Roles installed with Risk Management

  • Freigeben Version: Australia
  • Aktualisiert 12. März 2026
  • 3 Minuten Lesedauer

    • Roles are added with activation of GRC: Risk Management.

    Tabelle : 1. Roles installed
    Role title [name] Description Contains roles
    Risk Reader

    [sn_risk.reader]

    		 In addition to the inherited permissions, the risk reader has read-only access rights to the Risk application and modules. The risk reader can do the following in the GRC scope:
    • Act on issues assigned to him.
    • Have read access to all Indicator templates.
    • Can act on indicator tasks assigned to them.
    • Have read-access to indicators.
    • Have read-access to entities.

    The risk reader can do the following in the Risk Management application:

    • Act on the Remediation tasks assigned to them.
    • Have read-access to risks.
    • Take old risk assessment.
    • Have read-access to risk statement and risk framework.
    • Perform advanced risk assessment.
    • Create risk events.
    • Work on risk event tasks and issues.
    • Access all risk events and risk dashboards.
    • Have read-access to feedback.
    • sn_grc.reader
    • survey_reader
    • sn_rvw_feedback.reader
    Risk User

    [sn_risk.user]

    		 Contains the reader and business user roles in sn_grc scope, and the reader role in the Risk Management application and business user role in the sn_grc scope. In addition to the inherited permissions, the risk user can view:
    • entity types
    • entities
    • risks
    • remediation tasks
    • control
    • control objectives
    • policy exceptions

    The risk user can also create risks. The risk user can be assigned risks and has read-only access to the Policy and Compliance Management application and modules. Risk user can do everything that the risk reader can do. The risk reader can do the following in the Risk Management application:

    • Work on risk acceptance tasks and remediation tasks.
    • Create risks.
    • Access the Advanced Risk related dashboards.
    • Have read-access to the risk identification functionality of Advanced Risk and can take assessment related to risk identification.
    • Create assessment scope.
    • sn_grc.user
    • sn_compliance.reader
    • sn_risk.reader
    • survey_reader
    • sn_grc.business_user
    • sn_risk_advanced.ara_creator
    Risk Manager

    [sn_risk.manager]

    		 Contains the reader, user, and manager roles in sn_grc scope, and the reader and user roles in the Risk Management application. In addition to the inherited permissions, the risk manager can do the following in the GRC scope
    • Create issues and issue ratings.
    • Create entity, entity types, and entity classes and class rules.
    • Create content references.
    • Create indicators and indicator templates.
    • Have read-access to entity tier.

    In the Risk Management application, the risk manager can:

    • Create risk frameworks
    • Create risk statements
    • Create risks
    • Create risk event response template.
    • Create risk identifications and can view the dashboard related to risk identification.
    • Create remediation tasks.
    • Create assessment scheduler.
    • Associate risk statements to Information objects using Associate risk statements module.
    • sn_grc.manager
    • sn_risk.user
    Risk Admin

    [sn_risk.admin]

    		 Contains the reader, user, manager, and admin roles in sn_grc scopes, and the reader, user, and manager roles in the Risk Management application. In addition to the inherited permissions, in the GRC scope, the risk admin can create an entity tier. In the Risk Management application, the risk administrator can:
    • Delete risk frameworks.
    • Delete entity, tables, indicator, risks, issues, tasks.
    • Create risk statements and risks.
    • Modify admin properties.
    • Modify risk criteria.
    • Create causes and consequences of risk event.
    • Access to risk, advanced risk related properties.
    • Create risk identification configuration.
    • Create a risk assessment methodology, all types of factors.
    • Perform administrative activities.
    • Configure a feedback integration setup for any record type.
    • sn_grc.admin
    • sn_risk.user
    • sn_risk.manager
    • sn_grc_appr.admin
    • sn_rvw_feedback.admin
    Assessment Creator

    [sn_risk.asmt_creator]

    		 The assessment creator is used for creating GRC risk assessment metric types. assessment_admin
    GRC Business User

    [sn_grc.business_user]

    		 Users with this role can perform the following tasks:
    • Take risk assessment.
    • Create risk response tasks.
    • View risk statements.
    • View risk assessment scope.
    • View and report risk events.
    • Work on assigned risk event tasks.
    • View indicator supporting data.
    • Respond to indicator tasks.
    • Respond to risk identification questionnaire.
    • Respond to metrics data tasks.
    • Report issues.
    • Submit issue triage requests.
    • Work on assigned remediation tasks.
    • Work on assigned issues.
    • If there is an integration with Project Portfolio Management:
      • View the Project Risk Overview dashboard
      • Create risks from library.
      • Elevate enterprise risks.
      • Initiate any object assessment.
    		 None