Roles & Permissions
1. Introduction
Welcome to the Roles & Permissions section! Here, weβll guide you through managing access rights and privileges within RiskStudio. Whether youβre an workspace owner, a admin, or a curious Guardian, understanding roles and permissions is crucial for effective collaboration and security. Users' roles and permissions can be easily modified through the Participants page.
2. Roles
A number of predefined roles are available in RiskStudio. Below is an explanation of the role with examples of best practices.
Role | Explanation | Best practices |
---|---|---|
Workspace Owner | Created the workspace and thus owns it. Owner rights cannot be changed. There is only one owner of a workspace, who is also responsible for subscriptions and billing. Can access and edit anything within the workspace. |
|
Admin | As an (Admin)istrator, you have complete control over the workspace. This includes the ability to manage users, edit and create content, configure settings, and oversee all operational aspects. This role is critical in guiding the cybersecurity risk management process and ensuring the workspace aligns with organizational goals. |
|
Editor | As an Editor, you'll have the ability to actively contribute and modify content within the workspace. You will be able to add, edit, and update various elements, including risks, reports, and operational entities. This role is critical to maintaining up-to-date, accurate information that enables effective cybersecurity risk management and decision making. |
|
Guardian | As a Guardian, you'll have the ability to create event within the workspace. As a Guardian, you are responsible for proactively monitoring the organization for digital threats and risks. This role is critical to maintaining current and accurate information, which enables effective cybersecurity risk management and decision making. For more information about the Guardian role, see the Use Case page. |
|
Viewer | As a viewer, you'll have access to observe and understand various aspects of the workspace without making direct changes. A viewer has read-only privileges within the various features. |
|
3. Permission
The table below shows the permissions by role for the various features in RiskStudio. A legend can be found below the table for the use of the icons.
Feature | Owner | Admin | Editor | Guardian | Viewer |
---|---|---|---|---|---|
Dashboard | ποΈ | ποΈ | |||
Workspaces | β | ποΈ | |||
Risks (incl. templates & controls) | β | ποΈ | |||
Operational Enitites | β | ποΈ | |||
Participants | β | ποΈ | |||
Companies | β | ποΈ | |||
Risk Board | β | ποΈ | |||
Reported Events (report an event) | |||||
Event triage |
| π | β | β | |
Cyber Rating |
|
|
| β | ποΈ |
Benchmarking |
|
|
| β | ποΈ |
Attack Surface |
|
|
| β | ποΈ |
Risk Event Analyzer |
|
|
| β | ποΈ |
Workspace Settings |
|
| β | β | β |
Subscription & Billing |
| β | β | β | β |
Account Settings |
|
|
|
|
|
Full access to the feature, i.e. can make changes and enter new data.
π A special permission is required to access the Event Triage page.
β No access to the feature pages.
ποΈ Read-only privileges on feature pages.
4. Roles & Permissions across different Workspaces
Within RiskStudio, users can have different roles and permissions across various workspaces. This flexible system ensures that users can have tailored access rights and functions depending on the specific requirements of each workspace. For more information on how workspaces work, check out the Workspace Management page.
4.1 Users across Workspaces
In RiskStudio, the flexibility and adaptability of user roles and permissions are foundational to the platform's design, allowing for a tailored approach to access rights and functionalities within each workspace. To illustrate how this system works in practice, let's examine an example scenario involving four users: Alice, Bob, Charlie, and Diana, each with different roles across three distinct workspaces.
User | Workspace 1 | Workspace 2 | Workspace 3 |
---|---|---|---|
Alice | Owner | Owner | Administrator |
Bob | Administrator | Viewer | Owner |
Charlie | Guardian | Guardian | Viewer |
Diana | Viewer | Editor | Administrator |
4.2 Unique Ownership per Workspace
Each workspace has a maximum of one owner, who possesses the highest administrative rights. It's crucial to highlight that an owner can possess and manage multiple workspaces. This facilitates diversified management of projects and teams within the organization.
4.3 Transferability of Ownership
In line with flexibility and operational continuity, ownership rights are transferable. This is essential for scenarios such as the departure of the current owner. For now, the transfer of ownership is handled manually by our team. It is important that the account taking over ownership rights first takes over responsibility for payments to ensure a seamless transition. Should the situation arise you can contact our service desk (info@riskstudio.com).
5. Frequently Asked Questions (FAQs)
Q: What are RiskStudio Roles and Permissions?
A: The RiskStudio platform assigns different roles and permissions to users, allowing them access to various features and data. There are four primary roles: Administrator, Editor, Guardian, and Viewer.
Q: How do I assign roles to users?
A: Administrators can assign a role to users via the Participant menu.
Q: What permissions does each role have?
A: The detailed table on the page outlines the specific permissions associated with each role. It covers actions such as creating, editing, deleting, etc. for each feature in RiskStudio.
Q: Can users switch roles?
A: Yes, users can switch roles via the Participants menu. The user experience may vary based on their assigned role.