Roles & Permissions

  • Updated

Each user in graphiteConnect is assigned a role and can also be assigned specific system permissions.  This article explains user roles, onboarding permissions, topic ownership, and user groups.


Connection Role (buyer vs. seller)

Both buyers and sellers can see all connections on the Connections page, but their default view depends on what role they have set.

As a rule, Buyers see the information a supplier shares, such as W9, banking information, and compliance details. Buyers do not see that information for their own company.


These users have a “request new supplier” button on the homepage. By default, suppliers are displayed on the Connections page.


These users do not have a “request new supplier” button on the homepage. 

These users have the ability to request a new supplier and customer. Users with Both selected will also choose which view should be their default. 




System Permissions


These users have the ability to manage user permissions.

Cancel Connection:

These users have the ability to disconnect from a supplier.


Permits users to access W9s and SSNs once authenticated. (See buyer vs. seller rule above - buyers can view the supplier’s information, but will not have access to view this information for their own company.)


Permits users to access IBAN and bank account numbers once authenticated. (See buyer vs. seller rule above - buyers can view the supplier’s information, but will not have access to view this information for their own company.)


Onboarding Permissions

Manage Invite:

This is an optional role that allows the buying entity to create an approval process for outgoing invitations. If used, your company can designate a user to review either all invitations or particular invitations based on your company’s requirements.

Manage Accept:

These users will be the final approval before submitting company information for Customer review. These users will also receive the invitation email.

Manage Review:

This is an optional role. Most commonly used when a supplier is rejected during one of the compliance topic reviews. Users in this role will have the ability to push the supplier through the process as appropriate or disconnect from the supplier until the business engagement changes.

Manage Connect:

This is an optional role, but often used as a final approval before marking connections as complete and syncing vendor records with the ERP.




Topic Ownership

Every distinct group of questions in graphiteConnect is referred to as a Topic. Users who are assigned “topic ownership” will receive task assignments and message notifications for their topic.


  • Information Security topic owners will be assigned tasks when a supplier has moved to Review and an InfoSec review is required
  • Information Security topic owners will receive messages during back-and-forth communication with the supplier
  • The Sales/Payment topic owner will receive a confirmation task when the supplier
    updates their bank details

When no topic owner exists, these tasks will be assigned broadly to all admins with the buyer role.




User Groups

Buying entities with robust business requirements can leverage user groups for custom permissions and advanced task segmentation.

Task segmentation

For system groups such as Onboarding Permissions and Topics, task rules and assignments can be triggered on any data point and any logic.


  • Assign task based on supplier country of registration
  • Require review by Person A when spend exceeds $50,000, and Person B when spend exceeds $100,000
  • Require review by Procurement when supplier type = VAR before sending invitation

Custom configurations

Both system groups and custom user groups can be used when a company needs to create special permissions for certain groups of users. graphiteConnect can support whatever use case you can think of.

Potential use cases:

  • Restrict the Information Security topic so only topic owners can view supplier answers in the InfoSec topic or kick off a supplier rescreen
  • Restrict the ability to see the email addresses (PI) in the Sales/Payment and InfoSec topics
  • Only allow certain users to start the invitation process for a specific type of supplier (e.g. Rebate, Royalty, etc.)
  • Send notifications to a group of users based on a custom trigger event
  • Note: Users in the Non-Network Requests group are the only people who can create a Non-Network supplier (this custom group is built by default)

Was this article helpful?

1 out of 1 found this helpful