⚡️ Gatekeeper Expert - RBAC For All ⚡️

Leveraging RBAC to ensure everyone in your company is aware of trusted suppliers/active relationships

  Restore Visibility                                                                                  Estimated Read Time: 5 minutes

    Estimated Configuration Time: 10-15 Minutes               ☑️     Requires: RBAC



Sections in this Article

Use Case Introduction

Solution & Result


Creating the new Contract Category

Creating the RBAC Group for the new Category

Creating the RBAC Groups for your Teams

Updating your Users

Suggested Additions


Additional Reading





A key aspect of any Contract/Vendor Lifecycle Management platform is the appropriate "need to know" access level for users

Especially if you operate in an industry where Intellectual Property/Data Privacy/Project Secrecy are important (e.g. Medical Research/Entertainment/Media/Finance), exposing too much contractual information to all of your employees can create significant risk

💡 This is why we have user permissions such as "Own Team" and "Owned Only" to ensure users only see contracts from their own department or those for which they are directly responsible

At the same time, the purpose of a system like Gatekeeper is to serve as a "central source of truth" - a trusted library of all agreements & obligations


This leads to the following conundrum:

How can people truly leverage Gatekeeper as the central source of truth when most of the system is hidden to them?



The Solution 🧑‍💻


RBAC is an Enterprise level feature which allows the creation of multifaceted access groups.

This primary function of this feature is for Stakeholders &/or Teams within your organisation who should retain access to varied sets of records.

💡 For Example 💡

Certain users who should see all contracts within a certain Country (/"Entity") or maybe need to be able to see multiple Departments' contracts - a very common for Finance teams or Company Secretaries


But with a bit of work, RBAC can be leveraged to give visibility to all your users about all trusted vendor relationships - without the undesirable exposure of confidential contractual data


TL;DR You can use RBAC to give your users access to all Vendors without needing them to get access to all Contracts


This can lead to the avoidance of some key issues with incomplete visibility:

  • Avoid completing RFPs & Onboarding for a service already provided by one of your vendors
  • Avoid the hassle of setting up multiple contracts with the same vendor and receiving less favourable terms and prices compared to negotiating as a unified front
  • Avoid users considering Vendors which have already been assessed and Rejected in Gatekeeper


To achieve this, you can simply follow these 3 steps:

Step 1) Add an RBAC group for all NDA* Contracts

Step 2) Alongside this new NDA group, create RBAC Groups for all "Own Team" access users

Step 3) Every user should be set to have RBAC access using groups which provide access to their Team with the new NDA RBAC group added on

* NB. We recommend you do this for NDAs, but you may use any boilerplate agreement if you create one for all of your vendors as an internal policy




The Result ✨


All users will retain access to the necessary agreements of their Department/pre-existing Access Groups

And now, they will also have visibility of every Vendor for which your organisation holds an NDA (which should be most of them if you deal with sensitive data & IP)

They won't be able to see every piece of contract data with all vendors - but they will know that your organisation works with them by nature of having an NDA in place!


The benefits of this are multifaceted:

  • Everyone in your organisation will have knowledge of which suppliers you already deal with, avoiding silo'd departments wasting time on unnecessary sourcing activities
  • You will also avoid setting up multiple agreements on different terms with the same vendor, missing out on the negotiation & buying power of a unified company





Configuration 🛠


Part 1 - Creating a Contract Category for your NDAs

Step 1) Navigate to the Categories menu

Step 2) Hit Add > Category

Step 3) Enter a name (such as "Confidentiality Agreements")

Step 4) Set the Status to Live & Hit ✅ Save & Next

Step 5) Assign yourself (or another key legal/contracts manager) as the owner


Part 2 - Creating an RBAC group for all NDAs

Step 1) Navigate to Settings > Users

Step 2) Hit Add > Access Group

Step 3) Enter a Title (such as "All NDAs")

Step 4) Choose Collaborator as the Role and select the new Category as the only Core Object

