Leveraging RBAC to ensure everyone in your company is aware of trusted suppliers/active relationships
A super key aspect of any CLM platform is the appropriate "need to know" access level of your repository.
Especially if you operate in an industry where IP, data privacy and project secrecy is important (e.g. Medical Research/Entertainment/Media), exposing too much contractual information to your employees can be a significant risk.
At the same time, the purpose of a CLM like Gatekeeper is to serve as a "central source of truth" - a trusted library of all agreements & obligations.
This leads to the quandary, how can people truly leverage Gatekeeper as the central source of truth when much of the system is hidden to them?
The Solution
RBAC is an Enterprise level feature which allows the creation of multifaceted access groups.
This primary function of this feature is for Stakeholders &/or Teams within your organisation who should retain access to varied sets of records.
e.g. perhaps certain users should see all contracts within a certain country/business entity or maybe they need to be able to see cross-departmental contracts
(Very common for Finance teams or Company Secretaries)
But with a bit of work, RBAC can be leveraged to give total visibility back to your users (without the undesirable exposure of confidential information)
If you add a new RBAC group (which every user then has added to their access settings) for all NDAs, all Vendors can be shown to all Users without having to show all employees every single contract!
The Configuration
Step 1: Add a new Contract Category called "NDAs" (or "Confidentiality Agreements", "Disclosure Agreements" - whichever fits your company's nomenclature)
Step 2: Create an RBAC group for this Category, with the the category in question being the only criteria listed
Step 3: For all users/groups which currently use "Own Team" level Role Permissions, create a new RBAC group for this team
See User Access based on Own Team
Step 4: Assign all of these users their own team's new RBAC group as well as the new "NDAs" RBAC group from Step 2
Step 5: Ensure that - for all new Vendors which are onboarded/contracted with - you get in place an NDA record whose Category is that created in Step 1
💡NB. If you do not already have an automated NDA workflow, see our webinar here on how easy to set up and beneficial a touchless NDA workflow can be for you
And if you want an NDA workflow out of the box, follow these steps to get one set up in minutes!
The Result
All users will retain access to the necessary agreements of their Department/pre-existing Access Group.
And now, they will also have visibility of every Vendor for which your organisation holds an NDA (which should be most of them if you deal with sensitive data & IP)
The benefits of this ....
- Everyone in your organisation will have knowledge of which suppliers you already deal with, avoiding silo'd departments wasting time on unnecessary sourcing activities
- You will also avoid setting up multiple agreements on different terms with the same vendor, missing out on the negotiation & buying power of a unified company
See the below view for Connie Contracts Manager (who has excluded NDAs from her Contracts view, showing her only the few agreements owned by her team). While only being able to view confidential information of the 2 contracts in her own team, she can now see all active Supplier relationships!
