Sample Permission Matrix for Buying Entities
The permission matrix will be defined during implementation, but this is a sample of how permissions may be leveraged for your organization.
| Role/Permission/Group | Options | What it does |
| Connection Role | Buyer, Seller, Both | By default, Graphite will set this as Buyer for customers who use Graphite for their procurement organization. However, for companies that are also SUPPLIERS for a customer in Graphite, then somebody will either need to be Seller or Both |
| Admin | REQUIRED All unassigned tasks roll up to users in the Admin role and these users have the ability to complete any task. The Admin role does not grant permission for user management, management of API keys, or the ability to view integrations and audit logs. These users can view Single Sign-On (SSO) setup pages but cannot edit. These users have access to the Connections tab to view all active and deleted connections, as well as the ability to convert to/from Non-Network. | |
| User Admin | REQUIRED This user has many of the same basic permissions as the Admin, but unassigned tasks do not roll up to users with User Admin permission. Instead, User Admin additionally grants control to manage, remove, and approve users and manage and assign role mapping when SSO is enabled. Access to API keys and integration logs is restricted. | |
| IT Admin | This permission allows the management of API keys and allows the user to view integrations and audit logs. | |
| Delete Connection | REQUIRED These users have the ability to disconnect from a supplier profile in Graphite. Required once the connection moves to Review, Connect, and Connected. This is different than a "Block". At least 1 person should be in this role. | |
| Opportunity Management | These users have the ability to manage pre-registration and/or campaign links. | |
| Bulk Supplier Information Updates | These users have the ability to create a task (in bulk) to a group of suppliers identified on the Connections page (via filters) | |
| Bulk Communications | These users have the ability to send a message (in bulk) to a group of suppliers identified on the Connections page (via filters) | |
| Banking | REQUIRED These users have permission to view supplier banking details after 2FA | |
| Tax | REQUIRED These users have permission to view supplier tax details after 2FA | |
| Report User | New in April 2025 These users have permission to view the new reports module. Prior to this all users had access to the legacy reports module. | |
| Final Invite Approval | REQUIRED WHEN CONFIGURATIONS INCLUDE NSJ APPROVALS If any of the NSJ approvals are not approved, it will stop with this person. | |
| Final Review Approval | REQUIRED If any topic reviews are not approved, it will stop with this person. Must have at least 1 person in this role. | |
| Final Connect Approval | When used, connections must be approved before transitioning to Connected. | |
| Manage Accept* |
As of the December 2024 release, this role is no longer required. Prior to this release, this was a required role for invitations being sent to suppliers. The list of users who can do this is now dynamic which will make connecting to new companies easier for suppliers to manage, especially at larger suppliers with multiple account managers. |
|
| Sales, Order, and Payment | This is considered a "topic" in Graphite. Users in this topic will be notified when the supplier updates any sales, order, or payment details, or if the supplier sends a message relating to this topic. If there are no users in this group, all updates or messages will roll up to the Admins. | |
| Non-Network Requests | REQUIRED Users in this group have the ability to create and manage Non-Network (Proxy) supplier records. | |
| Non-Network Approval | When used, non-network requests will require approval by users in this group. | |
| Diversity | This is considered a "topic" in Graphite. Users in this topic will be notified when the supplier updates its diversity details, or if the supplier sends a message relating to this topic. If there are no users in this group, all updates or messages will roll up to the Admins. | |
| Environmental Sustainability | This is considered a "topic" in Graphite. Users in this topic will be notified when the supplier updates its environmental sustainability details, or if the supplier sends a message relating to this topic. If there are no users in this group, all updates or messages will roll up to the Admins. | |
| Service Tickets | REQUIRED Users in this group will be assigned any Service Tickets that are created, like extensions, payment terms updates, etc. | |
| All other topics | Other topics include Ethics and Integrity, Contingent Worker, Workforce and Labor, Data Privacy, Information Security, etc. All topics follow the same rules as defined in Diversity and Environmental Sustainability (see above). |
For more information on user roles, onboarding permissions, topic ownership, and user groups, see: Roles & Permissions >