This page contains information about the roles and capabilities of each account in Isora GRC.
...
Each person defined to Isora GRC can be associated with one or more organizational units (OUs). For each OU a person is involved with, the person has a role within the OU. The following table summarizes the capabilities of each role.
Role | Capabilities (for a given Organizational Unit) |
|---|---|
Organizational Unit Head | Can final acknowledge an org unit survey; can see all reports completed organizational assessments (including those of child OU reportsOUs); can answer survey questions |
Assessment Manager | Can launch surveysurveys; can view reports completed assessments and answer survey questions; can delegate OU questions (and add users via delegation) and assign hosts to users; can view all permissions and assign permissions to other users, can edit sheets; can create, launch and acknowledge app assessments; can create, launch, and view vendor assessments |
IT Staff | Can view reports and answer survey questions; can delegate OU questions and assign hosts to users (and add users to Isora GRC via delegation); can edit sheets; can create, launch and acknowledge app assessments |
Vendor ManagerRequestor | Can create, edit, launch and view vendor assessments for their OU only; can view shared completed vendor assessments from other OUs. |
User | Does not have any special capabilities; the User designation indicates that a person is affiliated with a particular OU. |
Auditor | Has read-only access to everything |
(no role assigned) | Can do categorization of hosts that belong to them; can answer any unit questions that have been delegated to them; can create sheets and edit sheets that belong to them (irrespective of organizational unit); can answer questions about apps which they own |
The Vendor Manager Requestor role is new.
Superusers
In addition to ordinary persons, Isora GRC must have at least one administrative person defined. This is indicated by the “superuser” attribute. Initially, Isora GRC is set up with at least one superuser defined. A superuser can do everything encompassed by all of the ordinary person roles, and much more. Any superuser can do everything in Isora GRC. The following table summarizes what superusers can do (in addition to all the things ordinary users can do):
...
Although it is possible to assign individual roles to a superuser, it’s not necessary to do sorequired.
Service Accounts
Any user that you create in Isora GRC may be designated as a “service account” using a checkbox. A service account should be used for any non-person entity that needs to access Isora GRC. Like an ordinary person, a service account may have roles in OUs assigned to it. No remote authorization checks are performed with service accounts. Although it is possible to authenticate a service account locally, by specifying a local password, or to authenticate it remotely via LDAP, it is not typical for a service account to log into the Isora GRC web interface. Service accounts should access Isora GRC through the API using a token. You can learn more about the API in the API Guide .
...