Hi @Prashant64 ,
sn_grc.user : Provides access to the GRC suite of applications and modules.
sn_grc.business_user : This role is a part of the GRC Profiles application. It should be assigned to users who require access only to GRC applications in the context of performing tasks assigned to them. For example, a business user who needs to respond to an attestation or risk assessment, or who needs to remediate an issue may require this role. Users with this role are provided with limited access to data and to information relevant to their assigned tasks.
Starting with the 14.x release, the following permissions are available to the users with the sn_grc.business_user role:
- Accept work and approve evidence responses.
- Assign remediation task.
- Acknowledge policies.
- Contribute to policies.
- Group and ungroup attestations.
- Request and approve policy exceptions.
- Report issues.
- Respond to observations.
- Submit and request issue triages.
- Take attestation.
Contributor could be a SME who’s any business user in the organization and can help policy owner draft the policy, that’s why we have given them GRC business User role.
They can access draft policies where they have been mentioned as contributor from the risk portal (on employee center) as shown below. They are not supposed to go to workspace or Heisenberg interface. They should perform all their tasks from employee center and risk portal.
Employee center – GRC tasks:
Risk portal – when clicked on GRC tasks above:
‘My to-dos’ on risk portal takes them to task page which shows policies in draft state that they are assigned to:
