Security inside of UCM has traditionally been handled through a combination of Folder and Contract Type permissions that either grant or deny access to the Contracts located in them. As of late 2019 however, you now have the ability to override these permissions on a per contract basis using Additional Access. This new feature will allow you to assign Users to have either Read-Write or Read-Only permissions from right within the Contract Container itself.

If you already have an existing Security Structure set up with Folders and/or Contract Types, this new feature changes nothing about how security has always worked. This is simply an easier way to handle those "one-off" cases where someone needs access to a Contract that their normal permissions would not allow.

For Administrative Set-Up Options, click HERE.

For a full Video Guide, click HERE.

Granting Access From a Container

The Additional Access section will be visible to everyone who can see the Contract Container, but only those with the permissions to grant Additional Access will be able to bring up the selector screen. By default, only Administrators will be able to grant Additional Access from a Container. Full-Access Users can be given the ability to though by an Administrator. Instructions for how to enable that permission can be found using the link above to Administrative Set-Up Options.

You'll know if you have the ability to grant Additional Access if you are able to click on the Additional Access link (1), and the selector screen comes up (2)


Let's cover the elements of that selector screen:


  • (A) Select Users: In this column, will be all of your Full-Access & Read-Only Users. Administrators, No-Login, and Template-Only Users will not display in this list.
    • (B) Reviewers & Notify: You can select Contract Reviewers and Notify on Stage Update to grant access to any users assigned to those features. This will be a time saver if you have multiple people assigned to either, you do not need to manually select each user again. 
    • (C) Titles: You can use the Titles of Owner, Primary, Secondary, and Tertiary just like you would for Workflow or Milestone notifications. Whichever User is placed under that role will have access
    • (D) Named Users: Finally, you can of course select a specific User to grant access to as well.
  • (E) Read-Write: Will take any selected Users from either the Selection column (A) or the Read-Only Column (F) and place them in the Read-Write column.
  • (F) Read-Only: Will take any selected Users from either the Selection column (A) or the Read-Write Column (E) and place them in the Read-Only column.
  • (G) Remove Selected: Will remove any selected Users from the column to its right
  • (H) Clear All: Will clear all Users from the column to its right
  • (I) Warning Message: A message letting you know that Read-Only Users will never be able to be granted Read-Write permissions, even if they are placed in the Read-Write column.

If you have Users assigned to be granted access, you'll be able to see the number of Users or Titles assigned in parenthesis, and by clicking on the link (A), you will get a list of all the Users in a small pop-out window (B)


If a User is logged into UCM when they are granted Additional Access to a Contract, they will not be able to access it until they either click the Security Refresh icon in the top right of the screen above Global Search (A), or by simply logging out and back in.


Granting Access to Multiple Containers 

If you need to grant Additional Access to the same set of Users or Titles across multiple Contract, you can do so using the Modify Contract Action.  Details about Contract Actions can be found HERE

Once you've selected the Contracts you want to grant access to, either with a View or just manual selection, and selected Modify Contract from the Action dropdown, you'll now see the same Additional Access link that appears in the Container.


Everything works the same as it does from the Container itself, with one small difference. In the bottom left corner, you have two radio buttons, Add Users and Replace Users (A), and one icon, Clear All Users (B).


The radio buttons determine what will be done with the Users who are placed in the Read-Write and Read-Only columns:

  • Add Users - Adding Users will simply add the Users in the Read-Write and Read-Only columns to the selected Contracts. Any Users who have already been granted Additional Access will remain.


  • Replace Users - By replacing Users, you will remove any Users who have previously been granted Additional Access, and only the Users who you currently have selected will have Additional Access.


  • Clear All Users - This option will not apply any new Additional Access, just remove any and all Users currently granted Additional Access to the selected Contracts. This can be used as a "reset" of sorts for your Additional Access.


Bulk Loading Additional Access Users

If you feel that you need to use the Bulk Loader to help grant Additional Access to Contracts in your system, please Contact