Note: The roles described in this article refer to the entire contents of your Impero environment. On the other hand, access can also be granted to specific programs, risk directories, entities or reports.
Administrator:
All users with the administrator role have access to everything in your organization.
User administrator:
Users with the role “User administrator” can invite users to Impero (external stakeholders such as auditors etc.) and delete users from Impero. The user administrator can also create and edit user groups and grant user roles to other users (it is only possible to grant the same or lower roles to the user). The user administrator cannot change email addresses of existing users - an admin role is needed to perform this action.
User creator:
All users with the role “User creator” can create users and user groups.
Tag administrator:
All users with the role “Tag administrator” can create and edit tags in Impero. It is important to notice that Impero has a shared “tag catalog” across the entire environment so changes in the tag catalog may affect other business areas. Impero recommend limiting this role to a few users.
Log Administrator:
All users can enter the event log and see their own events. Users with the log administrator role can see all events in the organization.
Control manager:
Users with the role “Control manager” can create new control programs and new controls in programs, which they have access to.
In order to create and manage controls in existing programs, a user additionally needs "Admin" or "Edit" access to the program.
Any user - no matter the user role - who is granted "Edit" or "Admin" access to a program can edit or delete existing controls in the program as well as the program itself.
Report manager:
Users with the role “Report manager” can set up push reports. If you do not have this role or an admin-role, you can not set up push reports.
Risk manager:
With the role “Risk manager”, users can create risk directories, entities and new risk maps.
In order to edit already existing risk directories, risks or entities, a user would also need access rights granted either for the risk directory or entities. Find more information for risk directory accesses here and entity accesses here.
API user (beta):
A user with the role “API user" can use the public API. Keys can be generated and administrated on the user's profile page.
No roles:
If a user is given no roles, they will be able to login in to the environment and see their list of pending activities only. The user will also be able to view their own previously performed activities in the activity list.
Tip: You can add as many roles as needed to each to user. It is not limited to one role per user.
Learn more:
- Do you want to add or update multiple users? Go to How can I add or update multiple users at once?