A role is assigned to individual users as a security measure to control a user's ability to administer program features, as well as grant access to restricted features and data stored in the program. The ability to administer a program feature, such as those in the Security, Configuration, and Global categories, includes the ability to add, modify, and delete information for the feature. Restricted features include Reporting, Bulk Data Upload Tool, Direct Editing in MS Word, and the ability to make and approve contract requests. Access to data can be restricted on the basis of the group to which a Company, Contract, and Project Profile is assigned. Within each group, a second level of security can be applied by limiting data access to Read Only (viewing) for certain groups, while allowing full access (ability to add and edit data, and access/upload documents) to other groups.
Roles are used in creating individual User Profiles, and therefore, at least one user role must be created before users are added to Conga Contracts. However, a user's level of access to the groups, additional forms, and document types defined by their role can be overridden by setting the User Type field in their User Profile screen to Contract Request Only or Casual User.
A user with the Role Admin permission creates the roles that are assigned to both program users and Administrators. A Role Admin can create a multitude of roles with varying administrator permissions and different levels of data access, all of which typically fall into one of three major categories:
- Role has a singular default permission and the name of the role reflects that permission.
- For example, a Workflow Administrator role is created and is assigned the Workflow Admin default permission. Security for the role can be applied on four levels: (1) controlling user access to the company, contract, and project groups to which individual Company, Contract, and Project Profiles are assigned, as well as access to the individual additional forms and document types that have been identified as requiring security (2) granting or denying access to a contract, company, or project group, an additional form, or a document type (3) controlling the level of access by granting/denying users the ability to view, create, and modify data in each Company, Contract, and Project group, additional form, and document type, and (4) controlling the ability to upload documents or only view the documents for a company, contract, and project group.
- Role has more than one default permission and the name of the role encompasses the permissions.
- For example, a Full Administrator role is created and is assigned all the default permissions, except Restrict to My Contracts. Security is applied on three levels, as described above.
- Role has no default permissions and the name of the role reflects access to company, contract, and project data.
- For example, a Power User role is created and assigned Full permissions to all the Company, Contract, and Project groups, as well as full access to any restricted additional forms and document types. Although this user role has full access to data and uploaded documents, it does not carry any administrative capabilities or access to the program features that can be restricted: Reporting, Advanced Reporting, Scheduled Reporting, BI Toolbox, Email Distribution Lists, Scorecard Viewing, Open in Word (Direct Editing), Bulk Data Upload Tool, Requestor for contract requests, and being an Approver for contract requests.
A Role Admin can perform the following tasks: