HomeGuidesAPI ReferenceChangelog
Log In
Guides

Roles

Suggest Edits

Role Based Access Control

RegScale provides a number of preset roles that provide limited access to certain functionality within the system. Roles should be applied to each user to ensure least privilege access to only the role(s) necessary to perform their job functions. These roles are shown below:

Role NameAccess TypeModule Access
AdministratorCreate, Read, Update, DeleteFull access to all modules, Setup for their tenant, Catalogues Management as well as Workflows, Workflow Designer and Build Workflow in Subsystems
AssessmentUserCreate, Read, Update, DeleteAssessment Plans Module, Assessments Module, Evidence Module, Questionnaires Module, Continuous Monitoring, & Lightening Assessments
AssetUserCreate, Read, Update, DeleteAssets Module
CaseUserCreate, Read, Update, DeleteCases Module
CausalAnalysisUserCreate, Read, Update, DeleteCausal Analyses Module
ChangeUserCreate, Read, Update, DeleteChanges Module
DataCallUserCreate, Read, Update, DeleteData Calls Module
ExceptionUserCreate, Read, Update, DeleteExceptions Module
GeneralUserCreate, Read, Update, DeleteAll Modules (except Catalogues Module, Categorization Engines Module, Security Controls Modules), nor access to Setup or Admin functions
GlobalAdminCreate, Read, Update, DeleteTenant Configuration
IncidentUserCreate, Read, Update, DeleteIncidents Module
InterconnectUserCreate, Read, Update, DeleteInterconnects Module
IssueScreenerCreate, Read, Update, DeleteIssue Screening on the Status tab of an Issue in the Issues Module (This role is most commonly combined with a GeneralUser and can be combined with an IssueUser. One or the other must be active for an IssueScreener to access Issues Module). This user also has access to the causal analysis module.
IssueUserCreate, Read, Update, DeleteIssues Module, Causal Analysis Module
MaintainerCreate, Read, Update, DeleteCatalogues Module, Categorization Engines Module, Security Controls Modules, and Importer Tools as well as Workflows, Workflow Designer and Build Workflow in Subsystems
ManagerCreate, Read, Update, DeleteSame as general user + ability to impersonate users on the workbench
PolicyUserCreate, Read, Update, DeletePolicys Module
ProgramUserCreate, Read, Update, DeletePrograms Module & Capabilities Module
ProjectUserCreate, Read, Update, DeleteProjects Module
ReadOnlyReadAll Modules
RiskUserCreate, Read, Update, DeleteRisks Module
QuestionnaireUserCreate, Read, Update, DeleteQuestionnaires Module
SecurityPlanUserCreate, Read, Update, DeleteSecurity Plans Module, Security Profiles Module, Evidence Module, Control Implementations Module, Issues, & Continuous Monitoring
SupplyChainUserCreate, Read, Update, DeleteSupply Chains Module & Evidence Module
ThreatUserCreate, Read, Update, DeleteThreat Models & Threats Modules
Tasks ModuleCreate, Read, Update, DeleteAll Users have access to the Tasks Module (readonly cannot CRUD opertate)
Questionnaires ModuleCreate, Read, Update, DeleteAll authenticated users have access to the Questionnaires module

Assign Roles

  1. To set a role(s) navigate to Setup, ' Identity and Access Management' tab, and search for and/or select the user that you wish to edit by clicking the edit icon under ACTIONS.
  2. Under Manage Roles, select the appropriate role by checking the box next to the role that will allow the least privilege access to only the role(s) necessary for the user to perform their job functions. There is no need to click Save, the role will Auto-save and a toast will appear that states "User added to role successfully."
  3. If the user is currently logged in, they will need to log out and back in to reset their permissions and have the new roles applied

Delete Roles

  1. To delete a role(s) navigate to Setup, ' Identity and Access Management' tab, and search for and/or select the user that you wish to edit by clicking the edit icon under ACTIONS.
  2. Under Manage Roles, select the appropriate role(s) by un-checking the box(es) next to the role that you wish for this user to no longer have. There is no need to click Save, the role will Auto-Save and a toast will appear that states "User removed from role successfully."
  3. If the user is currently logged in, they will need to log out and back in to reset their permissions and have the new roles applied

Updated about 19 hours ago