Skip to main content
Skip table of contents

Roles & Permissions

image-20240206-173913.png

1. Introduction

Welcome to the Roles & Permissions section! Here, we’ll guide you through managing access rights and privileges within RiskStudio. Whether you’re an workspace owner, a admin, or a curious Guardian, understanding roles and permissions is crucial for effective collaboration and security. Users' roles and permissions can be easily modified through the Participants page.

2. Roles

A number of predefined roles are available in RiskStudio. Below is an explanation of the role with examples of best practices.

Role

Explanation

Best practices

Workspace Owner

Created the workspace and thus owns it. Owner rights cannot be changed. There is only one owner of a workspace, who is also responsible for subscriptions and billing. Can access and edit anything within the workspace.

  • Can be used to manage and control multiple workspaces, e.g. for customers in the case of a consultant.

  • Use the owner role to ensure continuity or as fallback account.

  • Ownership can be transferred (see section 4.3)

Admin

As an (Admin)istrator, you have complete control over the workspace. This includes the ability to manage users, edit and create content, configure settings, and oversee all operational aspects.

This role is critical in guiding the cybersecurity risk management process and ensuring the workspace aligns with organizational goals.

  • Assign administrator roles to trusted team members.

  • It is usually assigned to individuals with a risk management background to take the reigns in the organization of this.

  • Limit the number of administrators to ensure security.

Editor

As an Editor, you'll have the ability to actively contribute and modify content within the workspace. You will be able to add, edit, and update various elements, including risks, reports, and operational entities.

This role is critical to maintaining up-to-date, accurate information that enables effective cybersecurity risk management and decision making.

  • Used for managers or leads who have responsibility for a department, process, project or information system.

  • Often bring entities or bear the responsibility for identifying risks and taking action.

  • Limit the number of editors to maintain consistency.

Guardian

As a Guardian, you'll have the ability to create event within the workspace. As a Guardian, you are responsible for proactively monitoring the organization for digital threats and risks.

This role is critical to maintaining current and accurate information, which enables effective cybersecurity risk management and decision making.

For more information about the Guardian role, see the Use Case page.

  • Anyone who wants to help protect organization can be a Guardian.

  • A robust representation from across the organization is desirable, and Guardians play a pivotal role as a bridge between the security team and other staff members. 

Viewer

As a viewer, you'll have access to observe and understand various aspects of the workspace without making direct changes. A viewer has read-only privileges within the various features.

This role is perfect for gaining insights and understanding the dynamics of cybersecurity risk management.

  • Often assigned to auditors, consultants, external stakeholders, etc. who support or facilitate the organization but do not have an active role/task in the risk management process.

  • Provide clear communication about viewers' limited rights.

  • Limit the number of viewers to maintain accessibility.

3. Permission

The table below shows the permissions by role for the various features in RiskStudio. A legend can be found below the table for the use of the icons.

Feature

Owner

Admin

Editor

Guardian

Viewer

Dashboard

(tick)

(tick)

(tick)

πŸ‘οΈ

πŸ‘οΈ

Workspaces

(tick)

(tick)

(tick)

βž–

πŸ‘οΈ

Risks (incl. templates & controls)

(tick)

(tick)

(tick)

βž–

πŸ‘οΈ

Operational Enitites

(tick)

(tick)

(tick)

βž–

πŸ‘οΈ

Participants

(tick)

(tick)

(tick)

βž–

πŸ‘οΈ

Companies

(tick)

(tick)

(tick)

βž–

πŸ‘οΈ

Risk Board

(tick)

(tick)

(tick)

βž–

πŸ‘οΈ

Reported Events (report an event)

(tick)

(tick)

(tick)

(tick)

(tick)

Event triage

(tick)

(tick)

πŸ”

βž–

βž–

Cyber Rating

(tick)

(tick)

(tick)

βž–

πŸ‘οΈ

Benchmarking

(tick)

(tick)

(tick)

βž–

πŸ‘οΈ

Attack Surface

(tick)

(tick)

(tick)

βž–

πŸ‘οΈ

Risk Event Analyzer

(tick)

(tick)

(tick)

βž–

πŸ‘οΈ

Workspace Settings

(tick)

(tick)

βž–

βž–

βž–

Subscription & Billing

(tick)

βž–

βž–

βž–

βž–

Account Settings

(tick)

(tick)

(tick)

(tick)

(tick)

(tick) Full access to the feature, i.e. can make changes and enter new data.
πŸ” A special permission is required to access the Event Triage page.
βž– No access to the feature pages.
πŸ‘οΈ Read-only privileges on feature pages.

4. Roles & Permissions across different Workspaces

Within RiskStudio, users can have different roles and permissions across various workspaces. This flexible system ensures that users can have tailored access rights and functions depending on the specific requirements of each workspace. For more information on how workspaces work, check out the Workspace Management page.

4.1 Users across Workspaces

In RiskStudio, the flexibility and adaptability of user roles and permissions are foundational to the platform's design, allowing for a tailored approach to access rights and functionalities within each workspace. To illustrate how this system works in practice, let's examine an example scenario involving four users: Alice, Bob, Charlie, and Diana, each with different roles across three distinct workspaces.

User

Workspace 1

Workspace 2

Workspace 3

Alice

Owner

Owner

Administrator

Bob

Administrator

Viewer

Owner

Charlie

Guardian

Guardian

Viewer

Diana

Viewer

Editor

Administrator

4.2 Unique Ownership per Workspace

Each workspace has a maximum of one owner, who possesses the highest administrative rights. It's crucial to highlight that an owner can possess and manage multiple workspaces. This facilitates diversified management of projects and teams within the organization.

4.3 Transferability of Ownership

In line with flexibility and operational continuity, ownership rights are transferable. This is essential for scenarios such as the departure of the current owner. For now, the transfer of ownership is handled manually by our team. It is important that the account taking over ownership rights first takes over responsibility for payments to ensure a seamless transition. Should the situation arise you can contact our service desk (info@riskstudio.com).

5. Frequently Asked Questions (FAQs)

Q: What are RiskStudio Roles and Permissions?
A: The RiskStudio platform assigns different roles and permissions to users, allowing them access to various features and data. There are four primary roles: Administrator, Editor, Guardian, and Viewer.

Q: How do I assign roles to users?
A: Administrators can assign a role to users via the Participant menu.

Q: What permissions does each role have?
A: The detailed table on the page outlines the specific permissions associated with each role. It covers actions such as creating, editing, deleting, etc. for each feature in RiskStudio.

Q: Can users switch roles?
A: Yes, users can switch roles via the Participants menu. The user experience may vary based on their assigned role.

6. Related pages

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.