Setting Up the Agreement Managers Group
While it is possible to have only one agreement manager, it is recommended that you create a user-defined group for ease in managing agreement managers. Create the agreement managers group in the site context because agreements can be managed from the site context to include objects from multiple organizations. After the group has been created, it must be specified in the AgreementManagersGroup element of the security labels configuration file. Since the internal name of the group is required for the configuration to work, the group needs to be created before agreements are enabled.
Agreement managers do not need to be context, organization, or site administrators to have access to the
Agreements page on all tabs. With the appropriate permissions, agreement managers are able to see the
Site and
Organizations contexts, but only have access to the
Agreements page unless the participant is also a site or organization administrator. For more information, see .
When choosing participants for the agreement managers group, make sure to have at least one participant that is also an authorized participant for each of the security label values. For example, in the sample configuration, the Highly Trusted Employees group is also a member of the Internal Personnel and the Employees groups. At a minimum there should be an agreement manager who is a member of the US Persons group and the Highly Trusted Employees group. There could be as few as one agreement manager who is a member of all security label value authorized participant groups, or there could be multiple agreement managers, each with clearance for certain label values. If your site has multiple organizations, you should have a site administrator or at least one member from each organization as a member of the agreement managers group. By doing so, you ensure that objects from multiple organizations can be associated with an agreement created in the site context.