Skip to main content

Adding users to objects, features, and modules

Roles and permissions

The following roles can add a user to an object, feature, or module:

  • Administrators

  • Compliance managers with manager permissions on an object, feature, or module can add a user to the object, feature, or module

  • Users with manager permissions on an object, feature, or module can add a user to the object, feature, or module

Throughout Hyperproof you’ll see many facepiles —areas that show you who is a member of the particular object, feature, or module you’re viewing. 

facepile-generic.png

Users must be explicitly added to objects, features, and modules to interact with them. Until they are added, they cannot access the object, feature, or module, or be assigned work.

What do non-members see?

Administrators do not automatically inherit access to all controls and labels.

Controls

Non-members, including administrators, of controls can see the control's name, description, domain, and owner, as well as linked programs, proof , risks, labels, and issues. They can also see members of the control.

They cannot see the control's health status, implementation status, testing status, freshness status, automation status, notes, custom fields, or its created/updated dates. In card view, the information is omitted from the card. In grid view, a gray pill is displayed as a placeholder for data that should not be seen. Note that non-members see a blank space in the custom field area instead of a gray pill.

Labels

Non-members, including administrators, of labels can see the label's name and description, as well as linked programs, controls, proof, and issues. They can also see members of the label.

They cannot see the label's freshness status, custom fields, or created/updated dates. In grid view, a gray pill is displayed as a placeholder for data that should not be seen. Note that non-members see a blank space in the custom field area instead of a gray pill.

Note

On the Overview dashboard, users only see statistics for controls and labels they are members of.

A note for Hyperproof API users

Public API calls to control and label endpoints only return basic details if the caller is not a member of those objects. If it's necessary to retrieve all data fields across all records, use the API Admin service account.

Refer to Enabling M2M API authentication.

Adding users to objects, features, and modules

By default, users are added with the object-level role of contributor. Contributors can share, add, edit, and remove files. They cannot manage content, members, or settings.

If you want to change the user’s object-level role to manager, click the facepile, locate the user, and then select Manager. Managers oversee content, members, and settings, and they can add, edit, share, and remove files.

  1. From the left menu, select the tab that corresponds with the object you want to add the user to. For example, if you want to add the user to a control, select the Controls tab.

  2. Select the specific object. For example, if you want to add the user to control ID 1234, select that control.

  3. Click the + icon in the upper-right corner.

    facepile-generic.png

    The Member access window opens.

  4. Select a user from the Name drop-down menu,

  5. From the Role drop-down menu, select the user's role.

  6. Click Add.

    The user is added to the object.

Additional permissions

  • Set as owner - Found on controls, the owner is the go-to contact person for the object.

  • Remove - If selected, the user is removed from the object. You can re-add them later if needed.

  • Leave - If selected, you are removed from the object.

  • Set as primary contact - Found in audits and programs, the primary contact is the go-to contact person for the audit or program. Both managers and contributors can be primary contacts.

  • Auditor - Found in audits, this role is designed specifically for external auditors. Auditors have limited permissions in Hyperproof.