Permission Levels and Access Control
Last updated: April 8, 2026
Understand the basics of setting up users, teams, and permissions on SpotDraft
Members
A member is anyone who can log in to SpotDraft. You can add members via the instructions found in "Inviting a new team member". Members can utilize SpotDraft according to the permissions assigned to them directly or through their team(s). They may belong to more than one team.
Teams
A team consists of a group of members. Teams simplify granting the same set of permissions to multiple members.
For example, if 10 people are allowed to manage your contract type, workflows, and key pointers, it is simpler to add them to a team and assign the permissions to the team. Similarly, if they are allowed to create an Order Form contract, it is simpler to add the team as the creator of the Order Form contract type instead of adding all 10 of them as creators separately.
Team point of contact (POC)
Each team has a designated Point of Contact (POC), responsible for managing their specific team. Only the POC and admins have the authority to add or remove members from the team. The 'Manage Team' and 'Manage Members' permissions grant the POC the ability to oversee the members within their team. POCs do not have access to manage members of other teams.
Another aspect of the POC is that a task, like a review assigned to a team, is directed to this member, who receives the necessary notifications. They can then handle or assign the task to another team member.
Team permissions
Each team can have a specific set of permissions enabled. Except for the default Admin team, permissions for each team are configurable. It's important to note that the Admin team has comprehensive platform access. Ideally, only select individuals should belong to this team.
For example, you can create a team called IT Admins and enable permissions such as Manage Integrations, Developer Settings, Manage Security and Identity. Any member added to this team will gain access to perform the respective operations.
Exception: Members of the default Admin team have the unique ability to manage all other teams, regardless of whether they are members of those teams. However, aside from this exception, a member’s permissions are determined solely by the permission toggles configured for the team(s) they belong to. Remember that a user's permission is a union of all the permissions that are inherited from all the teams that they belong to.
Permission | Description |
Download Contracts | The user will be allowed to download any contract that they have access to |
Upload Contracts |
|
Delete Contracts | The user will be allowed to delete any contract that they have access to |
Manage Contract Types and Workflows | The user will be allowed to create and make changes to contract types |
Manage Contract Metadata Fields | The user will be allowed to create and make changes to contract metadata fields defined at the contract type level (legacy) and at a global metadata level |
Manage Clause Library and VerifAI guides | The user will be allowed to create and make changes to clauses within the clause library. The user will also be allowed to create, update and deleted guides and enclosed guidelines. |
Extract Contract Metadata | The user will be allowed to run Smart Metadata Capture (SDC) on any contract they have access to |
Manage/Triage Intake | The user will be allowed to view, edit, and triage intake form requests |
The user will be allowed to create and make changes to workflows using the Workflow Manager, including setting up Express Contract templates
Contract, Workflows, and Intake permissions
Permission | Description |
Manage Members |
|
Manage Teams |
|
Manage Billing and Payments | The user will be allowed to purchase available add-ons on SpotDraft |
Manage Counterparties | The user will be allowed to add or modify counterparties. Note that it does not apply to campaigns and express contracts. |
Manage Security and Identity | The user will be allowed to manage the security and identity settings, including SSO, SCIM provisioning, etc. |
Manage Integrations | The user will be allowed to manage external integrations |
Manage Clickthrough | The user will be allowed to add new Clickthrough agreements or modify existing ones. |
Developer Settings | The user will be allowed to access the developer settings to generate and use API credentials, webhooks, etc. |
Bulk Update Contract Access | The user will be allowed to update the access to contracts in bulk from the repository |
View Contract Analytics | The user will be allowed to access the Contract Analytics |
Manage Contract Analytics | The user will be allowed to manage Contract Analytics |
Organization Settings | The user will be allowed to update the organization settings, such as the name, logo, entities, etc. |
Share Recurring Reports | The user will be allowed to add additional recipients to recurring email reports. |
Workspace permissions
Note: Users with Creator access to a contract type can initiate and submit Express Contracts (via + New > Express contract) and share Express Contract links with counterparties without needing “Manage Contract Types and Workflows” permission. The Workflow Manager permission is only required for setting up and configuring Express Contract templates.
Practical Scenarios for Manage Counterparties Permission
Contract Creation/Upload Workflow Requirement: When team members are uploading contracts or creating new contracts and need to add a counterparty that doesn't already exist in the system, they must have the ‘Manage Counterparties’ permission enabled. Without this permission, users will be unable to add new counterparties during these workflows, even if they have other necessary permissions like ‘Upload Contracts’ or contract type creator roles.
Permission Restrictions: Users without the ‘Manage Counterparties’ permission are restricted to selecting only from pre‑existing counterparties in dropdown lists. They cannot add new counterparty names or use AI suggestions to populate counterparty fields.
