Assigning Policy and Compliance Management roles to your users
Before you can successfully implement or use the Policy and Compliance Management application, you must assign roles to your users.
Before you begin
Role required: admin
Procedure
- Navigate to All > User Administration > Users.
- Click the name of a user.
- Click the Roles tab.
- Click Edit.
- Move the roles you want to assign to the user from the Collection side to the Roles List, then click Save.
-
Repeat these steps for each of your users.
For a comprehensive list of compliance users, see Roles installed with GRC: Policy and Compliance Management.
Role title [name] Description Compliance Reader [sn_compliance.reader]
The Compliance Reader has read-only access to all modules of the Policy and Compliance Management application. This role is typically assigned to users who need to see what policies and controls are within the organization. Users with the reader role are also often responsible for reporting and monitoring activities.
The Compliance Reader role contains: sn_grc.reader.
Compliance User [sn_compliance.user]
The Compliance User, often referred to as the Compliance Analyst, has permissions enough to fulfill virtually any policy- or control-related task. Users assigned this role are often responsible for:- Creating new policies
- Requesting policy exceptions
- Responding to acknowledgement requests
- Creating controls objectives and relating them to policies
- Testing and monitoring control effectiveness
- Attesting controls
- Remediating issues
- Assisting with risk assessments and audit tasks
The Compliance User role contains:- sn_grc.reader
- sn_grc.user
- sn_compliance.reader
Note:Users with the Compliance User role can be assigned controls, and have read-only access to the Risk Management application and modules.Compliance Manager [sn_compliance.manager]
The Compliance Manager is responsible for managing the day-to-day compliance process.
Users assigned this role are often responsible for:
- Reviewing specific regulatory requirements and trends
- Determining which regulations require a policy
- Approving policies and policy exceptions
- Setting up a policy acknowledgement campaign
- Scoping controls using entity types and entities
- Creating and assigning attestations
- Continuously monitoring control effectiveness
- Compiling and sharing reports highlighting data, such as non-compliant controls
The Compliance Manager role contains:- sn_grc.reader
- sn_grc.user
- sn_grc.manager
- sn_compliance.reader
- sn_compliance.user
Compliance Administrator [sn_compliance.admin]
The Compliance Administrator administers the Policy and Compliance Management application.
Users assigned this role are often responsible for:- Monitoring platform dependencies with other applications and modules
- Controlling all compliance data
The Compliance Administrator role contains:- sn_grc.reader
- sn_grc.user
- sn_grc.manager
- sn_grc.admin
- sn_compliance.reader
- sn_compliance.user
- sn_compliance.manager
Compliance Developer [sn_compliance.developer]
The Compliance Developer is responsible for maintaining various aspects of the platform, such as creating workflows, reports, dashboards, additional modules, and other platform-specific content that can enrich the application. The Compliance Developer role contains:- sn_grc.reader
- sn_grc.user
- sn_grc.manager
- sn_grc.admin
- sn_grc.developer
- sn_compliance.reader
- sn_compliance.user
- sn_compliance.manager
- sn_compliance.admin
Attestation Creator sn_compliance.attestation_creator
The Attestation Creator is responsible for creating and maintaining attestations. Attestations are one of the platform components used to attest controls and it is essential for keeping them lean, precise, and up-to-date.
What to do next
Return to the Policy and Compliance Management setup checklist.