Sample Permission Matrix for Buying Entities
The permission matrix will be defined during implementation, but this is a sample of how permissions may be leveraged for your organization.
Role/Permission/Group | Options | What it does |
Connection Role | Buyer, Seller, Both | By default, Graphite will set this as Buyer for customers who use Graphite for their procurement organization. However, for companies that are also SUPPLIERS for a customer in Graphite, then somebody will either need to be Seller or Both |
Admin | REQUIRED All unassigned tasks roll up to users in the Admin role and these users have the ability to complete any task. The Admin role does not grant permission for user management, management of API keys, or the ability to view integrations and audit logs. These users can view Single Sign-On (SSO) setup pages but cannot edit. | |
User Admin | REQUIRED This user has many of the same basic permissions as the Admin, but unassigned tasks do not roll up to users with User Admin permission. Instead, User Admin additionally grants control to manage, remove, and approve users and manage and assign role mapping when SSO is enabled. Access to API keys and integration logs is restricted. | |
IT Admin | This permission allows the management of API keys and allows the user to view integrations and audit logs. | |
Delete Connection | REQUIRED These users have the ability to disconnect from a supplier profile in Graphite. Required once the connection moves to Review, Connect, and Connected. This is different than a "Block". At least 1 person should be in this role. | |
Opportunity Management | These users have the ability to manage pre-registration and/or campaign links. | |
Bulk Supplier Information Updates | These users have the ability to create a task (in bulk) to a group of suppliers identified on the Connections page (via filters) | |
Banking | REQUIRED These users have permission to view supplier banking details after 2FA | |
Tax | REQUIRED These users have permission to view supplier tax details after 2FA | |
Manage Invite | REQUIRED WHEN CONFIGURATIONS INCLUDE NSJ APPROVALS If any of the NSJ approvals are not approved, it will stop with this person. | |
Manage Accept |
REQUIRED For incoming invitations, this user accepts the request. The system requires at least one person in this role. By default, if users in this permission have the "buyer" or "both" role, then Non-Network connections requests will require approval by this group. |
|
Manage Review | REQUIRED If any topic reviews are not approved, it will stop with this person. Must have at least 1 person in this role. | |
Manage Connect | When used, connections must be approved before transitioning to Connected. | |
Sales, Order, and Payment | This is considered a "topic" in Graphite. Users in this topic will be notified when the supplier updates any sales, order, or payment details, or if the supplier sends a message relating to this topic. If there are no users in this group, all updates or messages will roll up to the Admins. | |
Non-Network Requests | REQUIRED Users in this group have the ability to create and manage Non-Network (Proxy) supplier records. | |
Bulk Communications | These users have the ability to send a message (in bulk) to a group of suppliers identified on the Connections page (via filters) | |
Diversity | This is considered a "topic" in Graphite. Users in this topic will be notified when the supplier updates its diversity details, or if the supplier sends a message relating to this topic. If there are no users in this group, all updates or messages will roll up to the Admins. | |
Environmental Sustainability | This is considered a "topic" in Graphite. Users in this topic will be notified when the supplier updates its environmental sustainability details, or if the supplier sends a message relating to this topic. If there are no users in this group, all updates or messages will roll up to the Admins. | |
All other topics | Other topics include Ethics and Integrity, Contingent Worker, Workforce and Labor, Data Privacy, Information Security, etc. All topics follow the same rules as defined in Diversity and Environmental Sustainability (see above). | |
Service Tickets | REQUIRED Users in this group will be assigned any Service Tickets that are created, like extensions, payment terms updates, etc. |
For more information on user roles, onboarding permissions, topic ownership, and user groups, see: Roles & Permissions >