Troubleshooting Tip: If users report being unable to add counterparties during contract creation or upload, or if they cannot see AI suggestions for counterparty names, check that their team has the ‘Manage Counterparties’ permission enabled in addition to their other contract‑related permissions.
Roles
Contract type roles
You can assign a member or team to any of the following pre-defined roles, each with corresponding permissions.
Creators: Allowed to create contracts of the selected type and act as the business user.
Viewers: Allowed to view all contracts of the selected type.
Suggesters: Allowed to make edits to contracts of this type, with changes tracked, provided they are also added as viewers. Their edits require approval from an editor before they reflect on the document.
Editors: Allowed to make edits to contracts of this type, as long as they are either added as viewers of the contract type or requested to review a contract of this type. If their review is requested, they also become the legal user of the contract.
Signatories: Allowed to act as signatories for contracts of this type. The business user will select the required signatory from the list.
Controlling Contract Visibility by Team
When a contract type is used by multiple teams, you can ensure that contracts created by one team are visible only to that team.
If a contract type is shared across multiple teams (for example, Sales US, Sales EMEA, and Sales EU), you can enable the option “Automatically grant viewer access to creator’s team members.”
When this option is enabled:
All members of the team(s) that the contract creator belongs to automatically get viewer access to the contract.
Other creator teams will not be able to view the contract unless they also belong to the creator’s team.
For example, if a Sales US user creates a Master Service Agreement (MSA), all members of Sales US will be able to view the contract, but Sales EMEA and Sales EU will not.
If certain users or teams should have access to all contracts created using this contract type, add them to the Viewers list.
In the example above, the Legal team is added as a viewer. This means the Legal team will have view access to all MSAs, regardless of which Sales team created them.
Note: If a user belongs to multiple teams, all members of those teams will receive access when that user creates a contract. For example, if a user is part of Sales EMEA and Sales EU, members of both teams will be able to view the contract they create, along with any teams added as Viewers.
Contract roles
Business user: The creator of a contract is automatically the business user, and they receive all notifications related to the contract and have permission to perform basic operations like requesting reviews and sending the contract out for collecting signatures. It is possible to reassign the business user, and the list of business users that gets populated in the selection dropdown is from the list of creators added at the contract type level.
Legal user: Business users can request reviews from a predefined set of legal users (Editors) when legal input is required. The selected reviewer becomes the legal user of the contract. It is also possible to assign a legal user without requesting a review by going to the party information card on the contract summary page.
Approver: When approval is triggered for a contract based on pre-defined conditions on the workflow or when an ad-hoc approval is requested, the member whose approval is requested gains access to this contract.
Signatory: The signatory designated to sign a contract gets access to this contract.
Follower: A Follower is any user who is actively tracking a contract's progress. Unlike other roles, "Follower" is a role focused entirely on visibility and organization.
How it's assigned: You are added as a follower automatically when you are @mentioned, assigned a task, or are the designated Business/Legal user. You can also manually follow a contract.
No Added Permissions: Being a follower does NOT grant any additional access, viewing rights, or editing privileges. You must already have permission to view a contract to see it in your "Following" list.
Purpose: This role ensures the contract is surfaced in your personalized Home page and the "Following" view in the Repository, making it easy to track without being the contract "owner."
Permission | Business User | Legal User (If they have 'view' access or have been requested a review) | Approver | Signatory |
BASIC ACTIONS | ||||
View | Yes | Yes | Yes | Yes |
Edit | Configurable | Yes | No | No |
Void | Yes | Yes | No | No |
Put on hold | Yes | Yes | No | No |
Modify key pointers | Yes | No | No | No |
Upload version | Yes | Yes | No | No |
REDLINING | ||||
Request internal review | Yes | Yes | Yes | No |
Request internal approval | Yes | Yes | No | No |
Send for counterparty review | Yes | Yes | No | No |
Suggest (Edit with track-changes) | No | Yes | Yes | No |
Review | No | Yes | No | No |
Approve | No | No | Yes | No |
READY TO BE SIGNED | ||||
Mark for execution | Yes | Yes | No | No |
Unmark for execution | Yes | Yes | No | No |
Prepare for signing | Yes | Configurable | No | No |
Send for signatures | Yes | Yes | No | No |
Sign | No | No | No | Yes |
NOTIFICATIONS | ||||
Get all email communications | Yes | No | No | No |
Get all Slack notifications | Yes | No | No | No |
Permission matrix
Role name | Can view | Can suggest | Can edit | Additional info |
Creator | Yes (The contracts that they created) | Configurable | Configurable | It is possible to configure whether or not the creator can suggest/edit the contracts they created. Under no circumstances will they be allowed to edit contracts created by someone else unless explicitly granted access. |
Viewer | Yes (All contracts of this contract type) | No | No | - |
Suggester | No | No | No | They get no access until they gain viewer access |
