Documents via link sharing should only be accessible to the intended recipient
Documents via link sharing should only be accessible to the intended recipient.
Varvara Baryshneva commented
" [I want PandaDoc] to provide a way to restrict the access to these letters. We use Constant Contact. We provide a link and that link takes them to the letter and they can open up the letter, they can save the letter onto their computer. I wanted to be able to have that link specifically for that individual only, so that when they open it, there's a way for us to check and say, it's going to John Smith and John Smith is the only one that should be able to open this letter. Also to be able to restrict printing or download."
Because PD will only accept user roles (and their emails) at the time of document creation, the email addresses are immediately tied to the document. Even when a document is shared via link, there are no restrictions on email sharing before the author is ready to share. If any PD user inadvertently selects ' send via email' at any point during their review process, the document is emailed to everyone with an assigned role. To lock this down, PandaDoc needs to allow users options to add user roles for email purposes after the approvals are completed. This is a very large concern, as we've had multiple incidents where confidential documents are shared.
AdminLori Nolen (Admin, PandaDoc) commented
Critical for my client: Darcy.Britt@sampled.com
The nature of the documents they are sending is very private and they dont want ANYONE that is not on the intended recipient list to be able to somehow get the link and open the document.
I really need help to solve this situation, my account and sub-accounts need to restrict this, I don't want that others peopel sign the documents out my recipients, is so easy send the link or the mail for other person signing and if you disable this add-on, doesn't matter the issue it remains the same
Please tells me about the solution.
Steve Hodson commented
Reasons this is needed:
1. It is quite easy to send the wrong link to the wrong person - that way a customer could sign off the sender's fields like pricing. When a recipient's email is already a pandadoc licensed user it would be very easy for Pandadoc to work out that they already have a login and make that link only accessible to that logged in user.
2. It is also easy for people to forward their links not using the forwarding feature - e.g. the customer forwards the link to their manager to sign. This results in contracts getting esigned by a person who isn't the person in the electronic signature verification. This would make it very hard to prove who signed the document in court and makes the whole electronic signature element rather pointless.
You would still want to make it easy for anyone to fill in and sign documents, but the additional security or checks would be good to make sure the person signing is the intended recipient.
Sniazhana Amelchanka commented
To restrict who can sign the document via the link generated for it.
AdminVirginia Simpson (Admin, PandaDoc) commented
Each recipient has a unique link to the document, which defines the recipient's rights and fields, which the specific recipient is authorized to fill in. Only the assigned recipient should be able to access the document via the unique link.