How do I manage entity-level access rights?

Entity-level access rights let you give users access to a specific entity rather than a whole control program - so local managers, regional owners, and external auditors only get what's relevant to them. This article explains the access levels and how to assign them.

The three access levels

Entity access uses the same three levels as elsewhere in Impero:

View
See everything for the entity, but can't change anything.

Edit
See and edit everything for the entity - including managing assignments on attached controls (who performs and reviews, for that entity).

Admin
Everything Edit can do, plus the ability to grant other users access to the entity. (Granting access is the one thing that separates Admin from Edit.)

Crucially, none of these levels lets a local user change a control's design — title, description, tags, scheduling, or tasks stay locked to the central framework. Edit/Admin users can only change the assignment details for their own entity. That's what makes "centrally governed, locally managed" work.

How do I assign access to an entity?

1. Click Entities in the left menu and open the entity.
2. In the entity's access rights, add the user.
3. Choose their level - View, Edit, or Admin.
4. Save.

A user only sees the entities - and the control programs - they've been granted access to. Everything else stays hidden.

Example: give an external auditor one entity

To let an external auditor see only your German entity's controls: create (or use) the entity for that German subsidiary, and grant the auditor View access to that entity only. When they log in, that's all they see - no other entity's data is exposed.

You can still combine with program access

Entity access doesn't replace control-program access - you can grant either or both, depending on what a user needs. The goal is more flexibility in how you scope access, not a forced switch.