Users, Roles, and Rights in IgniSign
Introduction
IgniSign implements a comprehensive role-based access control system that governs what users can do within the platform. This document explains the different types of users, their roles, and the specific rights associated with each role.
User Types
In IgniSign, users are categorized based on their relationship with the platform:
Platform Users
Users who manage the IgniSign platform itself (Ignisign administrators).
Organization Users
Users who belong to an organization using IgniSign. They manage signature workflows within their organization.
Application Users
Users who interact with a specific application that integrates with IgniSign.
Signers
End-users who are invited to sign documents through IgniSign.
Roles Hierarchy
The following diagram illustrates the hierarchical relationship between different roles in IgniSign:
Role Definitions
Platform Roles
| Role | Description |
|---|---|
| Super Admin | Has complete access to all features and functions across the entire platform |
Organization Roles
| Role | Description |
|---|---|
| Organization Owner | The primary administrator for an organization with full control over all aspects |
| Organization Admin | Has administrative permissions for the organization but with some limitations |
| Organization Billing | Can manage billing information and view invoices for the organization |
| Organization User | Basic user with limited access to organization resources |
Application Roles
| Role | Description |
|---|---|
| Application Admin | Has full control over a specific application |
| Application Manager | Can manage application settings and features but with some limitations |
| Application Operator | Can perform day-to-day operations within an application |
| Application Reader | Has read-only access to application data |
External Roles
| Role | Description |
|---|---|
| Signer | Can sign documents when invited |
| Invited Proof Reader | Has permission to view signature proofs |
| Invited Document Provider | Can provide documents for signatures |
Scope of Access
IgniSign controls access at different levels (scopes):
Functions and Permissions
IgniSign organizes permissions around functional areas:
Platform Functions
- Platform Management
Organization Functions
- Organization Archiving
- Billing
- Organization Member Management
- Delegation Agreement
- Organization Basic Information
Application Functions
- Application Customization
- Application Members Management
- API Keys
- Webhooks
Document Functions
- Document Templates
- Signature Profiles
- Signature Requests
- Signers
- Signature Sessions
- Signature Proofs
Detailed Permissions Matrix
The following table shows which permissions are available to each role:
| Permission | Super Admin | Org Owner | Org Admin | Org Billing | Org User | App Admin | App Manager | App Operator | App Reader | Signer | Proof Reader | Doc Provider |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Platform Organization Management | ✓ | - | - | - | - | - | - | - | - | - | - | - |
| Platform User Management | ✓ | - | - | - | - | - | - | - | - | - | - | - |
| Platform KPI | ✓ | - | - | - | - | - | - | - | - | - | - | - |
| Organization Archiving | ✓ | ✓ | ✓ | - | - | - | - | - | - | - | - | - |
| Organization Billing | ✓ | ✓ | ✓ | ✓ | - | - | - | - | - | - | - | - |
| Organization Member Management | ✓ | ��✓ | ✓ | - | - | - | - | - | - | - | - | - |
| Organization Delegation Agreement | ✓ | ✓ | ✓ | - | - | - | - | - | - | - | - | - |
| Organization Basic Information (Read) | ✓ | ✓ | ✓ | ✓ | ✓ | - | - | - | - | - | - | - |
| Organization Basic Information (Write) | ✓ | ✓ | ✓ | - | - | - | - | - | - | - | - | - |
| Application Customization | ✓ | ✓ | ✓ | - | - | ✓ | - | - | - | - | - | - |
| Application Member Management | ✓ | ✓ | ✓ | - | - | ✓ | - | - | - | - | - | - |
| API Keys Management | ✓ | ✓ | ✓ | - | - | ✓ | - | - | - | - | - | - |
| Webhooks Management | ✓ | ✓ | ✓ | - | - | ✓ | ✓ | - | - | - | - | - |
| Document Template Management | ✓ | ✓ | ✓ | - | - | ✓ | ✓ | - | - | - | - | - |
| Document Template Read | ✓ | ✓ | ✓ | - | - | ✓ | ✓ | ✓ | ✓ | - | - | - |
| Signature Profile Management | ✓ | ✓ | ✓ | - | - | ✓ | ✓ | - | - | - | - | - |
| Signature Profile Read | ✓ | ✓ | ✓ | - | - | ✓ | ✓ | ✓ | ✓ | - | - | - |
| Signature Request Management | ✓ | ✓ | ✓ | - | - | ✓ | ✓ | ✓ | - | - | - | - |
| Signature Request Read | ✓ | ✓ | ✓ | - | - | ✓ | ✓ | ✓ | ✓ | - | - | - |
| Signers Management | ✓ | ✓ | ✓ | - | - | ✓ | ✓ | ✓ | - | - | - | - |
| Signers Read | ✓ | ✓ | ✓ | - | - | ✓ | ✓ | ✓ | ✓ | - | - | - |
| Signature Session Execution | - | - | - | - | - | - | - | - | - | ✓ | - | - |
| Signature Proof Restricted Read | ✓ | ✓ | ✓ | - | - | ✓ | ✓ | ✓ | ✓ | - | - | - |
| Signature Proof Shared Read | ✓ | ✓ | ✓ | - | - | ✓ | ✓ | ✓ | ✓ | - | ✓ | - |
| Document Provider | - | - | - | - | - | - | - | - | - | - | - | ✓ |
Managing Users and Roles
For DIY Users
As an organization administrator, you can manage users and their roles through the IgniSign Console:
- Log in to the IgniSign Console at console.ignisign.io
- Navigate to your organization settings
- Select "Users & Members" from the sidebar
- From here you can:
- View existing users
- Invite new users
- Assign roles to users
- Remove users from your organization
For Developers
You can programmatically manage users and roles through the IgniSign API:
// Example: Inviting a new application user using the Node.js SDK
const { IgnisignClient } = require('ignisign-node');
const client = new IgnisignClient({
applicationId: 'your-application-id',
apiKey: 'your-api-key'
});
await client.inviteNewAppUser({
appId: 'your-application-id',
email: '[email protected]',
firstName: 'John',
lastName: 'Doe',
roles: ['APP_OPERATOR']
});
Best Practices
- Principle of Least Privilege: Assign users the minimum level of access they need
- Regular Audits: Periodically review user roles and permissions
- Role Separation: Maintain separation of duties by assigning distinct roles to different users
- Environment Isolation: Keep development, testing, and production environments separate
Conclusion
Understanding the roles and rights system in IgniSign is crucial for maintaining secure and efficient signature workflows. For more information, please refer to our API documentation or contact our support team.