Skip to content
Contracko Logo Documentation
Login
Documentation

Contract permissions

Contract permissions control who has access to a given contract. What each person can do once they have access is set by their organisation role β€” see Multi-user organisations for the role taxonomy.

How contract access works

By default, every contract is accessible to everyone in your organisation. That's the right default for most teams β€” contracts live in one shared repository, and the role each person has caps what they can do.

When a contract needs to be restricted (sensitive vendor terms, HR agreements, anything you'd file under "need to know"), you scope it down explicitly.

Manage permissions drawer with owner, restricted toggle, and team access levels

Scoping access to specific people or groups

Open the contract and find the access section. From there you can:

  • Add a specific person β€” only they (plus the owner) will have access.
  • Add a group β€” everyone in the group inherits access. As people join or leave the group, their access updates automatically.
  • Mix the two β€” for example, the Finance group plus one external reviewer.

Save, and the contract reflects the new scope immediately.

Permissions card on a contract showing owner and group access

Use folders to scope at scale

Setting access contract by contract becomes impractical as your repository grows. The cleaner pattern is to scope a folder instead: every contract inside the folder inherits the folder's access settings, and new contracts dropped into the folder are automatically scoped correctly. See Organising contracts with folders.

Setting permissions for the full organisation

To open a previously restricted contract back up to the whole team, switch the access back to "everyone in the organisation."

Changing the contract owner

Each contract has one owner, who gets full access and is the default recipient of notifications. You can transfer ownership to another team member from the access section. The new owner inherits full access automatically.

Tips

Lean on the default. Trying to restrict every contract is more work than it usually saves. Restrict only the ones that truly need it.

Scope at the folder level whenever you can. It scales with your repository and stays correct as people move teams.

Combine a group with a specific person sparingly. It works, but if you're doing it on more than a handful of contracts, your group structure probably needs a tweak.

ennldefresitpt