The roles section of the platform is accessed through Settings by clicking on the user drop-down located in the top right corner of the screen. Next, in the middle of the screen under ‘Organizational Settings’, click ‘Role Management’. This brings us to the page listing the platform's default roles, allows us to create new roles, and export the list of roles (just the name, not the permission settings) along with their description into a spreadsheet. The role management page is shown below:
Default Roles
Default roles within the platform are Account Admin, AD Default Role, Control Operator, and Control Owner.
The Account Admin role can do nearly everything possible within the platform. Exceptions to this are editing the Audit History and assigning User Permissions at the system level (this is the Control Owner’s job). For other modules, such as the Vendor Management Module, there are additional default roles that will be visible, details on the default roles will be added to the Vendor Management Overview soon.
The AD default role exists solely as a default designation for new users when they first log onto the platform, this is eventually changed to a different role in user management or requests if using SSO.
By default, the Control Operator and Owner accounts have very similar settings. The option to change these default permission settings is done when assigning User Permissions to controls in a specific compliance system under Options | User Permissions at the system level. The table below shows the default roles and its settings:
|
| Account Admin | AD Default Role | Control Operator | Control Owner | ||||
| Permission | Edit | View | Edit | View | Edit | View | Edit | View |
Application Setting Permissions | Global Notification Management |  |  | ||||||
| Update Notification |  |  | |||||||
| Deactivate Notification |  |  | |||||||
| Password Policy |  |  | |||||||
| System Use Notification |  |  | |||||||
SMTP Settings |
|
|
|
|
|
|
|
| |
Role Management |
|
|
|
|
|
|
|
| |
Create and Update Role |
|
|
|
|
|
|
|
| |
Delete Role |
|
|
|
|
|
|
|
| |
User Management |
|
|
|
|
|
|
|
| |
Create and Update User |
|
|
|
|
|
|
|
| |
Delete User |
|
|
|
|
|
|
|
| |
Framework Management |
|
|
|
|
|
|
|
| |
Create and Update Custom Framework |
|
|
|
|
|
|
|
| |
Delete Custom Framework |
|
|
|
|
|
|
|
| |
Organization Info |
|
|
|
|
|
|
|
| |
Audit History | NA |
|
|
|
|
|
|
| |
|
| Account Admin | AD Default Role | Control Operator | Control Owner | ||||
| Permission | Edit | View | Edit | View | Edit | View | Edit | View |
Compliance Management Permissions | Overview | NA |
|
|
|
|
|
|
|
Requirement |
|
|
|
|
|
|
|
| |
Summary |
|
|
|
|
|
|
|
| |
Control |
|
|
|
|
|
|
|
| |
Add Comment |
|
|
|
|
|
|
|
| |
Control Assessment |
|
|
|
| |
|
|
| |
Control Assignment |
|
|
|
| |
| |||
Maturity Definition |
| |
|
|
|
|
|
| |
Guidance |
|
|
|
|
|
|
|
| |
Add & Update |
|
|
|
|
|
|
|
| |
Delete |
|
|
|
|
|
|
|
| |
Artifact Request |
|
|
|
|
|
|
|
| |
Custom Tab |
|
|
|
|
|
|
|
| |
Test Case |
|
|
|
|
|
|
|
| |
Timeline |
|
|
|
|
|
|
|
| |
| Bulk Operations |  |  | |||||||
| Change Assignment |  |  | |||||||
Artifacts |
|
|
|
|
|
| |
| |
Add & Update Folder |
|
|
|
|
|
| |
| |
Delete Folder |
|
|
|
|
|
|
|
| |
Add & Update Artifact |
|
|
|
|
|
|
|
| |
Delete Artifact |
|
|
|
|
|
|
|
| |
Attached With Controls |
|
|
|
|
|
|
|
| |
Framework Editor |
|
|
|
|
|
|
|
| |
Update Control Language |
|
|
|
|
|
|
|
| |
Update Test Case Language |
|
|
|
|
|
|
|
| |
Assignments |
|
|
|
|
|
|
|
| |
Notification Events |
|
|
|
|
|
|
|
| |
Enable/Disable Control |
|
|
|
|
|
|
|
| |
POA&M |
|
|
|
|
|
|
|
| |
Advanced Configuration |
|
|
|
|
|
|
|
| |
Edit System |
|
|
|
|
|
|
|
| |
Copy System |
|
|
|
|
|
|
|
| |
Delete System |
|
|
|
|
|
|
|
| |
Archive System |
|
|
|
|
|
|
|
| |
Add/Reorder Requirements |
|
|
|
|
|
|
|
| |
Risk & Maturity |
|
|
|
|
|
|
|
| |
System Categorization (Rev. 4) |
|
|
|
|
|
|
|
| |
User Permissions | NA |
|
|
|
|
|
|
| |
Asset |
|
|
|
|
|
|
|
| |
Characterization (Rev. 4) |
|
|
|
|
|
|
|
| |
|
| Account Admin | AD Default Role | Control Operator | Control Owner | ||||
| Permission | Edit | View | Edit | View | Edit | View | Edit | View |
Manage System |
|
|
|
|
|
|
|
| |
Document Management | Create & Update Document |
|
|
|
|
|
|
|
|
Delete Document |
|
|
|
|
|
|
|
| |
Manage report | Report |
|
|
|
|
|
|
|
|
Asset Management | Asset Management |
|
|
|
|
|
|
|
|
Map Framework | Map Framework |
|
|
|
|
|
|
|
|
Manage SCAP | SCAP |
|
|
|
|
|
|
|
|
| Manage Custom SOR | Custom SOR (this is expandable and will list any custom SORs that were created - can give permissions to specific SORs through custom roles |  |  | ||||||
| Vendor Management | Edit Vendor |  |  | ||||||
| Add or Import Vendors |  | ||||||||
| Assess Criticality |  |  | |||||||
| Assign Assessment |  |  | |||||||
| Manage Vendors |  |  | |||||||
| Assessments |  |  | |||||||
| Vendor Issues |  |  | |||||||
| Vendor Settings |  |  | |||||||
| Delete Vendor |  | ||||||||
| Policy Management | Policy Management |  |  | ||||||
Adding a new role to the Role List
In addition to utilizing the platform's default roles, Admins may create a new customized role by clicking the orange +New Role button on the top right of the roles list screen, below the instance drop-down. This brings us to a form allowing us to enter the role name and description, as well as edit the permissions (shown below).
Clicking the arrow to the left of the permission category name expands the list and presents ‘Edit’ and ‘View’ check boxes for each of the permissions in the table above. Clicking the orange Save button at the top right, below the instance drop-down, is needed to preserve the configuration.
Exporting the Role List
The Role List can be exported via spreadsheet by clicking the green excel icon to the right of the search bar.