User Management Definitions

This article will give a detailed account of the User Management Definitions available within Gatekeeper when setting up your userbase.

For background, please read the User Management guide.


The following will provide a description of each of the available user management definitions within Gatekeeper.

  1. Roles
    1. Administrator
    2. Collaborator
    3. Custom (Role Based Access Control)
    4. Employee Portal Only (Requires Employee Portal Module)
  2. Permissions
    1. All
    2. Own Team
    3. Owned Only
  3. Workflow Groups
  4. eSign Permissions
    1. Sender
    2. Signer
  5. Additional Permissions
    1. Users
    2. Configuration
    3. History
    4. Reports
    5. Workflow Administrator


Roles define what the user can perform when navigating Gatekeeper.

Role Description
Administrator Write Access. Add, Delete and Edit data.
Collaborator Read Only Access. Collaborators have restricted access but maintain the full range of Collaborative function.  
Custom* Custom Roles are defined by RBAC. RBAC or 'Role Based Access Controls' give a greater level of granularity to your user permissions. 
Employee Portal Only** Provides a more restrictive level of access. Users have minimal visibility of Contract & Vendor objects but can 'Submit Requests' via the Employee Portal.

* RBAC is included in all Enterprise Plans and can be purchased as an additional module for Contract Now, Pro, and Essentials Plans.

** This requires the Employee Portal add-on module. Please speak to your Account Executive or CSM for further information.


Permissions define what a user can see when navigating Gatekeeper.

Permission Description
All Users will be able to see all Contracts and Vendors in your tenant
Own Team Users will only be able to see Contracts and their associated Vendors based on their Team
Owned Only Users will only be able to see objects that they are explicitly set as an Owner of


Workflow Groups

Workflow Groups are used explicitly to set ownership within phases of Workflows. These can be set up as static groups of users. For example, the 'IT Team' Workflow Group may contain all members of the IT Team who are required to interact with an explicit phase within a Workflow. 

For additional information on the difference between standard permissions and workflow permissions, see this article.

eSign Permissions

eSign Permissions enable the ability to set both who can send a document for eSign, as well as who can be set as a Signatory.

eSign Permission Description
eSign Sender Provides the ability for this user to send documents for eSign
eSign Signer Provides the ability for this user to be set as an authorised signatory within eSign


Additional Permissions

This area enables a user to be provisioned with additional permissions.


Additional Permission Description
Users* Enables a user to manage user access rights and permissions in Gatekeeper (including their own access)
Configuration* Please see our guide on the full range of Configuration options available.
History Enables a user to access an unrestricted history of all user activity in Gatekeeper.
Reports Enables a user to run and export reports on all data within Gatekeeper.
Workflow Administrator Enables a user to manage all Workflows within Gatekeeper.

* Only available to users whose Role + Role Permissions = Administrator + All