In an effort to simplify the user role creation and management process, we've reduced the number of permissions to tie directly in with the available modules in your system.
Reviewing Your Existing Roles
As an Administrator you should log in to RiskTool and audit the existing user roles. If you are only using the system-provided roles, there is nothing you need to do. If you’ve created custom roles in the past, please take a moment to review the available modules for those roles and make modifications as needed.
To review your user roles please take the following steps:
Log in to RiskTool (Administrators only)
Scroll over the Administration Tab
Select "User Roles" from the drop down menu, second from the bottom
Review any user roles you may have added yourself by clicking into each role and assessing its module permissions
User Role Changes
The old user role permission matrix has been removed and replaced with new permissions that directly reflect the modules set up in the system. Modules are the categorization method used to organize the functionality of your system. Depending on which platform you are using, you may have some or all of the following modules:
Administration
Network Security (RA Force customers only)
Document Management (RiskTool Advantage customers only)
Training
Policies
Inspection Checklists
Best Practice Assessments
Resources
Each of the new user roles has a permission that reflects which modules are available to your organization. The new permissions available for each module are:
View - This allows the user to view the module, but not effect any changes to the module
Edit - This allows the user to create, edit and delete functions within the module; they will have full control over changes
None - No access to the user to the module
The new user roles that come with the system are:
Administrator - Allows users with this role to manage your system with edit access to all modules
Security Manager - Allows users to manage the network security module only
Training Manager - Allows users to to manage the training modules only
Compliance Manager - Allows users to manage the best practice assessments, inspection checklists, and policies modules
Resource User - Allows users to view the resources module only
User - No access to any modules; this user can only take assigned tasks within the system
As stated above, you may have additional roles that you set up. These custom roles will have taken on our new permissions scheme. We've made every effort to not provide a custom role with more access than was originally intended; however, we do urge that all customers review their roles to make sure they are set up to their satisfaction.