Last modified: 2024-06-14

Managing Roles

The Roles page enables you to create and manage the roles associated with your account. This functionality is available to Admins (or to any role that has the appropriate permissions).

A Role consists of a set of permissions. Once a role created, it can be assigned to individual users, enabling them to access the OneSpan Sign functionality they need.

If you are looking to migrate the roles and permissions that you defined in your Sandbox account to your Production account, OneSpan Sign has created a small Java application that can do this for you. For more information, see our Roles and Permissions Copy Tool.

To access the Roles page:

  • Click Admin > Roles.

The Roles page displays the following columns:

  • Role Name: Displays a list of all roles associated with the account.
  • Description: Provides a brief description of each role.
  • Status: Displays the role's current account status, such as Enabled or Disabled. A role that is disabled cannot be added to a user.

You can perform the following actions from the Roles page. Note that some of these actions can be performed only on the roles that you added to the account.

OneSpan Sign supports several predefined roles that cannot be modified or deleted (Manager, Admin, Sender, Notary, Trust Vault Manager). It also supports an unlimited number of customized roles. On the Roles page: (1) a globe icon appears next to a global role ; (2) a globe icon with a superimposed lock appears next to a predefined role; (3) no icon appears next to a customized local role.

If Enterprise Administration has been enabled for your account a Manager will not be able to assign a delegate for any of their senders.

Searching for a Role

To search for a role associated with your account:

  • Type the name of the role in the Search box, and click Return. As you type, the list of roles will filter to those that match your search term.

Adding a Role to Your Account

To add a new role to your account:

  1. Click Add, and type the role's name and description. You can also specify if the role is to be immediately enabled.
  2. Click Add Permissions. A list of all possible permissions appears.
  1. Select all the permissions you wish to add to the role. For more about permissions, see Permission Descriptions.
  2. Click Add.
  3. Click Save.

Permission Descriptions

The following permissions can be applied to roles to provide access to various features within your account.

To see which permissions have been assigned to a particular role, select the role. A Role Details pane will provide additional information about the role, including a list of all its permissions.

Not All Features Apply

  • The permissions visible to you reflect the features enabled for your account. Some of the permissions listed here may not be available for you to select.
  • No user can change their own permissions.

Available Permissions

Permission Permission ID Description
Trust Vault Permissions
No access   This permission denies access to the Trust Vault.
View their own transactions   This permission enables a Sender to view any of their transactions that have been archived to the Trust Vault.
View and delete their own transactions   This permission enables a Sender to view and delete any of their transactions that have been archived to the Trust Vault.
View all transactions   This permission enables a Sender to view all transactions that have been archived to the Trust Vault.
View and delete all transactions   This permission enables a Sender to view and delete all transactions that have been archived to the Trust Vault.
Sender Admin Permissions
Custom Fields sender_admin.custom_fields This permission enables a Sender to create and manage Custom Fields.
User Management sender_admin.users This permission enables a Sender to manage the users associated with their account.
Subscription account billing details sender_admin.subscription

This permission enables a Sender to view the Subscription page, which contains billing details for their account.

API Access sender_admin.api_access This permission enables a Sender to allow customers to communicate with OneSpan Sign from within their own system via REST API calls.
Event Notification sender_admin.event_notification This permission enables a Sender to view their account's Event Notifications interface. Integrators can use this interface to request an automatic notification of events that concern the account.
Data Management sender_admin.data_management

This permission enables a Sender to specify how long transactions in various states will be retained on a OneSpan Sign server.

Signing Customization sender_admin.customization

This permission enables a Sender to re-brand the Signer Experience in several powerful ways.

Notary sender_admin.notary

This permission enables a Sender to enable the IPEN feature on a notary’s account. This feature enables the notary to e-sign and notarize documents in a “notarized transaction”.

Security Settings sender_admin.security_settings

This permission enables a Sender to specify a password policy for their account.

Account Configuration sender_admin.self_serve_account_settings This permission enables a sender to access the Account Configuration page.
Reports sender_admin.reports This permission enables a Sender to view the Reports menu in the Navigation Bar, and thus access reports about their account.
Roles sender_admin.role This permission enables a Sender to manage the roles associated with their account.
Group Permissions
Group Signing Management groups.group_signing_management This permission enables an Account Owner or Manager to manage Groups on their account (Sender UI Email Groups).
Template and Layout Permissions
Template templates_layouts.templates This permission allows administrators to add template access permissions to a role. For example, from the OneSpan Sign UI admins can now configure a role so that a user can see the Templates menu, and from there create, update, and delete templates. Integrators using our APIs can define whether a user can create, edit, or delete templates.
Share Template templates_layouts.share_templates This permission enables a Sender to make their templates available to other users on their account.
Save Layout  

This permission enables a Sender with this permission enabled for their role to create a layout from a transaction they are creating.

Note that this permission will override any configurations made in the Designer, meaning that if, for example, a user does not have the Save Layout permission enabled for their role they will not be able to save layouts, even if the Designer has been configured to allow that.

Share Layout templates_layouts.share_layouts This permission enables a Sender to make their layouts available to other users on their account.
Apply Layout  

This permission enables a Sender with this permission enabled for their role to apply a layout from a transaction they are creating.

Note that this permission will override any configurations made in the Designer, meaning that if, for example, a user does not have the Apply Layout permission enabled for their role they will not be able to apply layouts, even if the Designer has been configured to allow that.

Transaction Permissions
Transaction transaction.transaction This permission enables a sender to create, view and edit transactions.
In Person Signing transaction.in_person This permission enables a Sender to use the In-Person signing feature on a transaction.
Change Signer Option transaction.change_signer This permission enables a signer to delegate their signing responsibilities to another person.
Transaction visibility in delegation transaction.delegation_visibility

This permission enables a delegate to see all the transactions on the account they have been delegated to manage.

Enabling, Disabling, or Deleting a Role

To temporarily disable a role that has been added to an account, check the box beside it, and then click Disable.

To re-enable a disabled role, check the box beside it, and then click Enable.

To permanently delete a role from an account, check the box beside it, and then click Delete.

Was this information helpful?
X