CAM user roles

  • Release version: Yokohama
  • Updated January 30, 2025
  • 1 minute to read

    • Assign users and groups with roles to prepare them to user the CAM application.

    Role permissions and responsibilities

    Role title [name] Description
    Authorization Official

    (sn_irm_cont_auth.authorization_official)

    		 Responsible for accepting an information system into an operational environment at a known risk level.

    The Authorization Official is entitled to approve and update authorization packages.

    The role and contains:
    • sn_irm_cont_auth.reader
    Continuous Authorization and Monitoring administrator

    (sn_irm_cont_auth.admin)

    		 Responsible for all system administration duties in the CAM application.
    The role contains:
    • sn_audit.manager
    • sn_compliance.admin
    • sn_doc.admin
    • sn_irm_cont_auth.reader
    • sn_irm_cont_auth.scheduler
    Executive Reader

    (sn_irm_cont_auth.executive_read)

    		 Read-only access to all modules of the CAM application.

    The role contains: sn_irm_cont_auth.reader. Users with this role can access CAM Workspace.
    Information Owner

    (sn_irm_cont_auth.information_owner)

    		 Responsible for statutory, management, or operational authority and the establishment of policies and procedures governing its generation, collection, processing, dissemination, and disposal. The user can also update information types of an authorization package.
    The role contains:
    • sn_audit.user
    • sn_irm_cont_auth.reader
    Information System Security Manager

    (sn_irm_cont_auth.info_system_sec_manager)

    		 Responsible for conducting information system security management activities. They develop and maintain the system-level cybersecurity program.
    Can update the authorization package. The role contains:
    • sn_compliance.user
    • sn_irm_cont_auth.reader
    Information System Security Officer

    (sn_irm_cont_auth.info_system_sec_officer)

    		 Responsible for ensuring that the appropriate operational security posture is maintained for an information system.
    Can update the authorization package. The role contains:
    • sn_compliance.user
    • sn_irm_cont_auth.reader
    Reader

    (sn_irm_cont_auth.reader)

    		 Read-only role. Users with this role can access CAM Workspace.
    The role contains:
    • sn_audit.reader
    • sn_grc_workspace.task_reader
    • sn_grc_workspace.user
    • sn_compliance.reader
    • sn_incident_read
    • sn_change_read
    • sn_vul.read_all
    • sn_si.read
    Scheduler

    (sn_irm_cont_auth.scheduler)

    		 Responsible for running all scheduled jobs for the application. This role is for a technical user.

    The role contains: sn_irm_cont_auth..system_owner.
    Security Control Assessor

    (sn_irm_cont_auth.sec_control_assessor)

    		 Responsible for conducting a thorough assessment of the management, operational, and technical security controls of an information system.
    The role contains:
    • sn_audit.manager
    • sn_compliance.user
    • sn_irm_cont_auth.reader
    System Owner

    (sn_irm_cont_auth.system_owner)

    		 Responsible for procuring, developing, integrating, modifying, operating, and maintaining an information system.
    The role contains:
    • sn_audit.user
    • sn_compliance.user
    • sn_irm_cont_auth.reader
    System User

    (sn_irm_cont_auth.system_user)

    		 Responsible for performing actual work in the system. They can update authorization boundaries, filter, elements, milestones, and acceptance tasks.
    The role contains:
    • sn_audit.user
    • sn_irm_cont_auth.reader
    • business user