This article will walk you through common Repository permission configurations.
The Workflow Designer archive settings only configure the Repository permissions for records that are created from the workflow definition. Records that are directly imported into the Repository or created through Ironclad’s public API do not adopt the permissions that are set in Workflow Designer.
Hide Confidential Records from a Group
Use Case
WonderWeb Inc. wants to configure their permissions so that their Sales team has access to all NDAs unless it is confidential. The Legal team must have access to both confidential and non-confidential NDAs.
Group: Sales, Legal
Record Type: NDA
Conditional Record Property: Confidential
- Click your profile icon in the top right corner, and then select Company Settings > Users and Groups > Groups.
- Click Create Group, and create two groups: Sales and Legal.
- For each group, click Edit Group, and then locate the Repository section. Select Choose access rights for specific Records and Record types from the dropdown.
- Click the Workflow Designer tab, and select the workflow you want to edit. You must repeat steps 5-7 for each workflow configuration that includes the NDA record type.
- Click the Create tab. Create a Yes/No question, name the property Confidential, and customize the form question. For example, “Is this a confidential agreement?”.
- In the Properties and Conditions panel located on the left, click the plus sign icon > Add Condition.
- Create three conditions:
- Confidential = No: Name the condition Confidential = No. Define that Confidential is equal to No.
- Record Type = NDA: Name the condition Record Type = NDA. Define that Record Type is equal to NDA.
- Record Type = NDA and Confidential = No: Name the condition Record Type = NDA and Confidential = No. Define that IF Record Type = NDA is equal to True, AND Confidential = No is equal to True.
- Click the Archive tab. In the Record Access section, click Add Group Access. Configure the access for the Sales and Legal groups you created in step 1 by tagging the corresponding condition you created in step 3.
- We recommend confirming that the Sales team does not have Workflow Access to all NDA workflows. Otherwise, the users in the Sales group will still have access to view the confidential NDAs in their Dashboard despite not having access in their Repository. Check out the Group Permissions Overview for more information on the difference between workflow access and Repository access.
Department Can View Their Own Records
This configuration is not recommended if your departments’ framework changes often.
Use Case
WonderWeb Inc. wants to configure their permissions so that their Sales team can view all contracts created by a Sales user.
- Click your profile icon in the top right corner, and then click Company Settings > Users and Groups > Groups.
- Click Create Group, and create a group for each of your departments.
- For each group, click Edit Group, and then locate the Repository section. Select Choose access rights for specific Records and Record types from the dropdown.
- Click the Workflow Designer tab, and select the workflow you want to edit.
- Click the Create tab. Create a dropdown question with a name such as Select your Department. Create a dropdown option for each of your departments. Name the property Department.
- In the Properties and Conditions panel located on the left, click the plus sign icon > Add Condition.
- Create a condition for each department. Define that IF Department is exactly [Department Name].
- Click the Archive tab. In the Record Access section, click Add Group Access. Configure the access for the department groups you created in step 1 by tagging the corresponding condition you created in step 3.