Organizational roles and permissions
There are four organizational roles within Hyperproof:
Administrator
An administrator manages the organization, its compliance managers, and its users. Administrators can create and join objects within the organization without needing permission.
Compliance manager
A compliance manager can create and manage new programs within an organization.
User
A user can read and list objects within an organization.
Limited access user
A limited access user can only see objects they have been added to by another user or objects where they have inherited access. This user can create work items and add proof. For example, limited access users do not see comprehensive lists of programs or controls, they have more concise lists consisting of the programs or controls where they are members. The Overview dashboard page is never visible to limited access users.
External auditor
External auditors can only view and interact with audits that they've been explicitly added to.
What is a contact?
A contact is defined as someone relevant to your organization , such as someone who provides proof, but does not require full access to the organization. Instead of adding the individual as a user, they can simply be added as a contact. Any member of the organization can add a contact.
An important distinction to make is the difference between a user and a contact. In short, users are expected to use Hyperproof, and are given login credentials to do so, while contacts are not intended to use Hyperproof at all. Administrators can upgrade a contact to a user at any time.
Refer to Working with contacts for more information.