Managing Roles and Permission Groups

Role and Permission Group management helps administrators configure security on the Conga Platform. A role represents a profile (for example, system admin, contract facilitator, general user, and so on). Administrators can create user roles that contain a set of permissions with specific access to objects, records, pages, and administrative functions in applications built on the Conga Platform. You can use the User Interface or REST APIs per your business needs.

The following topics are covered in role and permission group management.

Role-Based Access Control (RBAC): Conga supports role-based access control (RBAC) to grant or restrict access to various applications and data within the Conga Revenue Lifecycle Platform. Conga RBAC supports data access primarily through mechanisms such as object permissions, permission groups, roles, and so on.
Permission Groups: A permission group is a group of object permissions. Permission groups can be assigned to individual users or roles.
Roles: A role is assigned to users performing similar tasks and consists of a set of permissions. As an administrator, you can assign roles to the existing users or create a new user and edit the user details to assign roles.
User groups: User Groups enable administrators to create groups of individual users with specific roles and permissions.

For more information, see Managing Roles and Permission Groups.

Object Permissions

Object permissions define the level of access or restriction a user has to a specific object. These permissions are usually granted through permission groups. The Modify All and View All permissions grant users access to all records of an object. For example, granting ModifyAll or ViewAll permissions on the Account or Contact object enables users to view or edit all records in Account list page or Contact list page. To allow users to create, update, and delete records without needing Modify All or View All permissions, you can assign CRUD (Create, Read, Update, and Delete) permissions independently.

The following table lists a few permission levels that can be assigned to a CLM user for various objects.

	Permission Level
Object	Read	Create	Update	Delete
Agreement	Displays the My Contracts, Recently Viewed, Incoming Requests, and Search tabs in the LINKS panel.	Create new contract records from My Contracts or Recently Viewed tabs. Create a new contract record from the account details page.	Edit a contract record.	Delete a contract record using the kebab menu or custom actions. Delete an incoming request using the kebab menu. Delete a contract associated with an account or a contact.
AgreementLineItem	Displays the Line Items tab in the LINKS panel.	Add a new line item for a contract record. Clone a line item for a contract record.	Edit a contract record's line item.	Delete a contract's line item.
ContractRequest	Displays the My Requests tab in the LINKS panel.	Create a new contract request.	NA	NA
AgreementClause	Displays the Clauses tab in the LINKS panel.	Create a new clause record. Clone a clause record on the Clause Details page.	Edit a clause record.	Delete a clause on the Clause Details page.
DocumentMetadata	Displays the Documents tab in the LINKS panel.	Upload a document.	NA	Delete a document using the kebab menu.
RelatedAgreement	Displays the Related Contracts and Relationships tabs in the LINKS panel.	Create a new relationship with other contracts.	NA	Delete a related agreement. Remove a relationship type with other contracts by selecting the Unlink icon () in the Actions column.
AgreementInsight	Displays the Insights tab in the LINKS panel.	NA	NA	NA
RelatedItems	Displays the Related Items tab in the LINKS panel	Add objects and their records linked to a contract.	Edit objects and their records linked to a contract.	Delete objects and their records linked to a contract.
Account	Displays the Accounts List page in Accounts Apps	Create a new account.	Edit an account.	Delete an account.
Contact	Displays the Contact List page in Contact Apps	Create a new contact.	Edit a contact.	Delete an existing contact. Delete a contact associated with an account.

Action Permissions

In addition to the standard CRUD operations, you can assign custom object-specific actions that can be set for CLM users. The following table lists few of the action permissions (for example, such as Clone, Share, and so on).

Object	Action Permissions	Functionality
Agreement	Clone	To clone a contract record.
	Share	To share a record with any user or user group.
	Preview & Submit	To display the Preview & Submit button under Approvals.
	My Approvals	To display the My Approvals button under Approvals.
ActivityHistory	ViewCLMActionPanel	To display the Activity option in the right panel on the Contract Details page.
ReviewCycle	ViewCLMActionPanel	To display the Review Cycle option in the right panel on the Contract Details page.

Field Permissions

In addition to the object permission, you can define and enforce access permissions at the field level for different user roles. The following table lists some of the field-level permissions (for example, RecordOwner, RecordType, and so on) that can be set on an object for users.

Object	Field Permissions	Read	Edit
Agreement	RecordOwner	View the Owner field on the Contract Details page but cannot edit.	Modify the Owner field on the Contract Details page.
Agreement	RecordType	View the Contract Type field on the Contract Details page but cannot edit.	Modify the Contract Type field on the Contract Details page.

Roles

A role is assigned to users performing similar tasks and consists of a set of permissions. As an administrator, you can assign roles to the existing users or create a new user and edit the user details to assign roles. You can also assign multiple permissions and permission groups to a user to grant access to all the assigned role permissions. For example, with the CongaCLMReadOnlyUser role, a user can view all records they have permission to see when navigating to the Search tab on the Contract Details page.

As an administrator, you can create roles to restrict access to data for certain users based on their functional roles and responsibilities. For instance, if a user is assigned the CongaCLMReadOnlyUser role and navigates to the Contact page, the options Create Contact, Edit, Delete, or Create Contract on the Details page are not displayed for that user.