This article will provide you with an overview of Ironclad’s permissions and how they function together. This is intended for users that are administrators in Ironclad.
Ironclad offers robust permissions, equipping you with the ability to control permissions at both a broad and granular level. There are three distinct categories of permissions:
- Group Permissions: Group permissions are for assigning permissions and access to groups of users. For example, you could grant the finance department access to all procurement workflows.
- Workflow Configuration Permissions: Workflow configuration permissions are for assigning permissions and access based on the workflow itself. For example, you can assign the finance department to approve SOWs.
- Repository Permissions: Repository permissions are for assigning access based on record or record type.
Each category provides a different set of permissions that when leveraged together, can be used to configure both simple and complex use cases.
Group Permissions
User permissions in Ironclad are managed at the group level. Administrators in Ironclad have access to the Groups page in Company Settings to manage user permissions for all users in the company’s instance. Group permissions define access to specific functions, features, and workflows in Ironclad for a specified group of users. For example, giving your procurement/finance department access to procurement related workflows.
Seat Types
Ironclad assigns a user a seat based on the permissions they have through Group membership and assignments within Workflow Designer such as approver assignments. There are three seat types: Admin, Standard, and Requestor/Viewer (depending on your plan).
NOTE
When you adjust a group’s permissions, it can change the users’ seat type. For more information, refer to Manage Admin, Standard, and Requestor Users.
When you adjust a group’s permissions, it can change the users’ seat type. For more information, refer to Manage Admin, Standard, and Requestor Users.
General and Admin Permissions
Group permissions are split into two categories: General and Admin. Permissions in the Admin section, when adjusted, could result in a change in seat type for the entire group. For more information, refer to Manage Admin, Standard, and Requestor Users.
Refer to the table below for descriptions of each permission offered at the group permission level:
| Permission | Function |
|---|---|
|
Insights
|
The Insights permission defines the group’s access the Insights reporting feature. |
|
Ironclad Editor
|
The Ironclad Editor permission defines the group’s access to Ironclad Editor’s document editing, commenting, and accepting/rejecting tracked changes. |
|
Playbooks
|
The Playbook permission defines the group’s access to Playbook clauses in Ironclad Editor. |
|
Repository
|
The Repository permission defines your group’s access to the Repository. |
|
Send Directly for Signature
|
The Send Directly for Signature permissions defines the group’s ability to send documents directly for signature.
|
|
Starting Workflows
|
The Workflow Launch permission defines which Workflow Designer definitions the group can launch from their Dashboard. |
|
Workflow Access
|
The Workflow Access permission defines which workflows the group can access by default. Users with Workflow Access do not necessarily need to be named as an active workflow Participant to view and engage in the workflow. |
|
API Management
|
The API Management permission grants the group permission to manage a variety of API actions. |
|
Global Clause Library
|
The Global Clause Library permission defines the group’s access to the Global Clause Library. |
|
Users and Groups Administration
|
The admin group has access to all records and workflows, and has full control over the Ironclad product. There may be instances where you want to grant a user control over some parts of Ironclad CLM, with limited access to records and workflows. These permissions allow you to grant admin level control over specific parts of Ironclad. |
|
Workflow Designer
|
The Workflow Designer permission defines the group’s access to Workflow Designer and workflow configurations. |
|
Workflow Management
|
The Workflow Management permission allows users to take actions on workflows they are not participants of, as long as they have access to the workflow |
|
AI Assist
|
The AI Assist permission defines the group’s access to the ability to access AI Assist to suggest changes to make to the contract during negotiation and editing. This feature must be enabled for your account in order to access its permissions. |
Workflow Configuration Permissions
In addition to the permissions that apply to groups, there are additional permissions that can be granted at the workflow configuration level. These permissions include granting access based on specific conditions within the workflow, assigning review permissions, and assigning sign permissions. Please note that only users who are part of the administrators group or have Workflow Designer permissions can set these additional permissions at the workflow configuration level.
Workflow and Record Access
This functionality enables users with Workflow Designer permissions to define who will have access to the workflow configuration and resulting records.
Review Permissions
The Review tab on a workflow configuration provides multiple permissions to customize the review experience:
- Turn Tracking
- Invite Counterparties to Collaborate
- Download Documents
- Share Documents
Sign Permissions
The Sign tab on a workflow configuration provides multiple permissions to customize the signature experience:
- Signature Coordinator
- eSignature
- Click to Accept
- Wet Signature
Repository Permissions
Users with Repository permissions can set additional permissions at the record level.
There are two ways to configure group permissions for the Repository:
- Per-Record Permissions: Administrators can grant groups access to certain records. For example, there may be a set of NDAs that the Sales Team should have access to, and a separate set of NDAs that the Partnerships Team should have access to. Using per-record permissions, the administrator can grant each group the appropriate access.
- Record Type Permissions: Administrators can grant groups access to all records of a certain type. For example, they may grant view-only access to your People Operations Team for Offer Letters. They may also grant edit access to the Legal Team for all types of contracts.