Roles and Permission Groups
Role and Permission Group management helps administrators configure security on the Conga Platform for CLM users. A role represents a profile (for example, system admin, contract facilitator, general user, and so on). Administrators can create user roles that contain a set of permissions with specific access to objects, records, pages, and administrative functions in applications built on the Conga Platform. You can use the User Interface or REST APIs per your business needs. You can add permission group of the user in
The following are covered in role and permission group management.
- Role-Based Access Control (RBAC) for Users: Conga supports RBAC to grant or restrict access to various applications and data within the Conga Revenue Lifecycle Platform. Conga RBAC supports data access primarily through mechanisms such as object permissions, permission groups, roles, and so on. You can create roles to restrict access to data for certain users based on their functional roles and responsibilities. For instance, if a user is assigned the CongaCLMReadOnlyUser role and navigates to the Contact page, certain options such as Create Contact, Edit, Delete, or Create Contract on the Details page are not displayed for that user.
- Roles: Roles determine a user's access to applications, objects, records, and permissions to perform actions on the Conga Advantage Platform. A role is assigned to users performing similar tasks and consists of a set of permissions. You can assign roles to the existing users or create a new user and edit the user details to assign roles. For example, Contracts Facilitator, Contract Manager, and so on.
- User Groups: User groups enable you to create groups of individual users with specific roles and permissions. You must add the permission group of the user in .
- Permission Groups: A permission group is a group of object permissions. Permission groups can be assigned to individual users or roles. You can also assign multiple permissions and permission groups to a user to grant access to all the assigned role permissions. For example, with the CongaCLMReadOnlyUser role, a user can view all records they have permission to see when navigating to the Search tab on the Contract Details page.
The following table maps the standard roles to their respective permission groups for supplier management:
| Roles | Associated Permission Groups |
|---|---|
| Business User |
|
| Supplier Manager |
|
| Supplier Admin |
|
For more information, see Roles and Permission Groups topic in Advantage Platform Administration administrators guide.
Object Permissions
A user with admin rights can perform all actions. When a new user or tenant is onboarded, you can assign View All or Is Allow Owner Scope permission which need to be enabled in the Schema manager at the object level. Is Allow Owner Scope is a one-time activity and cannot be modified. View All provides access to all records in the organization and Is Allow Owner Scope restricts access to owners.
A few examples of granting permissions for users are:
- Granting ModifyAll or ViewAll permissions on the Account or Contact object enables users to view or edit all records in the Account list page or Contact list page. To allow users to create, update, and delete records without needing Modify All or View All permissions, you can assign CRUD (Create, Read, Update, and Delete) permissions independently.
-
Granting ViewAll permissions on the Menu object allows users to view the following submenus.
Menu
Submenus
Contracts
- My Contracts
- All Contracts
- Recently Viewed
- Search
Accounts
- My Accounts
- Recently Viewed
- All Accounts
Contacts
- My Contacts
- Recently Viewed
- All Contacts
CLM Admin Setup
- General Settings
- Document Format Setup
- Document Protection Setup
- Document Versioning
- Contract Action Settings
- PDF Security Settings
- X-Author Configuration Settings
- Bulk Import
- Contract Rules
- CLM Feature Management
- Spend Category
- Supplier Management Settings
- Team Role
Clause Library
NA
The following table lists the permission levels that can be assigned to a CLM user on various objects.
