User - Manager permissions
User-managers can do the following:
Action | Yes | No |
|---|---|---|
Open an access review (if tile is visible) | X | |
Edit access review details:
| X | |
Create, view, and delete applications (if visible) | X | |
Link and unlink controls or labels | X | |
Import records | X | |
Create and delete tasks | X | |
Generate access review proof | X | |
Archive and unarchive an access review | X | |
Create an access review | X | |
Join an access review facepile | X | |
Edit 'Maintain access' and 'Access notes' | X | |
Edit 'Access updated' and 'Admin notes' | X |
Action | Yes | No |
|---|---|---|
Create an assessment | X | |
Link controls or requirements to or from an assessment they're a member of | X | |
Add members to an assessment they're a member of | X | |
Export proof from an assessment they're a member of | X | |
Export an assessment they're a member of | X | |
Use the assessment's Activity Feed | X | |
Archive and unarchive an assessment they're a member of | X |
Action | Yes | No |
|---|---|---|
Edit an audit they've created or are a member of | X | |
Add members to an audit they're a member of | X | |
Use the audit's Activity Feed | X | |
Archive and unarchive an audit they're a member of | X | |
Export proof from an audit they're a member of | X | |
Export an audit they're a member of | X | |
Create an audit | X |
Action | Yes | No |
|---|---|---|
Create a control | X | |
Edit a control they're a member of, including control health | X | |
Turn on and edit freshness on a control they're a member of | X | |
Link and unlink requirements, proof, labels, tasks, and risks to or from a control they're a member of | X | |
Add members to a control they're a member of | X | |
Use the control's Activity Feed | X | |
Create and maintain a Hypersync or repeating task on a control they're a member of | X | |
Add notes to a control they're a member of | X | |
Add a scope assignment to a control they're a member of | X | |
Import and export a control they're a member of | X | |
Archive and unarchive a control they're a member of | X | |
View program-level controls they're not a member of | X | |
Use the crosswalk view | X | |
View controls they're not a member of | X | |
Import scopes or scope assignments | X |
Action | Yes | No |
|---|---|---|
Create an evaluation | X | |
Add members to an evaluation they're a member of | X | |
Import and export an evaluation they're a member of | X | |
Archive and unarchive an evaluation they're a member of | X | |
Link proof and affected objects to an evaluation they're a member of | X | |
Unlink proof and affected objects from an evaluation they've created | X | |
Link and unlink a task to or from an evaluation they're a member of | X | |
Use the evaluation's Activity Feed | X |
Action | Yes | No |
|---|---|---|
Create an issue | X | |
Edit an issue they're a member of | X | |
Add members to issues they're a member of | X | |
Archive and unarchive an issue they're a member of | X | |
Import and export an issue they're a member of | X | |
Use the issue's Activity Feed | X | |
Link and unlink proof to or from an issue they're a member of | X | |
Link and unlink affected objects to or from an issue they're a member of | X | |
Customize an issue's health | X |
Action | Yes | No |
|---|---|---|
View the list of policies | X | |
Set policy due date | X | |
Add a policy | X | |
Add versions to a policy | X | |
View current and previous versions of the policy document | X | |
Add or replace a policy document in a version | X | |
Add or remove proof from a policy version | X | |
Download a policy document | X | |
Link or unlink controls from a policy | X | |
Add an issue to a policy | X | |
Export the effective policy document | X | |
Add users to a policy | X | |
Edit policy details Note: Fields that are editable on the Details tab vary based on your role and the permissions you have been assigned. | X | |
Bulk edit policies | X | |
Change a policy owner | X | |
Configure a policy approval | X | |
Archive or unarchive a policy | X |
Action | Yes | No |
|---|---|---|
Turn on program health | X | |
Edit program details | X | |
Add members to a program they're a member of | X | |
Use the program's Activity Feed | X | |
Link and unlink controls and proof to or from requirements | X | |
Add related requirements | X | |
Export a program | X | |
Export proof from a program | X | |
Archive and unarchive a program | X | |
Export requirements | X | |
Export a SSP report | X | |
Create a new program or a custom program | X | |
Create and manage custom fields | X | |
Customize program health and tooltips | X | |
Import and manage scopes | X | |
Jumpstart a new program | X | |
Delete proof from a requirement | X | |
Create groups | X |
Tip
For information on private proof, see Private proof.
