This page will outline the permissions and notifications associated with each user role. This page will also address commonly asked questions about user roles.
Access the User Management Page to create and edit users. You can assign each user appropriate role(s) to tailor their access to certain platform functionalities and notifications.
User Roles and Notifications
Account Administrator
This role is for the primary user(s) of the ProcessUnity GRX platform and require administrative access to all functions.
Details:
- Granted all platform permissions.
- Multiple users can have this role. There must always be at least one user with this role.
- This is the only role that can give other users the Account Administrator role and remove users from the Account Administrator role.
Notifications Received:
- Default contact for all Platform notifications. Account Administrators will receive all notifications until user(s) have been assigned to the other specialized roles listed below. Once assigned, users will receive notifications relevant to their role(s), and the Account Administrator will no longer receive those notifications.
- Note: Breach Monitoring & Alerting notifications are an exception to the above and will be sent to Account Administrators regardless if other roles have been assigned.
Platform User Manager
This role is for users who may be responsible for adding or editing user accounts within your organization, but who is not required to receive the platform notifications associated with the Account Administrator role.
Details:
- Can add, deactivate and modify your organization’s user accounts and specific user permissions.
- Can assign API tokens to other users in the company account.
- Cannot assign or revoke Account Administrator role (See Account Administrator).
Notifications Received:
- This role does not receive any Platform notifications.
Assessment Owner
This role is for users who are primary contributors responsible for completing your organization's ProcessUnity GRX assessment.
Details:
- Primary point of contact when completing the ProcessUnity GRX assessment.
- Responsible for final submission of the completed ProcessUnity GRX assessment .
- Primary point of contact for validation process, when applicable.
- Does not receive requests or have rights to authorize release of assessment data (see Data Request Authorizer or Customer Portfolio Manager).
Notifications Received:
- New Assessment - a new assessment has been created for your company. This is typically due to annual renewal and/or if a Customer requests higher tier than what you have previously completed.
Assessment Contributor
This role is for users who are supporting or primary contributors responsible for completing the ProcessUnity GRX assessment.
Details:
- Can contribute to completing the assessment but cannot submit a completed assessment.
- Does not receive platform notifications regarding assessment progress or updates.
- Does not receive requests or have rights to authorize release of assessment data (see Data Request Authorizer or Customer Portfolio Manager).
Notifications Received:
- This role does not receive any Platform notifications.
Data Request Authorizer
This role is for users who are the primary contact responsible for responding to Customer requests for your organization's security assessment data.
Details:
- Receives email notifications when a Customer requests your organization’s ProcessUnity GRX report.
- Can approve or deny access to the ProcessUnity GRX report and all associated assessment results for your organization.
- Can proactively share your organization’s ProcessUnity GRX assessment results with specified Customer.
- Can answer and make changes to control answers, but does not have rights to submit your assessment (see Assessment Owner).
Notifications Received:
- Authorize Report - a new request for your company's assessment data has been placed by a Customer on the Exchange.
Assessment Delegate
This role is for users who have been designated by an Assessment Owner to respond to specific sections of the ProcessUnity GRX assessment.
Details:
- This role can answer questions within designated control group(s) of the assessment.
Notifications Received:
- This role does not receive any Platform notifications.
Customer Portfolio Manager
This role is for users who are responsible for managing your company's Customer-Ecosystem, Customer requests, and updates to your company's risk posture and profile in the Exchange.
Details:
- Will receive notifications when new Customer requests are placed.
- Can approve or deny access to your company's ProcessUnity GRX Report and all associated assessment results.
- Can proactively share your organization’s ProcessUnity GRX assessment results with specified Customers.
- Can answer and make changes to control answers, but does not have rights to submit your assessment (see Assessment Owner).
Notifications Received:
- This role will only receive Breach Monitoring & Alerting notifications.
Third Party Portfolio Manager
This role is for users who are primarily responsible for building out your company's Third Party-Ecosystem, managing relationship data and requesting security assessments from Third Parties.
Details:
- Only available for Customers of ProcessUnity GRX.
- Can add Third Party companies to your organization's ecosystem.
- Can edit Third Party organization’s primary activity, contact information and risk tiering.
- Can edit Auto Inherent Risk/ Impact Questionnaire answers for all Third Parties in your ecosystem.
- Can request access to Third Party's ProcessUnity GRX Report.
Notifications Received:
- Approved – a Third Party has approved your request to access their assessment data.
- Denied - a Third Party has denied your request to access their assessment data.
- Recorded Future Risk Monitoring Notifications -
- weekly Summary email (Wednesday 8:00 am MST) with a list of Third Parties in their portfolio who have experienced breach events within the past week.
-
an email alert notification within 24 hours if their company experiences a breach event.
Business Relationship Manager
This role is for users who may be supporting the the activities carried out by the Third Party Portfolio Manager.
Details:
- Only available for Customers of ProcessUnity GRX.
- Can add Third Party companies to your organization's ecosystem.
- Can edit Third Party organization’s primary activity, contact information and risk tiering.
- Can edit Auto Inherent Risk/ Impact Questionnaire answers for all Third Parties in your ecosystem.
- Can request access to the ProcessUnity GRX Report of Third Parties in your organization's ecosystem.
- Can view Share Invitations from Third Parties in your organization's ecosystem.
Notifications Received:
- This role does not receive any Platform notifications.
Commonly Asked Questions:
Q: Can a user have multiple roles?
A: Yes, users can be assigned to multiple roles. Additionally, multiple users can be assigned to the same role.
Q: What actions can I do on the User Management page?
A: Users can create new users, edit existing users, and see all the role descriptions and details from the User Management page.
The user(s) with the Account Administrator role can edit their own profile, edit other user profiles, deactivate and activate accounts, change roles on accounts, and make other users Account Administrators. To prevent organizations from locking themselves out of the platform, the Account Administrator cannot remove the Admin role from themselves. However, an Account Administrator permission can always be removed by another account administrator.
Q: What is the difference between pending and deactivated users?
A: Pending Users have been invited to join the ProcessUnity GRX Platform within a company account but they have not accepted the invitation / logged into the platform.
- These users cannot be deactivated, they can only be deleted
- Once they accept the invitation / log in, they will appear as active users
Deactivated Users are users who were Active at one point, but subsequently deactivated by an Account Administrator.
- Once a user is deactivated, they will no longer have access to the platform.
- Their information will still be available in the platform while they are deactivated and will stay there until they are deleted.
- The only roles that can deactivate users are the Account Administrator and Platform User Manager.
Q: How do I delete a user?
A: Users with the Account Administrator role can delete users by going to the “Edit” modal on the User Management page and selecting the “Deactivate” button. Once the user is deactivated, the Account Administrator can then select the “Delete” button on the same “Edit” page.
Comments
0 comments
Please sign in to leave a comment.