How to manage user roles and permissions in Pandadoc for secure access

If you’re juggling contracts, proposals, or any kind of sensitive docs, you can’t afford to let the wrong people have the wrong kind of access. This guide is for folks who use Pandadoc to manage documents and want a no-nonsense approach to keeping things locked down—without getting lost in a maze of settings.

We’ll walk through setting up user roles, controlling permissions, and what to actually worry about (and what to just leave alone). Whether you’re an admin, a team lead, or the de facto “tech” person on your small team, you’ll leave knowing exactly how to keep your stuff secure—without making life miserable for everyone else.

Why Roles and Permissions Matter (and Where People Screw Up)

First, a quick reality check: user roles and permissions aren’t just about “security best practices”—they’re about saving yourself headaches. Letting someone edit or send documents they shouldn’t can mean busted workflows, compliance problems, or even legal trouble. On the flip side, locking everything down too tightly just means you’ll get a lot more “Hey, can you grant me access?” emails.

The key is striking a balance: don’t give people more access than they need, but don’t over-complicate your setup either. Most teams screw up by either making everyone an admin or micromanaging every single permission. Both are a pain.

Step 1: Understand Pandadoc’s User Roles

Pandadoc has a role-based access model. Here’s what you’re working with:

  • Admin: Full control—can add/remove users, change billing, mess with all settings. You only want admins you actually trust.
  • Manager: Can do almost everything admins can, but can’t change account-level stuff like billing or integrations.
  • Member: Your standard user—can create, send, and manage documents, but can’t mess with users or settings.
  • Viewer: Read-only access. They can look at docs but can’t edit or send.

Pro tip: You don’t need more roles than this. If you’re thinking about creating a dozen custom roles, stop. The built-in ones cover 95% of use cases.

Step 2: Add Users the Right Way

Adding users seems easy, but there are a couple things to watch out for:

  1. Go to Team Settings
  2. Click your profile icon in the bottom left, then “Team.”
  3. Invite Users
  4. Hit “Invite members.” Enter their email address and pick a role (see above).
  5. Set Their Default Workspace (if you use workspaces)
  6. If your account uses multiple workspaces (basically, silos for different departments or projects), pick the right one here.
  7. Send the Invite
  8. That’s it. Don’t overthink it.

What to ignore: Don’t invite people as admins “just in case.” If they need more access later, you can always upgrade them—but you can’t un-send a sensitive doc they shouldn’t have seen.

Step 3: Fine-Tune Permissions (But Only If You Have To)

By default, Pandadoc’s roles are pretty sensible. But if you need to get granular, here’s how:

  1. Open the Role Settings
  2. Go to “Team,” then “Roles & Permissions.”
  3. Pick a Role to Edit
  4. You can adjust what each role can do. For example, you can block Members from deleting docs or exporting PDFs.
  5. Toggle Permissions On or Off
  6. This is straightforward: flip the switches for what you want to allow or block.

Honest take: Unless you have a very specific compliance need, try not to over-customize. Every extra rule is another thing you’ll have to remember (and explain to new hires).

Step 4: Use Workspaces for Extra Separation

If your org has totally separate teams (say, HR and Sales), consider using Workspaces. Here’s what you need to know:

  • Each workspace has its own users and permissions.
  • Admins can be assigned per workspace. Someone who’s an admin in Sales won’t automatically be one in HR.
  • Docs and templates don’t cross over. This is good for privacy, but can be annoying if you need to share templates between teams.

When to use Workspaces: Only if you have genuinely separate groups who shouldn’t see each other’s stuff. If you’re just trying to organize things, use folders instead—it’s way less hassle.

Step 5: Review Who Can Do What—Regularly

People change roles, quit, or move teams. If you don’t check in on permissions now and then, you’ll end up with “zombie” accounts or people who have way more access than they need.

  • Once a quarter, review your user list.
  • Remove any inactive users.
  • Double-check who’s an admin. There should never be more than a handful.
  • Spot-check workspaces. Make sure only the right folks are in each one.

Pro tip: Set yourself a recurring calendar reminder. Seriously, nobody remembers to do this otherwise.

Step 6: Handle Sensitive Docs and Sharing

Sometimes you need to share a doc with someone outside your company. Pandadoc lets you do this, but it’s easy to slip up:

  • Use Document Roles: When sending a doc, set the recipient’s role (viewer, signer, etc.).
  • Double-check email addresses. Sounds obvious, but “typos happen” is a security incident waiting to happen.
  • Don’t send admin links externally. Only ever share public sign or view links with external folks.

What to ignore: Don’t waste time trying to encrypt docs inside Pandadoc—it’s handled on their end. Just focus on who you’re sharing with.

Step 7: Audit Logs and Tracking (If You Care)

Pandadoc keeps a log of who did what, which is handy if you ever need to prove who sent (or opened) a document.

  • Document History: Every doc has a history tab. Use it if you’re worried about who made changes.
  • Account Audit Logs: Available on some plans. Useful if you’re in a regulated industry, less so if you’re just wrangling contracts.

Honest take: Unless you’re in legal, HR, or finance, you’ll rarely need to dig through these. But it’s good to know they’re there.

What Works Well (And What’s Frustrating)

What works: - The built-in roles are enough for almost everyone. - Workspaces are powerful for keeping teams truly separate. - The UI is clear, so you’re not digging for settings.

Frustrations: - No custom roles beyond what’s built in (for most plans). - Sharing between workspaces is a pain. - Over-customizing permissions can get unwieldy fast.

Keep It Simple—And Don’t Set It and Forget It

User roles and permissions aren’t a “set and forget” thing. Keep it simple: use the default roles, only add admins you trust, and revisit your setup every few months. Don’t get sucked into the weeds unless you have a real reason.

The biggest security risk isn’t hackers—it’s letting the wrong person click “send.” Set your roles with that in mind, and you’ll avoid 99% of headaches.