This guide provides technical instructions for the definition, assignment, and management of functional roles within an IUSign Enterprise tenant.
Prerequisites
- Assigned Admin or Owner role within the tenant.
- Successful authentication into the IUSign portal.
Strategic Overview
Effective organizational governance requires the granular delegation of authority based on the principle of least privilege. In the IUSign ecosystem, Roles are the mechanism by which administrators control data visibility and operational capability. By assigning specific roles to team members, organizations can ensure that sensitive document assets and administrative settings are protected from unauthorized access while enabling employees to execute their required workflows efficiently.
IUSign Role Hierarchy and Permissions
The platform provides several predefined role categories designed to align with standard corporate structures:
| Role Category | Operational Authority | Data Visibility | Primary Use Case |
|---|---|---|---|
| Owner | Absolute | Universal | Primary account holder; billing and legal lead. |
| Admin | High | Universal | IT managers and departmental leads. |
| User | Standard | Individual-only | Standard employees executing day-to-day contracts. |
| Viewer | Read-Only | Universal/Shared | Compliance officers and legal auditors. |
1. The "Owner" Role
The Owner is the primary administrative identity for the tenant.
- Unique Permissions: Only the Owner can delete the tenant, modify the primary billing relationship, or transfer ownership to another user.
- Governance: Every tenant must have exactly one Owner.
2. The "Admin" Role
Administrators have broad operational authority over the tenant.
- Functional Access: Can manage all users, modify tenant-wide settings (branding, security), and view all documents across the organization.
- Restriction: Cannot modify billing or delete the organization.
3. The "User" Role
This is the standard role for team members who need to send and sign documents.
- Functional Access: Can create envelopes, use shared templates, and manage their own repository.
- Restriction: Cannot view other users' private documents unless specifically shared via a Signing Group.
4. The "Viewer" Role
A specialized role for oversight and auditing.
- Functional Access: Read-only access to the document repository and audit trails.
- Restriction: Cannot create, send, or modify any transactions.
Implementation Sequence
1. Modifying a User's Role
Navigate to Admin Dashboard → Users.
- Locate the target team member.
- Select the Edit Role action.
- Choose the new functional role from the dropdown menu.
- Finalization: Select Save Changes. The new permission set is applied immediately upon the user's next server interaction.
2. Role Delegation Best Practices
- Least Privilege: Assign the minimum role necessary for a user to complete their tasks. Most employees should be assigned the "User" role.
- Audit Periodicity: Regularly review the user list to ensure that administrative access is still required for all assigned Admins.
- Offboarding: When a team member leaves, immediately transition them to a Deactivated status to revoke all access while preserving their historical audit data.
Diagnostic and Resolution Protocols
| System Exception | Probable Cause | Resolution Protocol |
|---|---|---|
| Cannot change "Owner" | Governance constraint | To change the Owner, you must initiate a formal Transfer of Ownership via the Billing settings. |
| User lacks expected access | Role mismatch | Verify that the user has been assigned the "User" or "Admin" role; "Viewers" cannot initiate transactions. |
| Permission lag | Active session persistence | Advise the user to log out and re-authenticate to refresh their session's permission manifest. |