Organization, Roles & Multi-Tenancy
Understand how Plannorium Sign partitions sub-accounts, enforces Role-Based Access Control (RBAC), and guarantees complete cryptographic data isolation across tenants.
1. Sub-Account Contexts
Enterprise platforms can manage distinct organization contexts. Sub-accounts act as isolated environments with separate API keys, consent configurations, custom clinical branding, and independent webhook targets. Team members switch their active organization scope inside their Console account to transition contexts seamlessly.
2. Role-Based Access Control (RBAC)
Access permissions are securely evaluated against the user's active role. Scopes define the level of authorization:
| Role | Access Level | Permission Tags Checked |
|---|---|---|
| owner | Full account control, billing, BAA agreements | * |
| admin | Manage configs, invite clinicians, view full audit logs | contracts:*, consent:*, invite:* |
| member | Create/send signature requests, review intake state | contracts:view, consent:view, consent:sign |
3. Inviting Team Members
Administrators and owners can invite doctors, clinical coordinators, or administrative representatives to their organization sub-accounts. Invitations trigger a secure onboarding email flow containing context-scoped invitation tokens.
4. Multi-Tenant Security & Isolation
Because clinical security and HIPAA integrity require zero exposure of cross-organization entities, the system partitions every operation:
API Key Scoping
Every generated API key maps uniquely to its creator organization ID. Intercepted request headers querying resources outside the matching company context automatically return standard authorization errors.
Request Constraints
Data queries enforce organization boundary parameters on every transaction. Standard operations always filter queries by the authenticated organization context before executing read or write actions.
Security Guarantee
Plannorium Sign leverages separate organization lookup filters and strict CORS restrictions to guarantee that no organization, member, or developer can access or modify another entity's digital templates, signed agreements, or webhook logs.