Restricting Envelope Access - docusignapi

The Permission Set option "Allow view and manage envelope rights through API" automatically gives the API user access to view all envelopes in the account regardless of who owns/sent the envelope. Is it possible to restrict the user to only access their own envelopes/folders?
We have multiple teams sharing a DocuSign account. One team wants to build an API integration but we can't allow them to access or view envelopes sent by other teams in the same account. Do we need to move this team with an API integration to a separate account?

Create a new Permission Set or do not assign any permission set to API user which has Allow view and manage envelope rights through API setting enabled. If a permission set assigned to an API user does not have Allow view and manage envelope rights through API setting enabled then that API user will not be able to see any other's envelopes.

Related

Notification when a new user requests to access a Project in Azure DevOps

When someone requests an access to a project in Azure DevOps(ADO), which usually happens when Project admins send a link to user via email or chat and they request for access by clicking on that link, we want the notification to add the user to organization should go to the org Admin and for the project it should go to the Project Admins.
Currently it is going to Project Collection Admins if the user is not in the ORG and no email is sent to the Project Admins. This is if the user tries to access the project through a link and is not added to the ORG.
Currently, the notifications only can be triggered when an user who has been invited into the Azure DevOps organization as a member does some operations in the organization.
If a user has not been invited into the organization, he cannot access the organization, cannot do anything in the organization, so there will no any notification for this user.
If you really want the notification when an uninvited user is trying to access your organization, you can try to report a feature request on Developer Community.
That will make it possible for you to interact with the appropriate Product Group, and make it more convenient for the Product Group to collect and categorize your suggestions.
[UPDATED]
When an uninvited user is trying to access a private project in an organization, This user first should gain the access to the organization, then to the project.
So, this user should first get the grant from the PCA (Project Collection Administrators) to access the organization, then get the grant to access the project.
The PCA also can grant users to access any projects in the organization. But the Project Administrators may do not have permissions to grant users to access the organization.

DocuSign Organization Create/Share Envelopes

I am using the DocuSign API to create envelopes. I have that working. The application I am writing is being used by an organization, with multiple people needing access to documents created within the organization. Each person accessing the application (and subsequently the DocuSign API) has their own DocuSign account, and has granted permission to the application to use their docusign account. When I create envelopes via the DocuSign API, I need the documents to be available to be managed by any user setup in the Orgniazation at DocuSign. As it is right now, every documents I create via the API is owned by the user who created the document, other users within the organization can view the envelope/documents if provided a link to navigate directly to at DocuSign, but can't do anything with those documents. Ex: If I create a draft as one user, I want to be able finish/send the draft as another user, and both of these users are part of the same organization.
Questions:
Can an organization own a document (instead of a user)? and how?
How can I share documents between all users within the organization, and allow all those other users permission to edit/manage those documents? The number of documents is constantly changing as multiple employees are creating and editing many documents each day.
Please find my response for both your queries:
Can an organization own a document (instead of a user)? and how?
Organization can never be the owner of the envelope, it has to be a user only.
How can I share documents between all users within the organization,
and allow all those other users permission to edit/manage those
documents? The number of documents is constantly changing as multiple
employees are creating and editing many documents each day.
Yes, you can share the envelopes among other users in your DocuSign account. Sharing is enabled and managed by your DocuSign administrator. If your account administrator has enabled sharing for you, you can view and help manage the envelopes that are shared with you. If you are not able to follow the procedures in this topic, check with your DocuSign account administrator to see if sharing is set up for you.
DocuSign Account's Admin has to follow steps as explained in this link to enable the sharing of the envelopes between different users in the accounts. Once it is correctly set, then you can view envelopes sent from other users in your DocuSign account.

DocuSign Signer Groups

Where should I go about creating and setting the signer groups as I am unable to see them in my DocuSign dashboard currently?
Can I create the signer groups in the API before defaulting them in the embed and send api?
First you should note that Signing Groups functionality is not available on all DocuSign account plans so you should first verify your account plan. Signing groups are available through sandbox accounts so you should be able to test at least.
To access Signing Groups click your profile icon in top right and go to Admin -> Groups. If using Classic UI, go to Preferences -> Account Admin -> Groups. You can create and configure your signing groups from there.
Here are some additional resources regarding DocuSign Signing Groups:
https://support.docusign.com/en/videos/Creating-and-using-Signing-Groups
https://www.docusign.com/supportdocs/cdse-user-guide/Content/advanced-sending/send-with-signing-groups.htm
https://support.docusign.com/guides/cdse-user-guide-sending-with-signing-groups

DocuSign API - "This User lacks sufficient permissions. Fail to resolve SendOnBehalfOf user" DocuSign Web API

We are allowing users who have created their accounts with DocuSign directly to connect to an integration we are providing. As a result, we have no control over the account settings in place for each account created.
We are using the SOAP API and our header is comprised as the following.
r.Headers.Add("X-DocuSign-Authentication",
string.Format("<DocuSignCredentials><Username>{0}</Username><Password>{1}</Password>" +
"<IntegratorKey>{2}</IntegratorKey></DocuSignCredentials>",
Email, Password, IntegratorKey));
On envelope creation everything works, however, on the following calls; RequestRecipientToken, RequestUrlSenderToken, and GetAuthenticationToken we are receiving the following error message, "This User lacks sufficient permissions. Fail to resolve SendOnBehalfOf user".
Do accounts created with DocuSign have the API rights enabled automatically? If not, how do you suggest we instruct them to enable them?
Is there a programmatic change we can make to avoid the issue?
It sounds like the BehalfOfUser may be lacking the proper permissions.
The DocuSign user associated with the element in your request must have the following permissions activated/checked in their DocuSign permission profile. As an DocuSign administrator select Preferences > Users. Find the send on behalf of user. Open their profile and check the permissions associated to them.
1) Within the Sending and Signing section, check 'Send Envelopes'
2) Witin the DocuSign API section, check 'Sequential Signing (API)'
Our implementation was correct but we were passing the wrong variables for that particular user. The header listed in the question can be followed for future implementations.

read/download all documents within corporate

Is there any account or method could read/download all documents within our corporate, not just those sent through API account?
or we have to add this API account as a copy recipient for all signing documents?
Your API user would have to have 'Account-Wide Rights' (the Administrator profile has this by default).
This setting would be under Users > 'API User' > Permissions
This will open up the access for that user to the entire accounts documents, not just the documents for that user.

Resources