Skip to main content

Users, Roles, and Rights in IgniSign

Introduction

IgniSign implements a comprehensive role-based access control system that governs what users can do within the platform. This document explains the different types of users, their roles, and the specific rights associated with each role.

User Types

In IgniSign, users are categorized based on their relationship with the platform:

Platform Users

Users who manage the IgniSign platform itself (Ignisign administrators).

Organization Users

Users who belong to an organization using IgniSign. They manage signature workflows within their organization.

Application Users

Users who interact with a specific application that integrates with IgniSign.

Signers

End-users who are invited to sign documents through IgniSign.

Roles Hierarchy

The following diagram illustrates the hierarchical relationship between different roles in IgniSign:

Role Definitions

Platform Roles

RoleDescription
Super AdminHas complete access to all features and functions across the entire platform

Organization Roles

RoleDescription
Organization OwnerThe primary administrator for an organization with full control over all aspects
Organization AdminHas administrative permissions for the organization but with some limitations
Organization BillingCan manage billing information and view invoices for the organization
Organization UserBasic user with limited access to organization resources

Application Roles

RoleDescription
Application AdminHas full control over a specific application
Application ManagerCan manage application settings and features but with some limitations
Application OperatorCan perform day-to-day operations within an application
Application ReaderHas read-only access to application data

External Roles

RoleDescription
SignerCan sign documents when invited
Invited Proof ReaderHas permission to view signature proofs
Invited Document ProviderCan provide documents for signatures

Scope of Access

IgniSign controls access at different levels (scopes):

Functions and Permissions

IgniSign organizes permissions around functional areas:

Platform Functions

  • Platform Management

Organization Functions

  • Organization Archiving
  • Billing
  • Organization Member Management
  • Delegation Agreement
  • Organization Basic Information

Application Functions

  • Application Customization
  • Application Members Management
  • API Keys
  • Webhooks

Document Functions

  • Document Templates
  • Signature Profiles
  • Signature Requests
  • Signers
  • Signature Sessions
  • Signature Proofs

Detailed Permissions Matrix

The following table shows which permissions are available to each role:

PermissionSuper AdminOrg OwnerOrg AdminOrg BillingOrg UserApp AdminApp ManagerApp OperatorApp ReaderSignerProof ReaderDoc Provider
Platform Organization Management-----------
Platform User Management-----------
Platform KPI-----------
Organization Archiving---------
Organization Billing--------
Organization Member Management---------
Organization Delegation Agreement---------
Organization Basic Information (Read)-------
Organization Basic Information (Write)---------
Application Customization--------
Application Member Management--------
API Keys Management--------
Webhooks Management-------
Document Template Management-------
Document Template Read-----
Signature Profile Management-------
Signature Profile Read-----
Signature Request Management------
Signature Request Read-----
Signers Management------
Signers Read-----
Signature Session Execution-----------
Signature Proof Restricted Read-----
Signature Proof Shared Read----
Document Provider-----------

Managing Users and Roles

For DIY Users

As an organization administrator, you can manage users and their roles through the IgniSign Console:

  1. Log in to the IgniSign Console at console.ignisign.io
  2. Navigate to your organization settings
  3. Select "Users & Members" from the sidebar
  4. From here you can:
    • View existing users
    • Invite new users
    • Assign roles to users
    • Remove users from your organization

For Developers

You can programmatically manage users and roles through the IgniSign API:

// Example: Inviting a new application user using the Node.js SDK
const { IgnisignClient } = require('ignisign-node');

const client = new IgnisignClient({
applicationId: 'your-application-id',
apiKey: 'your-api-key'
});

await client.inviteNewAppUser({
appId: 'your-application-id',
email: '[email protected]',
firstName: 'John',
lastName: 'Doe',
roles: ['APP_OPERATOR']
});

Best Practices

  • Principle of Least Privilege: Assign users the minimum level of access they need
  • Regular Audits: Periodically review user roles and permissions
  • Role Separation: Maintain separation of duties by assigning distinct roles to different users
  • Environment Isolation: Keep development, testing, and production environments separate

Conclusion

Understanding the roles and rights system in IgniSign is crucial for maintaining secure and efficient signature workflows. For more information, please refer to our API documentation or contact our support team.