Action | Yes | No |
|---|---|---|
Add proof at the organizational level | X | |
Download proof | X | |
View proof they've uploaded or via inherited access from a linked object | X | |
Create a new label r | X | |
Import and export a label they're a member of | X | |
Edit a label they're a member of, including label details | X | |
Link and unlink controls, proof, and tasks to and from a label they're a member of | X | |
Create and maintain a Hypersync or repeating task on a label they're a member of | X | |
Manage freshness on a label they're a member of | X | |
Add members to a label they're a member of | X | |
Use the label's Activity Feed | X | |
Archive and unarchive a label they're a member of | X | |
View labels they're not a member of | X |
Note
The actions below pertain to users with manager permissions who are members of the Vendor Register.
Action | Yes | No |
|---|---|---|
Create a questionnaire | X | |
Import and export a questionnaire | X | |
View and edit a questionnaire | X | |
Send and cancel a questionnaire | X | |
Send a questionnaire to multiple vendors | X | |
Send a questionnaire reminder to a vendor | X | |
Link and unlink labels to or from a questionnaire | X | |
Archive and unarchive a questionnaire | X | |
Use a questionnaire's Activity Feed | X |
Note
To view request proof, users must fall into one of three categories:
Be a manager of the audit - In the Audits module, managers have access to all proof within an audit.
If you are the manager of a request, but a contributor of the audit without any inherited access, you cannot view proof linked to the request. This helps protect sensitive data that some users shouldn’t see. As a result, only managers can export audit proof.
Have inherited manager access from a control or label
Have inherited contributor access from a control or label
Further, external auditors can only view the Proof and Audits tabs, and can only view proof when a request’s status is set to Submitted to auditor.
Action | Yes | No |
|---|---|---|
Create a request | X | |
Edit a request they're a member of | X | |
Add members to a request they're a member of | X | |
Import and export a request they're a member of | X | |
Link and unlink proof to or from a request they're a member of | X | |
Link and unlink affected objects to or from a request they're a member of | X | |
Link and unlink a task to or from a request they're a member of | X | |
Change the status of a request they're a member of | X | |
Archive and unarchive a request they're a member of | X | |
Use a request's Activity Feed | X | |
Link and delete attachments to or from a request they're a member of | X | |
Convert attachments to proof on requests they're a member of | X |
Note
The actions below pertain to users with manager permissions who are members of the Risk Register.
Action | Yes | No |
|---|---|---|
Create a risk | X | |
View Risk Registers they're a member of | X | |
Import and export risks | X | |
Add members to a Risk Register they're a member of | X | |
Edit risks | X | |
Use the Risk Register's Activity Feed | X | |
Use a risk's Activity Feed | X | |
Edit risk health | X | |
Edit the owner of a risk | X | |
Link and unlink controls, proof, labels, and tasks to or from a risk | X | |
Create notes on a risk | X | |
Archive and unarchive a risk | X | |
Upgrade to advanced mitigation | X | |
Customize the Risk Register | X | |
Create a new Risk Register | X |
Action | Yes | No |
|---|---|---|
Create a task or a repeating task | X | |
Duplicate a task they're a member of | X | |
Import a task or a repeating task | X | |
Export a task | X | |
Link and unlink proof to or from a task they're a member of | X | |
Add members to a task they're a member of | X | |
Edit a task or repeating task they're a member of | X | |
Delete a task or repeating task they're a member of | X | |
Change the target of a task or repeating task | X | |
Use a task or repeating task's Activity Feed | X | |
Add or edit an approval for a task they didn't create | X | |
Delete a task or repeating task they didn't create | X | |
Delete proof from a task or repeating task | X | |
Edit a task they didn't create (they can change the assignee, however) | X | |
Edit a repeating task they didn't create | X | |
Add members to a task or repeating task they didn't create | X |
Note
The actions below pertain to users with manager permissions who are members of the Vendor Register.
Action | Yes | No |
|---|---|---|
Add a new vendor | X | |
Add a vendor contact | X | |
Add members to the Vendor Register | X | |
Add and edit a vendor owner | X | |
Import and export vendors | X | |
Edit vendor information | X | |
Link and unlink a task to or from a vendor | X | |
Archive and unarchive a vendor | X | |
Edit the vendor category | X | |
Edit the vendor status | X | |
Edit contract dates | X | |
Edit vendor tolerance and risk | X | |
Use a vendor's Activity Feed | X |