A single DocuSign setting can expose far more contract data than you expect. One broad role, shared folder, or connected app can open the door to drafts, signed agreements, templates, and audit trails.

That’s why a DocuSign permissions audit has to look at the whole access chain, not just user names. If you only review admins, you can miss inherited access, group rights, or integration accounts that see everything in the background.

Start with the contract data that needs real protection

Before you review settings, define what counts as sensitive. In most accounts, that includes signed agreements, unsigned drafts, templates with legal language, recipient details, payment terms, attachments, and completion certificates.

Once you know the data, map who truly needs it. Legal may need full visibility. Sales may need only their own envelopes. Finance may need final signed copies, not template libraries. HR may need employee agreements, but not vendor contracts.

This step matters because access reviews fail when they start with roles instead of data. A user can look harmless on paper and still see every contract through a shared folder or delegated admin rights.

A good target is simple: each access path should match a clear business need. If you cannot explain why someone needs access, the access is probably too broad.

Audit roles and user access before anything else

Start with the user list, then compare it with current job duties. Look for active employees, contractors, former staff, and service accounts. Remove anyone who changed teams or left the company.

In DocuSign, check account-level roles and permissions, especially anything that lets a user view agreements beyond their own work. One common setting to review is “Give Users Permission to View All Agreements” in Agreement Manager. If that permission is on, treat it as a high-risk flag until you confirm the need.

Use a recurring access review cycle so the account does not drift over time. A practical reference is this DocuSign user access review guidance, which follows the same idea many security teams use for SaaS recertification.

Use this quick checklist while you review users and roles:

• Compare assigned roles with the person’s current job.
• Flag anyone with view-all rights.
• Remove stale accounts, especially contractors and temporary users.
• Confirm delegated admins still need their scope.
• Check whether shared mailboxes or group inboxes still have access.

Permission sprawl grows when roles, folders, and integrations are managed by different teams.

Check groups, shared folders, and templates for hidden reach

Groups are where many DocuSign accounts get messy. If group-level permissions are broad, every member may inherit the same access, even when only a few people need it.

DocuSign’s local groups and security settings notes that permissions set at the group level apply to everyone in the group. That means one over-permissioned group can expose a large set of contracts fast.

Shared folders deserve the same attention. Check who can open them, who can move files into them, and who can download the contents. A folder that started as a legal workspace often grows into a catch-all for sales, finance, and operations. That is a common path to accidental exposure.

Templates are another blind spot. A template can reveal clause language, routing rules, signer defaults, and internal labels. If a user can edit a template library, they may also learn how sensitive contracts are structured.

Look for these risky setups:

• A legal template folder open to the whole revenue team.
• A shared folder used by multiple departments with no review owner.
• Template admins who can also view completed agreements.
• Group membership tied to a mailing list that no one updates.

The rule is simple. If a shared resource is not tightly owned, it tends to grow access over time.

Review integrations, delegated access, and inherited permissions

Integrations can widen access more than people expect. A CRM sync, HR feed, e-signature connector, or API user may pull agreement data into another system. That can expose contract details outside DocuSign, even if the original account looks clean.

Treat every integration token like a key. Ask what it can read, what it can write, and which objects it touches. If a service account can view all envelopes, attachments, or completion data, narrow that scope until the account only sees what it needs.

Inherited permissions need equal attention. A user might not have direct access, but they can inherit it through a group, department sync, or delegated admin relationship. When that happens, the risk usually hides in the parent object, not the individual account.

This is where audit logs help. Review user and group changes after new hires, role moves, integration updates, and bulk imports. Sudden permission spikes often point to a sync issue or an old group rule that nobody removed.

Spot risky permission patterns fast

A side-by-side view helps you catch weak spots faster. Use it during the review, then decide which items need immediate cleanup.

Access surface	What to inspect	Common risk
Roles	View-all, admin, delegated admin, sender rights	Users can see more agreements than their job needs
Groups	Group membership, inherited access, stale members	One broad group exposes many users at once
Shared folders	Folder owners, download rights, external sharing	Sensitive files become easy to copy or forward
Templates	Template editors, libraries, routing rules	Internal clauses and defaults become visible
Integrations	API users, service accounts, sync scopes	Contract data appears in connected systems

The pattern to watch is overlap. If one user can view agreements through a role, a group, and an integration, the account is overexposed even if each setting looks acceptable by itself.

Fix the access model, then keep it clean

Once you find a gap, fix the root cause instead of patching the symptom. Start with the highest-risk access, then work down the stack.

1. Remove broad view-all permissions from anyone who does not need them.
2. Rebuild groups around current functions, not old org charts.
3. Split template admins from contract viewers when those jobs are different.
4. Tighten shared folders so membership stays small and owned.
5. Reduce integration scopes and rotate credentials after the change.
6. Recheck the audit log for changes that happened during cleanup.

Document each change, who approved it, and why it was made. That gives you a clean record for compliance and future reviews.

If your DocuSign account connects to other business systems, pair this work with IAM recertification, SaaS offboarding, and contract retention reviews. Related Bud Consulting topics often include access review planning, identity hygiene, and contract data controls, which fit well alongside this audit.

For teams that want help sorting the permissions model, Book a Discovery Call with Bud Consulting.

Conclusion

A strong DocuSign permissions audit starts with the data, then follows every path that can reach it. Roles matter, but groups, folders, templates, integrations, and inherited rights often create the real exposure.

If one person can reach every agreement, the account is too open. If each access path matches a clear job need, contract data stays where it belongs.