Step 5) Hit ✅ Save


Part 3 - Creating the Other RBAC Groups

Step 1) Navigate to Settings > Users

Step 2) Hit Add > Access Group

Step 3) Enter a title named after one of your Teams

Step 4) Choose Collaborator as the Role and select the named Team as the only Core Object

Step 5) Hit ✅ Save

Step 6) Repeat Steps 2 - 5 for every team in your Gatekeeper tenant


Part 4 - Updating your users

Step 1) Navigate to Settings > Users

Step 2) Find any users with Own Team access & hit Edit

Step 3) Set their access to 🔘 Custom, then for Permissions select

"All NDAs" - The group from Part 2
The group named after their Team from Part 3

Step 4) Find any users with RBAC Access & hit Edit

Step 5) Add the "All NDAs" Group from Part 2 to their existing list of groups

Step 6) Repeat Steps 2 - 5 until all users (except users with "All" permission) have RBAC access to facilitate their previous system access & the new NDA access group


All these users will now be able to see:

  • The same set of Contracts & Vendors as before via the new RBAC group for their team (or the RBAC groups they already had)
  • All Vendors with an NDA (which should be most if not all of your Vendors!)





Suggested Additions ☑️


Bulk Updating your existing NDAs

If you have NDAs in your Gatekeeper repository from before this configuration has been implemented, you can bulk-update these so they are assigned to the new Category you created above

Step 1) Navigate to your Contracts repository & set the view to All

Step 2) Hit Export > CSV | All Pages

Step 3) Open up the downloaded file in an editor (Excel or Google Sheets)

Step 4) Sort by Contract Type, then remove all rows from the document except for your NDAs

Step 5) For your remaining NDA rows, set the Category column to your new Category name

Step 6) Download this file as a new CSV

Step 7) In Gatekeeper, hit Add > Bulk Import, then use your new csv!


Keeping your Vendor Access up to date

To ensure all new vendors you add to Gatekeeper keep in line with the updates you have made here,  you can use the 2 below articles to create new NDA's at the outset of new vendor relationships:

🛠 Create Your Own - Touchless NDA Workflow

Use this workflow if you wish for an NDA creation to be the first step for adding new vendors to Gatekeeper

🛠 Create your Own Vendor Onboarding

⚡️ Parallel Workflows 2 - Vendor Onboarding & Automated NDA

Use these to Create a new vendor onboarding workflow where you can automate the generation of a new NDA as part of one of the onboarding compliance steps





Q: We have our RBAC Settings set to "AND" logic. Will this work?

A: Yes this will still work!

Since there will only be 1 object in the newly created RBAC group, AND vs OR will not matter


Q: Will this work for my "Owned Only" access users?

A: This will only work for "Own Team"/RBAC users

If this is an important scenario for you - Please upvote this Ideas Forum post:

💡 Idea: RBAC Groups as Extra Access


Q: We do not get NDA's in place with our vendors. However, we still want to replicate the "All Vendors" access element - is this possible?

A: First, I'd ask you to reconsider adding NDAs to your standard operating procedures!

But second, it is possible to do this, yes

You could simply create dummy contract records for all vendors with a new type called something like "Access Record" following all the same steps as above but substituting names

✋ These records should of course be set to "Archived" to avoid cluttering your repository & taking up your contracts quota

💡 The use case in this "Gatekeeper Expert" Knowledgebase article could also be leveraged to automatically create this "Access Record" for all new vendors


Q: We have some Vendors where - even though we have an NDA in place - we don't want all employees know we work with them. Is this possible?

A: Yes!

The simplest way to do this would be to use a separate Category for these NDAs (such as "Confidentiality Agreements - Top Secret")

You could then use the same RBAC structure but have an additional group which has access to the secret category be more selectively granted to users



Additional Reading 📚


Testing Gatekeeper

Learn how to add dummy users to test Gatekeeper & experience the system from alternative perspectives


How to Create an RBAC Group

See the complete steps of creating RBAC groups with additional context & guidance