Authorisation matrix
| Administrator | Third-party manager | Risk officer | Risk manager | Reviewer** | External reviewer | Auditor | Business owner* | Leadership | |
|---|---|---|---|---|---|---|---|---|---|
| Platform |
|
|
|
|
|
|
|
| |
| Company registration | x |
|
|
|
|
|
|
| |
| Organisation profile |
|
|
|
|
|
|
|
| |
| View organisation profile | x | x | x | x |
|
| x |
| |
| Edit organisation profile | x |
| x | x |
|
|
|
| |
| Users |
|
|
|
|
|
|
|
| |
| View user table | x | x | x | x |
|
| x |
| |
| Add users and assign roles | x |
|
|
|
|
|
|
| |
| Edit users and assigned roles | x |
|
|
|
|
|
|
| |
| Remove users | x |
|
|
|
|
|
|
| |
| Organisation model |
|
|
|
|
|
|
|
| |
| Module level |
|
|
|
|
|
|
|
| |
| View organisation model | x | x | x | x |
|
| x |
| |
| Add organisation elements | x |
|
|
|
|
|
|
| |
| Edit organisation elements | x |
|
|
|
|
|
|
| |
| Remove organisation element | x |
|
|
|
|
|
|
| |
| Roles on object level |
|
|
|
|
|
|
|
| |
| Responsible colleague |
| x | x | x |
|
|
| x | x |
| Requirements module |
|
|
|
|
|
|
|
| |
| Module level |
|
|
|
|
|
|
|
| |
| View organisation requirements | x | x | x | x |
|
| x |
| |
| Add organisation requirements | x |
| x | x |
|
|
|
| |
| Edit organisation requirements | x |
| x | x |
|
|
|
| |
| Remove organisation requirements | x |
| x | x |
|
|
|
| |
| Roles on object level |
|
|
|
|
|
|
|
| |
| Requirement manager |
|
| x | x |
|
|
|
| |
| Requirement owner |
|
| x | x |
|
|
| x | x |
| Risk officer |
|
| x | x |
|
|
|
| |
| Third-party management module |
|
|
|
|
|
|
|
| |
| Module level |
|
|
|
|
|
|
|
| |
| View third-parties / contracts | x | x | x | x |
|
| x | x | x |
| Add third-parties / contracts | x | x | x | x |
|
|
| x | x |
| Edit third-parties / contracts | x | x | x | x |
|
|
| x | x |
| Remove third-parties / contracts | x | x | x | x |
|
|
| x | x |
| Roles on object level |
|
|
|
|
|
|
|
| |
| Third-party / contract manager |
| x |
|
|
|
|
|
| |
| Business owner |
|
|
|
|
|
|
| x | x |
| Risk officer |
|
| x | x |
|
|
|
| |
| Risk register module |
|
|
|
|
|
|
|
| |
| Module level |
|
|
|
|
|
|
|
| |
| View risks | x | x | x | x |
|
| x | x | x |
| Add risks | x |
| x | x |
|
|
| x | x |
| Edit risks | x |
| x | x |
|
|
| x | x |
| Remove risks | x |
| x | x |
|
|
| x | x |
| View audit log | x | x | x | x |
|
| x | x | x |
| Roles on object level |
|
|
|
|
|
|
|
| |
| Risk owner |
| x | x | x |
|
|
| x | x |
| Incident register module |
|
|
|
|
|
|
|
| |
| Module level |
|
|
|
|
|
|
|
| |
| View incidents | x | x | x | x |
|
| x | x | x |
| Add incidents | x |
| x | x |
|
|
| x | x |
| Edit incidents | x |
| x | x |
|
|
| x | x |
| Remove incidents | x |
| x | x |
|
|
| x | x |
| View audit log | x | x | x | x |
|
| x | x | x |
| Roles on object level |
|
|
|
|
|
|
|
| |
| Incident owner |
| x | x | x |
|
|
| x | x |
| Internal response coordinator |
| x | x | x |
|
|
| x | x |
| Assessment module |
|
|
|
|
|
|
|
| |
| Module level |
|
|
|
|
|
|
|
| |
| View assessments | x | x | x | x | x | x | x |
| |
| Create assessments | x | x | x | x |
|
|
|
| |
| Edit assessments | x | x | x | x |
|
|
|
| |
| Remove assessments | x | x | x | x |
|
|
|
| |
| Review assessments | x | x | x | x | x | x |
|
| |
| View assessment templates | x | x | x | x |
|
| x |
| |
| Add assessment templates | x |
| x | x |
|
|
|
| |
| Edit assessment templates | x |
| x | x |
|
|
|
| |
| Remove assessment templates | x |
| x | x |
|
|
|
| |
| Roles on object level |
|
|
|
|
|
|
|
| |
| Internal reviewer | x | x | x | x | x | x |
|
|
* Business Owners can only see the records (incidents, risks, remediation plans, contracts, third parties, and assessments) assigned to them.
** Reviewers can only see the ecosystem assessments assigned to them.