Role Restrictions

Certain roles support lists of restrictions, which can be configured by authorized users. These lists specify that only the people or groups of people (when applicable) included on these lists can be assigned to certain roles. There can be a restriction list for the Perimeter Manager role, for example. In this case, only people previously included on the list can be assigned as manager of any perimeter in the system. When the perimeter is created and managers are being assigned, only people included on the list will show as available for selection.

Note that the restrictions for event roles from the Workflow module are specific for event types. The list of restrictions displays each role by event type, which allows the Event Coordinator role to have different people for Compliance and Risk events, for example. 

It is also important to note that here you can restrict the people who can be assigned as interviewees and reviewers in interviews of the Risk module, but that those are not roles registered in the Authorization Policy section of this module.  

The table below shows the roles for which you can configure a list of restrictions.

Module/Solution of Origin

Role

Description

Organization

Perimeter Manager

Person or group of people from the organization with the task of keeping the information on the assets in the perimeters they manage updated.

 

Organizational Project Leader

The leader is responsible for managing projects to which they were assigned. The leader must be a person.

Risk

Leader or Substitute Leader of a Risk Project

 

The leader and substitute leader are responsible for managing risk projects to which they were assigned. A person can be assigned as leader, and a person or group as substitute leader.

 

Asset Risk Analyst

Person assigned to analyze asset risks by answering questionnaires, sending interviews, executing automated collections, and analyzing the vulnerabilities collected by external scanners.

 

Interviewee of Risk Interviews

Person responsible for answering and saving interviews used in risk projects.

 

Reviewer of Risk Interviews

 

Person responsible for reviewing the information provided by interviewees in the interviews used in risk projects.             

 

Risk Query Editor

Person or group of people that can manage queries to which they were assigned in the Risk module.

Compliance

Leader or Substitute Leader of a Compliance Project

The leader and substitute leader are responsible for managing compliance projects to which they were assigned. A person can be assigned as leader, and a person or group as substitute leader.

Knowledge

Responsible for Knowledge Base

Person or group of people from the organization responsible for managing a knowledge base and its controls.

 

Responsible for Survey

Person from the organization responsible for managing a survey (risk, compliance, or generic).

 

Responsible for Authoritative Document

Person or group of people from the organization responsible for managing an authoritative document and its requirements.

Workflow

Author of {name of event type} Event

Person from the organization that registers an event in the Workflow module.

 

Coordinator of {name of event type} Event

Person or group of people from the organization assigned to coordinate the activities related to an event in the Workflow module.

 

Responsible for {name of event type} Event

Person or group of people from the organization with permission to edit and update the Workflow events to which they were assigned.

 

Involved in {name of event type} Event

People or groups of people from the organization who are involved in an event while it is taking place.

 

First Reviewer of {name of event type} Event

Person or group of people from the organization assigned to review the properties of an event in the Workflow module.

 

Second Reviewer of {name of event type} Event

Person or group of people from the organization assigned to review the properties of an event in the Workflow module.

 

Third Reviewer of {name of event type} Event

Person or group of people from the organization assigned to review the properties of an event in the Workflow module.

 

For certain roles, the system selects someone by default for the role – generally the author. For example, the system assigns the person creating a knowledge base (its author) to the Responsible for Knowledge Base role by default. If you decided to restrict who could be assigned to this role but did not specify who was allowed, the system will show an alert (see figure below).

 

 

It is important to point out that the members of any groups added to a restriction list can also be assigned to the role, aside from any people included individually in the list.

Also note that if a person or a group belonging to the list of restrictions for a certain role is assigned to that role and subsequently removed from the list, they will remain assigned to the role. However, the system will show an alert so that you may select another person or group included in the list. The member will no longer show as available for assignment to that role until included again in the list of restrictions or until the role is no longer restricted.

If all the people or groups included in the list of restrictions for a role are deleted from the system, you must either access the list and add new members or remove the restrictions for the role.