How to manage user permissions and roles in Oneflow for secure collaboration

Good contracts need good boundaries. If you’re using Oneflow to handle contracts and documents, you already know it’s a solid tool for collaboration. But that only works if you’re clear about who can see, edit, or sign what—and who absolutely shouldn’t. This guide is for admins, team leads, or anyone who’s responsible for making sure the right people have the right access (and everyone else is locked out).

Let’s walk through the nuts and bolts of managing user permissions and roles in Oneflow, what to watch out for, and how to avoid the most common mess-ups.

1. Get the Basics Straight: How Oneflow Handles Users, Roles, and Permissions

Before you start clicking around, it helps to know how Oneflow thinks about users and permissions:

  • Users: Anyone with a login to your Oneflow workspace.
  • Roles: Predefined sets of permissions you assign to users. Think “Admin,” “Team Member,” or “Viewer.”
  • Permissions: Specific actions a role allows—like viewing, editing, sending, or managing contracts.

Pro tip: Oneflow’s permission system isn’t wildly complex, but it’s also not 100% customizable. You can’t create granular, custom permissions for every possible action. You have to work with their role structure.

2. Start with the Big Picture: Map Out Your Teams and Needs

Before you add or edit anything:

  • List out your teams and what they actually need to do.
    • Who drafts contracts?
    • Who just needs to sign?
    • Who manages templates?
    • Who should never see sensitive contracts?
  • Decide if you need more than one workspace.
    • Oneflow lets you have multiple workspaces (for departments, subsidiaries, or regions). Permissions are set per workspace, so use this if you need tight separation.

What to skip: Don’t overcomplicate things. If you only have a handful of users, don’t create a bunch of roles you’ll never use.

3. Step-by-Step: Set Up Roles and Permissions in Oneflow

Here’s the brass tacks—how to actually do this in the Oneflow admin area.

1. Access the Admin Settings

  • Log in with an account that has admin rights.
  • Click your profile icon, then choose Admin or Settings (the wording might change, but you’re looking for the admin panel).

2. Review the Default Roles

Oneflow usually offers roles like:

  • Admin: Full access—manages everything and everyone.
  • Manager: Can edit and send contracts, manage templates, oversee teams.
  • Member: Can create and send contracts, but with fewer management powers.
  • Viewer: Can only view contracts—no edits, no sending.

Honest take: These defaults cover most real-world teams. Don’t reinvent the wheel unless you have a clear reason.

3. Edit or Create Custom Roles (If Needed)

  • Go to Roles & Permissions (or similar menu).
  • See if you can edit existing roles. Some core permissions may be locked.
  • If your plan allows, create a new role. Set the permissions as needed:
    • Create contracts
    • Edit contracts
    • Send contracts
    • Delete contracts
    • Manage templates
    • Manage users
    • View only

Heads up: Cheaper Oneflow plans may not offer full custom roles. If you’re on a basic plan, you’re mostly stuck with defaults.

4. Assign Roles to Users

  • Go to Users or Team Members.
  • Add a new user with their email. Assign a role before you send the invite.
  • For existing users, you can usually click their name and change their role right there.

Tip: Double-check what workspace you’re in before you add or edit users. It’s easy to assign someone to the wrong workspace if you’re moving fast.

5. Fine-Tune Access with Workspaces and Teams

  • If your organization has multiple workspaces, users can be in more than one—with different roles in each.
  • Use teams to group users who need the same permissions (e.g., “Sales Nordics,” “Legal UK”).

What’s missing: Oneflow doesn’t let you set permissions per individual document. If you need contract-by-contract control, you’ll have to get creative with workspaces or templates.

4. Best Practices: Keep Permissions Tight (But Not Annoying)

Getting the settings right is only half the battle. Here’s what actually works (and what doesn’t):

  • Give people the least access they need. If someone only needs to sign, don’t make them a Member.
  • Be skeptical of “just in case” Admins. Too many admins is a security risk. Appoint one, maybe two backups.
  • Review roles regularly. People change jobs, leave teams, or just don’t need access anymore. Set a reminder to check users every quarter.
  • Disable, don’t delete, if you’re unsure. If someone’s on leave or changing roles, disabling is safer than deleting. You can always re-enable later.
  • Train your admins. Even if Oneflow is “simple,” a 15-minute walkthrough saves headaches down the line.

What to ignore: Don’t waste time on permissions nobody needs. If your HR team never touches contracts, don’t add them “just in case.”

5. Troubleshooting: Common Permission Problems (and How to Fix Them)

No system’s foolproof. Here’s what trips people up and how to solve it:

  • User can’t see contracts they should: Double-check they’re in the right workspace and have the right role. Most “missing contract” issues are workspace mix-ups.
  • User can’t edit or send contracts: Their role is probably set to Viewer. Change it to Member or Manager.
  • Someone has too much access: Don’t just remove them—downgrade their role to Viewer or disable their account.
  • You can’t create a custom role: Your plan probably doesn’t support it. Check your subscription or ask Oneflow support if you’re unsure.
  • Accidentally invited someone as Admin: You’ll need another Admin to downgrade them. If you’re the only Admin, contact Oneflow support—there’s no magic fix for this.

Pro tip: Keep a backup Admin. If your only Admin leaves, you’ll need to go through Oneflow support, which slows everything down.

6. Security Pitfalls to Watch For

A few things Oneflow won’t warn you about—but you should know:

  • Shared logins are a terrible idea. Every user should have their own account. Shared accounts make audits useless.
  • Weak passwords are still a thing. Enforce strong passwords or, better yet, set up Single Sign-On (SSO) if your plan supports it.
  • Audit logs matter. If you’re a bigger team, check Oneflow’s logs to see who did what. It’s not the most detailed logging, but it’s better than nothing.
  • Offboarding is critical. Remove access as soon as someone leaves the company. Don’t wait until you “have time.”

7. Quick Reference: What Each Role Can (and Can’t) Do

Here’s a quick cheat sheet. (Remember, actual names and rights may differ slightly depending on your Oneflow plan.)

| Role | View | Create | Edit | Send | Delete | Manage Users | Manage Templates | |-----------|------|--------|------|------|--------|--------------|------------------| | Admin | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | | Manager | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ❌ | ✔️ | | Member | ✔️ | ✔️ | ✔️ | ✔️ | ❌ | ❌ | ❌ | | Viewer | ✔️ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ |

If you’re not sure, test with a dummy account. It’s the fastest way to see what someone can actually do.

8. Final Thoughts: Don’t Overthink It—Iterate as You Go

User permissions aren’t about perfection. They’re about keeping things safe without slowing everyone down. Start with the basics, give people only what they need, and check in every so often.

If you mess up, don’t sweat it—just fix it fast. And if Oneflow’s built-in roles cover 95% of what you need, use them and move on. The simpler your setup, the fewer headaches for everyone.

Now go lock things down, and get back to the real work.