Intended usage of Contributor field in a policy

Madhav Vemana · ‎04-21-2023

Hello,

Does anyone know how a "Contributor" field is meant to be used in a Policy as part of Policy and Compliance? Reference qualifier of this field has any user who has "sn_grc.business_user" role can be added as a contributor. But, GRC Business user does not have access to Policies module.

I could not find any reference to documentation.

Any thoughts would be much appreciated.

Thanks.

Jan Spurlin · ‎04-24-2023

That is a good question - and I didn't have a good answer - so I went to our experts, the Product Managers. Here is what I was told:

Contributor could be a SME who’s any business user in the organization and can help policy owner draft the policy, that’s why we have given them GRC business User role.

They can access draft policies where they have been mentioned as contributor from the risk portal (on employee center) as shown below. They are not supposed to go to workspace or Heisenberg interface. They should perform all their tasks from employee center and risk portal.

Employee center – GRC tasks:

Risk portal – when clicked on GRC tasks above:

‘My to-dos’ on risk portal takes them to task page which shows policies in draft state that they are assigned to:

View solution in original post

Community Alums · ‎04-22-2023

Hi @Madhav Vemana ,

It's a good question!!

The "Policies" module can be seen for users having "sn_compliance.reader" role.

and "sn_grc.business_user" doesn't contains "sn_compliance.reader" role, so it's won't be visible .

Also, Even if you share the URL of the policy, the user mentioned in the contributor field can't really do anything, whether the Policy is in "Draft" or "published "state.

Jan Spurlin · ‎04-24-2023

That is a good question - and I didn't have a good answer - so I went to our experts, the Product Managers. Here is what I was told:

Contributor could be a SME who’s any business user in the organization and can help policy owner draft the policy, that’s why we have given them GRC business User role.

They can access draft policies where they have been mentioned as contributor from the risk portal (on employee center) as shown below. They are not supposed to go to workspace or Heisenberg interface. They should perform all their tasks from employee center and risk portal.

Employee center – GRC tasks:

Risk portal – when clicked on GRC tasks above:

‘My to-dos’ on risk portal takes them to task page which shows policies in draft state that they are assigned to:

Madhav Vemana · ‎04-24-2023

Thank you Jan. Much appreciated.

As a Business user, I can access the Policy from Employee center and Risk portal views. But, it is unclear how a GRC business user can support the policy owner with authoring. None of the fields are editable for GRC Business user.

Does this only work if an organization is using O365 integration for policy authoring and redlining?

Feel free to let me know if i am missing something.

Thank you so much.

Jan Spurlin · ‎04-24-2023

The contributor field is explicitly meant for use with the O365 integration. It is not meant for any other type of editing.