|
Object |
Read |
Create |
Update |
Delete |
|---|---|---|---|---|
|
Agreement |
Displays the My Contracts, Recently Viewed, and Search tabs in the LINKS panel. |
|
|
|
| Clauses | Displays the list of clauses linked to a contract document. | Creates a new clause using the Create New Clause field. |
The following config parameters should be set to true : in clm::agreement-clause::clauseList:config "isBulkEditConfigurable": true, pass it in parallel to type:"grid"The following fields are not editable for negotiator role:
| NA |
|
AgreementLineItem |
Displays the Line Items tab in the LINKS panel. |
|
Edits a contract record's line item. |
Deletes a contract's line item. |
|
ContractRequest |
Displays the My Requests, All Requests, and Incoming Requests sub-menus in the Manage Requests menu |
Creates a new contract request |
Edits a contract request |
NA |
|
AgreementClause |
Displays the Clauses tab in the LINKS panel. |
|
Edits a clause record. |
Deletes a clause on the Clause Details page. |
|
DocumentMetadata, Configuration | Displays the following:
|
Uploads a document |
NA |
Deletes a document using the kebab menu. |
|
RelatedAgreement |
Displays the Related Contracts and Relationships tabs in the LINKS panel. |
Creates a new relationship with other contracts. |
NA |
|
|
AgreementInsight |
Displays the Insights tab in the LINKS panel. |
NA |
NA |
NA |
|
RelatedItems |
Displays the Related Items tab in the LINKS panel |
Adds objects and their records linked to a contract. |
Edits objects and their records linked to a contract. |
Deletes objects and their records linked to a contract. |
|
Account |
Displays the Accounts List page.. |
Creates a new account. |
Edits an account. |
Deletes an account. |
|
Contact |
Displays the Contact List page.. |
Creates a new contact. |
Edits a contact. |
|
|
AgreementObligation |
Displays the Obligation List page in Contract Apps. |
Creates a new obligation. |
Edits an obligation. |
Deletes an existing obligation. |
|
AgreementObligationFulfillment |
Displays the list of contracts for obligation fulfillmentList in Obligation Fulfillment page |
NA |
Edits an obligation in fulfillment |
NA |
| SupplierRequest | Displays the list of supplier requests | Creates a supplier request | Edits a supplier request | NA |
| Supplier | Displays the list of suppliers | Creates a supplier | Edits a supplier | Deletes a supplier |
|
Configuration |
Displays the following sub-menus in CLM Admin Setup.
| NA |
Updates the fields in each of the following sub-menus under CLM Admin Setup.
| NA |
|
DocumentOutputFormat |
Displays the Document Format Setup for contract documents. |
Creates the contract document formats at the User Role and Contract Type levels. |
Updates the contract document formats at the User Role and Contract Type levels. |
Deletes the contract document formats at the User Role and Contract Type levels. |
|
AgreementProtection |
Displays the Document Protection Setup for contract documents. |
Creates the agreement protection setup to contract documents for specific roles by making the documents read-only. |
Updates the agreement protection setup to contract documents. |
Deletes the agreement protection setup to contract documents. |
|
AgreementRule |
Displays the Contract Rules for contract documents. |
Creates new contract rules in New Rule menu. |
Edits the contract rules in Details and Rule Configuration. |
Deletes the contract rules. |
|
TeamRole |
Displays the Team Role in CLM Admin Setup. |
Adds team role in Add New Team RoleTeam. Schema changes to be made. |
Edits the Team Role. |
Deletes the team role using the kebab icon which also requires ContractTeamMembers Read permission. |
|
SpendCategory |
Displays the Spend Category. |
Adds category details in Add Category. Schema Manger filed to be selected. |
Edits the Spend Category using the kebab icon. |
Deletes Spend Category using the kebab icon. |
| Clause Library-Template | Displays TemplateVersionDynamicSection. | Creates a new clause using New Clause. For new clause or clone, following permissions are needed:
| Edits the clause with the following permissions:
| For Standard Clauses or Web Clauses, following permissions are needed:
For Alternate Clauses:
|
| Clause Library - AlternateClauseMapping, ClauseConfiguration | Displays AlternateClauseMapping. | AlternateClause tab requires the following:
| NA | NA |
| Clause Library -Obligation | Displays Obligation. | Clause Library -Obligation requires the following permissions:
| Updates the following permissions:
| Deletes the following:
|
| To work with entire clauselibrary along with ViewAll permission on Template and TemplateVersion objects, the following permissions are needed: | ||||
| Template | CREATE | READ | UPDATE | DELETE |
| TemplateVersion | CREATE | READ | NA | DELETE |
| TemplateVersionClauseReference | NA | READ | NA | DELETE |
| TemplateVersionDynamicSection | NA | READ | NA | DELETE |
| DocumentMetadata | CREATE | NA | NA | NA |
| TemplateLocale | NA | READ | NA | NA |
| AlternateClauseMapping | CREATE | READ | NA | NA |
| ClauseConfiguration | CREATE | NA | NA | NA |
| Obligation | CREATE | READ | UPDATE | DELETE |
| ClauseObligation | CREATE | NA | UPDATE | DELETE |
| ActivityHistory | CREATE | NA | NA | NA |
Record Type Permissions
Record Type permissions is managed through . By default, all record types within an object are accessible to all users who have access to the object.
- All users can create records using the NDA record type.
- Only users with specific roles (for example, legal team or contract managers) can create records using the MSA record type.