Role and Permission Group management helps administrators configure security on the Conga Platform. A role represents a profile (for example, system admin, contract facilitator, general user, and so on). Administrators can create user roles that contain a set of permissions with specific access to objects, records, pages, and administrative functions in applications built on the Conga Platform. You can use the User Interface or REST APIs per your business needs. 

The following topics are covered in role and permission group management.

  • Role-Based Access Control (RBAC): Conga supports role-based access control (RBAC) to grant or restrict access to various applications and data within the Conga Revenue Lifecycle Platform. Conga RBAC supports data access primarily through mechanisms such as object permissions, permission groups, roles, and so on.
  • Permission Groups: A permission group is a group of object permissions. Permission groups can be assigned to individual users or roles. 
  • Roles: A role is assigned to users performing similar tasks and consists of a set of permissions. As an administrator, you can assign roles to the existing users or create a new user and edit the user details to assign roles. 
  • User groups: User Groups enable administrators to create groups of individual users with specific roles and permissions.

For more information, see Managing Roles and Permission Groups.

Object Permissions 

Object permissions define the level of access or restriction a user has to a specific object. These permissions are usually granted through permission groups. The Modify All and View All permissions grant users access to all records of an object. For example,  granting ModifyAll or ViewAll permissions on the Account or Contact object enables users to view or edit all records in the Account list page or Contact list page. To allow users to create, update, and delete records without needing Modify All or View All permissions, you can assign CRUD (Create, Read, Update, and Delete) permissions independently.

The following table lists a few permission levels that can be assigned to a CLM user for various objects.


Permission Level
ObjectReadCreateUpdateDelete
Agreement
  • Displays the My Contracts, Recently Viewed, Incoming Requests, and Search tabs in the LINKS panel.
  • Create new contract records from My Contracts or Recently Viewed tabs.
  • Create a new contract record from the account details page.
  • Edit a contract record.
  • Delete a contract record using the kebab menu or custom actions.
  • Delete an incoming request using the kebab menu.
  • Delete a contract associated with an account or a contact.
AgreementLineItem
  • Displays the Line Items tab in the LINKS panel.
  • Add a new line item for a contract record.
  • Clone a line item for a contract record.
  • Edit a contract record's line item.

 

  • Delete a contract's line item.

 

ContractRequest
  • Displays the My Requests tab in the LINKS panel.
  • Create a new contract request.

NA

NA

AgreementClause
  • Displays the Clauses tab in the LINKS panel.
  • Create a new clause record. 
  • Clone a clause record on the Clause Details page.
  • Edit a clause record.
  • Delete a clause on the Clause Details page.

 

DocumentMetadata
  • Displays the Documents tab in the LINKS panel.
  • Upload a document.
NA 
  • Delete a document using the kebab menu.
RelatedAgreement
  • Displays the Related Contracts and Relationships tabs in the LINKS panel.
  • Create a new relationship with other contracts.

NA

  • Delete a related agreement.
  • Remove a relationship type with other contracts by selecting the Unlink icon () in the Actions column.
AgreementInsight
  • Displays the Insights tab in the LINKS panel.
NANA
NA
RelatedItems
  • Displays the Related Items tab in the LINKS panel
  • Add objects and their records linked to a contract.
  • Edit objects and their records linked to a contract.
  • Delete objects and their records linked to a contract.
Account
  • Displays the Accounts List page in Accounts Apps
  • Create a new account.
  • Edit an account.
  • Delete an account.
Contact
  • Displays the Contact List page in Contact Apps
  • Create a new contact.
  • Edit a contact.
  • Delete an existing contact.
  • Delete a contact associated with an account.

Action Permissions

In addition to the standard CRUD operations, you can assign custom object-specific actions that can be set for CLM users. The following table lists a few of the action permissions (for example, such as Clone, Share, and so on).

ObjectAction PermissionsFunctionality
Agreement



Clone To clone a contract record.

Share

To share a record with any user or user group.

Preview & Submit

To display the Preview & Submit button under Approvals.
My ApprovalsTo display the My Approvals button under Approvals.
Co-Pilot

To grant a user access to Copilot.

Risk AiTo grant a user access to Redline AI.
ActivityHistoryViewCLMActionPanel To display the Activity option in the right panel on the Contract Details page.
ReviewCycleViewCLMActionPanelTo display the Review Cycle option in the right panel on the Contract Details page.

Field Permissions

In addition to the object permission, you can define and enforce access permissions at the field level for different user roles. The following table lists some of the field-level permissions (for example, RecordOwner, RecordType, and so on) that can be set on an object for users.

ObjectField PermissionsReadEdit
AgreementRecordOwnerView the Owner field on the Contract Details page but cannot edit.Modify the Owner field on the Contract Details page.
RecordTypeView the Contract Type field on the Contract Details page but cannot edit.Modify the Contract Type field on the Contract Details page.

Roles

A role is assigned to users performing similar tasks and consists of a set of permissions. As an administrator, you can assign roles to the existing users or create a new user and edit the user details to assign roles. You can also assign multiple permissions and permission groups to a user to grant access to all the assigned role permissions. For example, with the CongaCLMReadOnlyUser role, a user can view all records they have permission to see when navigating to the Search tab on the Contract Details page.

As an administrator, you can create roles to restrict access to data for certain users based on their functional roles and responsibilities. For instance, if a user is assigned the CongaCLMReadOnlyUser role and navigates to the Contact page, the options Create ContactEditDelete, or Create Contract on the Details page are not displayed for that user.