitions in their Dashboard. Add the workflows that you want the group to have access to. For example, you may tag the “Vendor Agreement” workflow for your Finance group so the Finance team can view all vendor agreement workflows, even when Finance has not been assigned a specific role in the workflow.
Workflow permissions and Repository permissions are configured separately in Ironclad.
- If you provide a group with workflow access, the users in the group can see all of the draft contract, activity feed, and negotiation history of the workflow.
- If you provide a group with Repository access, the users in the group only have access to the final contract and associated record properties in the Repository.
Users can access workflows using two different methods. The first method is through Group permissions, described above. The second method is as a participant in a workflow. Users with assigned roles (e.g. owner, approver, etc.) are automatically added as participants. Existing participants can also add additional participants to a workflow by tagging users in the Activity Feed or Editor comments, or by clicking the plus sign button located under the participants in the workflow.
The Repository permission defines your group’s access to the Repository. There are three general categories for Repository permissions:
- No access
- Configure permissions by record type or on a per record basis
- Access to all records in Repository - either view only or view and edit
You’ll see five dropdown options in group settings. The five options are organized by the three general categories in the tables belowOur group recommendations vary depending on the record types in your Repository and groups. Review the tables below to learn more about the available settings:
As you set your Repository permissions, consider the Workflow and Record Access permissions in Workflow Designer. These permissions work together to provide you with detailed control of your company's access. For example, if you give a group the "Choose access for specific Record and Record types" setting, but don't provide access per record, then that group will gain access to the Repository tab, but they won't see any records in the tab. Without this permission selected, however, they would not see the Repository tab at all.
We recommend that you choose Choose access for specific Record and Record types. By default, this makes the Repository available to users, but does not grant them access to any records. You can then grant access to individual records based on custom criteria either in Workflow Designer or in the Repository.
If you select No access to Repository, users will not be able to access the Repository and if they are later granted access to any records, they will not be able to access them until this global group permission is changed.
|No Access to Repository||This is the most restrictive setting. Users in the group do not see any records in the Repository. Users in this group do not have access to the contracts nor the associated metadata in the Repository. They may still be able to access contract data if they have Workflow access.
Users do not see any search results when they search for related records in a launch form because they do not have access to any Repository records.
|This setting is recommended for groups who do not need access to Repository reporting features to perform their functions. Participants of workflows can still access the contracts they are involved in by viewing the workflows from their Dashboard.
Do not select this setting if you expect users in the group to search for related records in the launch form to link to new workflows.
|No access to Repository, Autocomplete-only access to specific Record types||Autocomplete allows users in the group to access Repository metadata from the workflow launch form. Users in the group do not see any records in the Repository. For any workflow questions that have Enable autocomplete selected in Workflow Designer, the users in the group have access to record property data to autocomplete questions.
After you select this Repository permissions option, you need to select the record types that users will have access to in order to autocomplete form questions.
For example, WonderWeb Inc. wants users from this group to see suggestions from their existing NDA records for their Counterparty Name question. They select this setting for the record type NDA. In a Workflow Designer definition, they select Enable autocomplete in the launch form question Counterparty Name.
|This setting is recommended for workflow requestors who do not need access to Repository reporting features to perform their functions but need to populate future workflows with past record data.
Do not select this option if you want to limit users’ visibility to Repository record properties. For example, WonderWeb Inc. has some users that are sensitive to other users knowing who they have contracts with. Enabling autocomplete for the Counterparty Name field exposes the counterparties that your company has existing contracts with.
Configure Permissions by Record Type or on a Per Record Basis
|Choose access rights for specific Records and Record types||This option provides the most flexibility when you configure Repository permissions. You can set permissions separately for each record in Repository. You do not need to check any of the boxes below to enable the permissions setting from Workflow Designer.
The Workflow Designer archive settings only configure the Repository permissions for records that are created and archived from an Ironclad workflow. Records that are directly imported into the Repository or created through Ironclad’s public API do not adopt the permissions that are set in Workflow Designer.
Manage permissions by Record TypeIn addition to setting permissions on a per-record basis, you can set full access to certain record types for the group. Check the box for Select additional permission for each Record type. A dropdown list is displayed with all of the record types in your Repository. For each record type, you have the following options:
Access to All Records in Repository - Either View Only or View and Edit
|View-only access to all Record types (current and future)||Users in the group have access to view all contracts and their associated metadata in the Repository. Users cannot edit the metadata or the documents. Users can, however, download records.||This setting is recommended for groups that need broad access to contracts in order to perform their functions. For example, Compliance, Finance, and Legal team members. Users often need view access to create reports for their functions.|
|View and edit access to all Record types (current and future)||This is the most permissive setting in Repository. Users in this group have access to all records in Repository, and have the ability to edit data and the documents for each record. Users also have the ability to create new records by uploading contracts to the Repository.||This setting is recommended for groups that update contract data on a day to day basis. For example, contract managers, legal operations, deal desk, and Legal.|
The Workflow Designer permission defines the group’s access to Workflow Designer and workflow templates. Administrators can always create and edit all workflow templates. There are three Workflow Designer permission access levels:
- No access
- Ability to edit specific workflow templates: This option displays a list of all published and unpublished workflows in Workflow Designer. You can then select whether the group should have None or Edit access to the workflow in Workflow Designer.
- Ability to create and edit all workflow templates
The Ironclad Editor permission defines the group’s access to Ironclad Editor’s document editing, commenting, and accepting/rejecting tracked changes. To learn more about Ironclad Editor permissions, refer to Comment Only Permission for Ironclad Editor.
The Playbook permission defines the group’s access to Playbook clauses in Ironclad Editor. There are three Playbook permission access levels:
- Edit: Edit the standard and fallback clauses that users can view when editing workflows. Editors can edit the Playbook from Ironclad Editor or from Workflow Designer.
- View: View the standard and fallback clauses when editing contracts in Ironclad Editor
- None: No access to view or edit the Playbook clauses
The Insights permission defines the group’s access the Insights reporting feature. You can set it to No Access to Insights to prevent a group from access this, or Access to view and create charts. Note that any limits to specific workflows or records defined in other permissions may affect what data is available in charts.
The AI Assist permission defines the group’s access to the ability to access AI Assist to suggest changes to make to the contract during negotiation and editing. This feature must be enabled for your account in order to access its permissions.
You will want to carefully review the use of this feature with your legal teams, and there may be implications for using this feature which you can review here.