home

Advantage Platform Administration

Adobe Sign ServicesAdvantage Platform AdministrationApprovals for Advantage PlatformApprovals for SalesforceBilling for Advantage PlatformBilling for SalesforceCLM for Advantage PlatformCLM for SalesforceContracts for SalesforceCollaborateComposer for Advantage PlatformComposer for SalesforceContractsConga for Google DocsConga Upgrade ProgramContract Intelligence (Standalone)CPQ for Advantage PlatformCPQ for SalesforceDeal MaximizerDigital Commerce for Advantage PlatformDigital Commerce for SalesforceDiscovery AI for Advantage PlatformDiscovery AI for SalesforceDocusign ServiceseSignature Integration with Advantage PlatformGridInvoice GenerationMix FormsOrchestrateOrder Management for Advantage PlatformOrder Management for SalesforcePartner Commerce for Advantage PlatformPartner Commerce for SalesforceQuote GenerationSign for Advantage PlatformSign for SalesforceSmart SearchTest AuthorTurboEnginesX-Author for Contracts 1.0 (Classic)X-Author for ContractsX-Author for Contracts Advanced for Advantage PlatformX-Author for Contracts Advanced for SalesforceX-Author for ExcelX-Author for Migration Manager for Advantage PlatformX-Author for Migration ManagerRelease NotesGeneralDocs by Release
Adobe Sign ServicesAdvantage Platform AdministrationApprovals for Advantage PlatformApprovals for SalesforceBilling for Advantage PlatformBilling for SalesforceCLM for Advantage PlatformCLM for SalesforceContracts for SalesforceCollaborateComposer for Advantage PlatformComposer for SalesforceContractsConga for Google DocsConga Upgrade ProgramContract Intelligence (Standalone)CPQ for Advantage PlatformCPQ for SalesforceDeal MaximizerDigital Commerce for Advantage PlatformDigital Commerce for SalesforceDiscovery AI for Advantage PlatformDiscovery AI for SalesforceDocusign ServiceseSignature Integration with Advantage PlatformGridInvoice GenerationMix FormsOrchestrateOrder Management for Advantage PlatformOrder Management for SalesforcePartner Commerce for Advantage PlatformPartner Commerce for SalesforceQuote GenerationSign for Advantage PlatformSign for SalesforceSmart SearchTest AuthorTurboEnginesX-Author for Contracts 1.0 (Classic)X-Author for ContractsX-Author for Contracts Advanced for Advantage PlatformX-Author for Contracts Advanced for SalesforceX-Author for ExcelX-Author for Migration Manager for Advantage PlatformX-Author for Migration ManagerRelease NotesGeneralDocs by Release

Conga Product Documentation

Welcome to the new doc site. Some of your old bookmarks will no longer work. Please use the search bar to find your desired topic.

Show Contents

Advantage Platform Administration

Roles and Permission Groups

Use Case: Configuring Agreement Access Control

  • Agreement object includes:

    • Lookup to Account
    • Contract Facilitator field
    • Lookup to ContractGroup (Property Object)
  • ContractGroup values exist (Public, Internal, Restricted)
  • User groups or owners are assigned to accounts
  • Roles exist for Compliance, Legal, Sales, Facilitators. For more information on how to create roles, see Creating Roles.

Business Context:

Your organization manages agreements with different sensitivity levels, involves multiple teams, and spans many customer accounts. You want to ensure:

  • Legal users can access all non-confidential agreements.
  • Contract Facilitators can always access the agreements they handle.
  • Sales users can access the agreements tied to the accounts they own or manage.
  • Compliance users can exclusively access agreements classified as Restricted.

You want a unified and scalable access model without creating multiple complex roles.

Overview:

The Advantage Platform uses Role-Based Access Control (RBAC) to define object and field access. You can extend RBAC with additional scope controls to refine record-level access:

  • Global Scope: grants criteria-based access across all records
  • User Scope: grants access based on the user being tagged on the record
  • Account Scope: grants access to records tied to accounts the user owns or is associated with
  • Property Scope (PBAC): grants access based on business properties such as classification or group

These scopes work independently and do not override one another. Instead, the system evaluates each scope to determine whether a user can access a specific record.

Scenario:

You want to configure access as follows:

  • Legal Team: Read all agreements that are not confidential
  • Sales Team: Access agreements related to the accounts they own or are assigned to
  • Contract Facilitators: Access agreements where they are assigned as the facilitator
  • Compliance Team: Full CRUD access only for agreements with ContractGroup = Restricted, based on PBAC

This scenario shows how to combine all access layers within a single model.

  1. Configure Object and Field Permissions (RBAC)

    For each role, configure object and field permissions in Permission Groups. For more information, See Permission Groups.

    Examples:

    • Legal: Read access to Agreements
    • Sales: Create, Read, Update Agreement
    • Facilitator: Read/Update
    • Compliance: Full CRUD

    Add each Permission Group to the appropriate role.

  2. Configure Global Scope (Legal Users Only)

    Global Scope provides broad, criteria-based access. For more information, See Permission Groups.

    1. Navigate to the Global Scope tab in the Legal Permission Group.
    2. Add read criteria such as: Confidential = False
    Legal users can read all non-confidential agreements, regardless of account, user assignment, or ContractGroup.
  3. Configure User Scope (Contract Facilitators)

    User Scope grants access when the user is named in a record attribute. For more information, See Permission Groups.

    1. Navigate to the User Scope in the Facilitator Permission Group.
    2. Set the criteria for the Contract Facilitator field.
    A facilitator can access any agreement where they are tagged as the Contract Facilitator.
  4. Configure Account Scope (Sales Users)

    Account Scope grants access to records associated with accounts the user owns or is assigned to. For more information, See Permission Groups.

    1. Navigate to the Account Scope in the Sales Permission Group.
    2. Set the PrimaryAccount field for the Agreement object.
    Sales users only see agreements tied to their accounts.
  5. Configure Property-Based Access Control (PBAC) for Compliance

    PBAC uses business properties to drive record access. For more information, See Permission Groups.

    1. Navigate to the Property Scope tab in the Compliance Permission Group.
    2. Select the ContractGroup Property Object.
    3. Enable Agreement as a First-Level PBAC object.
    4. For each ContractGroup value:
      • Restricted : Allow CRUD for Compliance
      • Public/Internal: Do not allow access (or allow Read as needed)
    Only Compliance users can access "Restricted" agreements. Other users never see these records, even if they have Global, User, or Account scope permissions.

With RBAC and all four scopes applied independently:

Team/RoleAccess Type UsedFinal Access Outcome
LegalRBAC + GlobalCan read all non-confidential agreements
SalesRBAC + Account ScopeCan access agreements for their accounts
FacilitatorsRBAC + User ScopeCan access agreements where they are the facilitator
ComplianceRBAC + PBACCan access only Restricted agreements (and any other values allowed by PBAC)

You can expand this use case by:

  • Enabling PBAC on second-level objects (e.g., Agreement Line Items)
  • Applying multiple scopes within the same Permission Group
  • Introducing additional Property Objects for finer access control
Administrator Guide
Conga Advantage Platform Administration

April 1, 2026