This reference goes into more detail regarding typical permission settings for Folders used by Conga CLM and provides guidelines for enforcing Sharing settings within your organization.
Folder Security
The following table represents typical Profile-based permission settings for folders used by Conga CLM. Security of any folder should be set according to the needs of your business and is independent of Agreement record security. Read further on this page for more discussion on security considerations for your folders, content repositories and records.
Profile | Requestor/Approver | Contract Creator/Negotiator | Contract Manager | Administrator |
---|
Apttus Documents | Read | Read | Read | Read, Create, Edit, Delete |
Apttus Images | Read | Read | Read | Read, Create, Edit, Delete |
Apttus Email Templates | Read | Read | Read | Read, Create, Edit, Delete |
Apttus Temporary Email Templates | Read | Read | Read | Read, Create, Edit, Delete |
Agreement Report | Read | Read | Read | Read, Create, Edit, Delete |
Agreement Dashboard | Read | Read | Read | Read, Create, Edit, Delete |
Content Repositories
Following activation of an agreement, documents designated for content search are routed to a content repository. The default content repository for Apttus agreement documents is the Documents folder, but you can also configure the system to route these documents to any of the following:
- Content Libraries
- Chatter Feed (File Feed data store)
See Routing Documents to Content Libraries for more information on setting up alternate content repositories for your activated agreement documents.
Email Folders
Email templates and temporary email templates with Agreement attachments are stored in the Apttus Email Templates and Apttus Temporary Email templates folders. If you have integrated electronic signature functionality into your Conga CLM, the respective custom objects store the request and response information which might contain the contract documents. Because of this, access should be restricted to specified users and user groups, and external portal users should be explicitly restricted from accessing these folders.
Sharing Security
Permissions associated with User Profiles are not always sufficient when determining access to specific records. Profile security is granted at the Object level. If a particular User Profile has Read/Edit permissions for an Object, by default they have the same permissions at the record level. Sharing security allows you to enforce permissions at the Record level.
Creating Your Private Sharing Model
The default Sharing setting (controlled by Organization-Wide Defaults) is always Public Read/Write for all custom objects. You can restrict any of these defaults by changing settings to Private or Public Read Only. Then use Sharing Rules to allow specific users or groups of users additional access. Rules are typically based on the record owner or Field values on the records in the Object (e.g. for Agreements, "Agreement Type"). You can also decide to grant access using Role hierarchies, meaning access is automatically given to users above the record owner in your organization's hierarchy.
For more information on determining Organization-Wide Defaults and creating Sharing Rules, please refer to Salesforce Documentation here.