Editor | No | No | No | They get no access until they gain viewer access. It is a common assumption that an editor should automatically gain viewer access, but that’s not how it is designed. For example, John and Jane are editors of MSAs. There are 100 MSAs on SpotDraft. Of those, John is required to review only 40 of them based on certain logic, and Jane is supposed to review the remaining 60. If we give implicit viewer access to the editors, John and Jane will see 60 and 40 irrelevant contracts respectively. |
Signatory | No | No | No | They get no access until they gain viewer access. The users or teams selected here are responsible for populating the signatory selection dropdown when creating a contract. Once the user selects a signatory, they gain access to that contract. |
Suggester + Viewer | Yes (All contracts of this contract type) | Yes (All contracts of this contract type) | No | - |
Editor + Viewer | Yes (All contracts of this contract type) | Yes (All contracts of this contract type) | Yes (All contracts of this contract type) | - |
Editor + Reviewer | Yes (The contracts that they are a reviewer for) | Yes (The contracts that they are a reviewer for) | Yes (The contracts that they are a reviewer for) | - |
Editor + Legal user (Not reviewer) | No | No | No | This is used when the legal team is responsible for assigning someone from their team as the legal user. The business user can then refer to this when they want to request a review instead of tagging the team. |
Editor + Approver | Yes (The contracts that they are an approver for) | No | No | When approval is requested from someone, they get access to view the contract. |
Restrict editing of the template questionnaire for a contract
In this section, you will learn how to add restrictions on who can edit the template questionnaire of a template contract.
📖 Navigating to access control settings for a contract type
Select Access Control from the Settings section in the left navigation.
Select Contract Types from the top header
📖 Setting up restrictions to edit the template questionnaire
Find the required Contract Type and click on the edit button
Select Advanced Settings and change the setting from Allowed to Blocked
📖 Adding a list of exempted users
If you wish to allow certain teams to perform this restricted action, select them from the dropdown.
Save your changes
💡Example of a use-case: The sales team will create the contracts, answer the questionnaire, and send it to the counterparty. If the counterparty wishes to change certain terms of the contract, only the legal team can access the questionnaire to edit the answers to the questions.
Inviting users
In certain situations, you might require input on a contract from individuals who aren't predefined within your contract settings. In these cases, you can use the Invite Team feature. This feature allows you to grant specific permissions (such as viewer, suggester, or editor) to these individuals based on your permissions. For example, if Jane has suggester privileges for a contract type, she can invite others as suggesters or viewers, but not as editors.
This feature also enables you to invite people who aren't already part of your SpotDraft workspace. This is particularly useful when you need input from external legal counsel on specific contracts. When such individuals are invited, they're added to the list of members. However, until they're assigned to a team or role, they won't have access to anything except the contract they're invited to review.
Note:
This is not intended to invite a counterparty into the contract. If you need the counterparty to collaborate on a contract, send it to them for review.
For added security, it's possible to whitelist a specific set of domains from which users can be invited.
The permission that a user will have on a contract will be the union of the permissions they gained from the contract type and the individual contract. For instance, if Jane is added as an editor to the MSA contract type, but not as a viewer, she will not be able to view any MSAs. But if she’s invited as a viewer to an MSA, then she will be able to view it and edit it.
Permission matrix
Role name | Can view | Can suggest | Can edit | Additional info |
Viewer | Yes (This contract) | No | No | - |
Suggester | Yes (This contract) | Yes (This contract) | No | The key difference between setting up a suggester on a contract type vs inviting someone as a suggester on a contract is that in the latter, the invited user gets implicit viewer access. The reason is that if someone is being invited to make suggestions on a contract, it’s logical that they should be able to view the contract. |
Editor | Yes (This contract) | Yes (This contract) | Yes (This contract) | The key difference between setting up an editor on a contract type vs inviting someone as an editor on a contract is that in the latter, the invited user gets implicit viewer access. The reason is that if someone is invited to make edits to a contract, it’s logical that they should be able to view the contract. |
FAQ
I've added John as an editor for my NDA contract type. Why can't he access or view any of the NDAs created by my business team?
Adding John as an editor doesn't automatically grant him permission to view or access contracts. It simply allows him to edit them once he gains viewing access. He can gain access in three ways:The business user can use the Request Review option on the contract and select John as the reviewer. This grants him access to that specific contract.
The business user can use the Invite Team option on the contract and select John as a viewer. This grants him access to that specific contract.
John can be added as a viewer to the NDA contract type. This grants him access to all the NDAs created.
Can an admin access all the contracts?
By default, admins cannot access any contracts. However, they possess the ability to make any change to the workspace. This means they can add themselves as a contract-type viewer, editor, etc., and gain access.