Leveraging RBAC to ensure everyone in your company is aware of trusted suppliers/active relationships
Restore Visibility 
Estimated Read Time: 5 minutes
Estimated Configuration Time: 10-15 Minutes ☑️ Requires: RBAC
Sections in this Article
Creating the new Contract Category
Creating the RBAC Group for the new Category
Creating the RBAC Groups for your Teams
Introduction
A key aspect of any Contract/Vendor Lifecycle Management platform is the appropriate "need to know" access level for users
Especially if you operate in an industry where Intellectual Property/Data Privacy/Project Secrecy are important (e.g. Medical Research/Entertainment/Media/Finance), exposing too much contractual information to all of your employees can create significant risk
💡 This is why we have user permissions such as "Own Team" and "Owned Only" to ensure users only see contracts from their own department or those for which they are directly responsible
At the same time, the purpose of a system like Gatekeeper is to serve as a "central source of truth" - a trusted library of all agreements & obligations
This leads to the following conundrum:
How can people truly leverage Gatekeeper as the central source of truth when most of the system is hidden to them?
The Solution 🧑💻
RBAC is an Enterprise level feature which allows the creation of multifaceted access groups.
This primary function of this feature is for Stakeholders &/or Teams within your organisation who should retain access to varied sets of records.
💡 For Example 💡
Certain users who should see all contracts within a certain Country (/"Entity") or maybe need to be able to see multiple Departments' contracts - a very common for Finance teams or Company Secretaries
But with a bit of work, RBAC can be leveraged to give visibility to all your users about all trusted vendor relationships - without the undesirable exposure of confidential contractual data
TL;DR You can use RBAC to give your users access to all Vendors without needing them to get access to all Contracts
This can lead to the avoidance of some key issues with incomplete visibility:
- Avoid completing RFPs & Onboarding for a service already provided by one of your vendors
- Avoid the hassle of setting up multiple contracts with the same vendor and receiving less favourable terms and prices compared to negotiating as a unified front
- Avoid users considering Vendors which have already been assessed and Rejected in Gatekeeper
To achieve this, you can simply follow these 3 steps:
Step 1) Add an RBAC group for all NDA* Contracts
Step 2) Alongside this new NDA group, create RBAC Groups for all "Own Team" access users
Step 3) Every user should be set to have RBAC access using groups which provide access to their Team with the new NDA RBAC group added on
* NB. We recommend you do this for NDAs, but you may use any boilerplate agreement if you create one for all of your vendors as an internal policy
The Result ✨
All users will retain access to the necessary agreements of their Department/pre-existing Access Groups
And now, they will also have visibility of every Vendor for which your organisation holds an NDA (which should be most of them if you deal with sensitive data & IP)
They won't be able to see every piece of contract data with all vendors - but they will know that your organisation works with them by nature of having an NDA in place!
The benefits of this are multifaceted:
- Everyone in your organisation will have knowledge of which suppliers you already deal with, avoiding silo'd departments wasting time on unnecessary sourcing activities
- You will also avoid setting up multiple agreements on different terms with the same vendor, missing out on the negotiation & buying power of a unified company
Configuration 🛠
Part 1 - Creating a Contract Category for your NDAs
Step 1) Navigate to the Categories menu
Step 2) Hit Add > Category
Step 3) Enter a name (such as "Confidentiality Agreements")
Step 4) Set the Status to Live & Hit ✅ Save & Next
Step 5) Assign yourself (or another key legal/contracts manager) as the owner
Part 2 - Creating an RBAC group for all NDAs
Step 1) Navigate to Settings > Users
Step 2) Hit Add > Access Group
Step 3) Enter a Title (such as "All NDAs")
Step 4) Choose Collaborator as the Role and select the new Category as the only Core Object
Step 5) Hit ✅ Save
Part 3 - Creating the Other RBAC Groups
Step 1) Navigate to Settings > Users
Step 2) Hit Add > Access Group
Step 3) Enter a title named after one of your Teams
Step 4) Choose Collaborator as the Role and select the named Team as the only Core Object
Step 5) Hit ✅ Save
Step 6) Repeat Steps 2 - 5 for every team in your Gatekeeper tenant
Part 4 - Updating your users
Step 1) Navigate to Settings > Users
Step 2) Find any users with Own Team access & hit Edit
Step 3) Set their access to 🔘 Custom, then for Permissions select
"All NDAs" - The group from Part 2
The group named after their Team from Part 3
Step 4) Find any users with RBAC Access & hit Edit
Step 5) Add the "All NDAs" Group from Part 2 to their existing list of groups
Step 6) Repeat Steps 2 - 5 until all users (except users with "All" permission) have RBAC access to facilitate their previous system access & the new NDA access group
All these users will now be able to see:
- The same set of Contracts & Vendors as before via the new RBAC group for their team (or the RBAC groups they already had)
- All Vendors with an NDA (which should be most if not all of your Vendors!)
Suggested Additions ☑️
Bulk Updating your existing NDAs
If you have NDAs in your Gatekeeper repository from before this configuration has been implemented, you can bulk-update these so they are assigned to the new Category you created above
Step 1) Navigate to your Contracts repository & set the view to All
Step 2) Hit Export > CSV | All Pages
Step 3) Open up the downloaded file in an editor (Excel or Google Sheets)
Step 4) Sort by Contract Type, then remove all rows from the document except for your NDAs
Step 5) For your remaining NDA rows, set the Category column to your new Category name
Step 6) Download this file as a new CSV
Step 7) In Gatekeeper, hit Add > Bulk Import, then use your new csv!
Keeping your Vendor Access up to date
To ensure all new vendors you add to Gatekeeper keep in line with the updates you have made here, you can use the 2 below articles to create new NDA's at the outset of new vendor relationships:
🛠 Create Your Own - Touchless NDA Workflow
Use this workflow if you wish for an NDA creation to be the first step for adding new vendors to Gatekeeper
🛠 Create your Own Vendor Onboarding
⚡️ Parallel Workflows 2 - Vendor Onboarding & Automated NDA
Use these to Create a new vendor onboarding workflow where you can automate the generation of a new NDA as part of one of the onboarding compliance steps
FAQ 💬
Q: We have our RBAC Settings set to "AND" logic. Will this work?
A: Yes this will still work!
Since there will only be 1 object in the newly created RBAC group, AND vs OR will not matter
Q: Will this work for my "Owned Only" access users?
A: This will only work for "Own Team"/RBAC users
If this is an important scenario for you - Please upvote this Ideas Forum post:
💡 Idea: RBAC Groups as Extra Access
Q: We do not get NDA's in place with our vendors. However, we still want to replicate the "All Vendors" access element - is this possible?
A: First, I'd ask you to reconsider adding NDAs to your standard operating procedures!
But second, it is possible to do this, yes
You could simply create dummy contract records for all vendors with a new type called something like "Access Record" following all the same steps as above but substituting names
✋ These records should of course be set to "Archived" to avoid cluttering your repository & taking up your contracts quota
💡 The use case in this "Gatekeeper Expert" Knowledgebase article could also be leveraged to automatically create this "Access Record" for all new vendors
Q: We have some Vendors where - even though we have an NDA in place - we don't want all employees know we work with them. Is this possible?
A: Yes!
The simplest way to do this would be to use a separate Category for these NDAs (such as "Confidentiality Agreements - Top Secret")
You could then use the same RBAC structure but have an additional group which has access to the secret category be more selectively granted to users
Additional Reading 📚
Learn how to add dummy users to test Gatekeeper & experience the system from alternative perspectives
See the complete steps of creating RBAC groups with additional context & guidance