Roles

Role Based Access Control

RegScale provides a number of preset roles that provide limited access to certain functionality within the system. Roles should be applied to each user to ensure least privilege access to only the role(s) necessary to perform their job functions. These roles are shown below:

Role Name	Access Type	Module Access
Administrator	Create, Read, Update, Delete	Full access to all modules, Setup for their tenant, Catalogues Management as well as Workflows, Workflow Designer and Build Workflow in Subsystems
AssessmentUser	Create, Read, Update, Delete	Assessment Plans Module, Assessments Module, Questionnaires Module
AssetUser	Create, Read, Update, Delete	Assets Module
CaseUser	Create, Read, Update, Delete	Cases Module
CausalAnalysisUser	Create, Read, Update, Delete	Causal Analyses Module
ChangeUser	Create, Read, Update, Delete	Changes Module
DataCallUser	Create, Read, Update, Delete	Data Calls Module
ExceptionUser	Create, Read, Update, Delete	Exceptions Module
GeneralUser	Create, Read, Update, Delete	All Modules (except Catalogues Module, Categorization Engines Module, Security Controls Modules, Security Profiles Module ), nor access to Setup or Admin functions
GlobalAdmin	Create, Read, Update, Delete	Tenant Configuration
IncidentUser	Create, Read, Update, Delete	Incidents Module
InterconnectUser	Create, Read, Update, Delete	Interconnects Module
IssueScreener	Create, Read, Update, Delete	Issue Screening on the Status tab of an Issue in the Issues Module (This role is most commonly combined with a GeneralUser and can be combined with an IssueUser. One or the other must be active for an IssueScreener to access Issues Module)
IssueUser	Create, Read, Update, Delete	Issues Module, Causal Analysis Module
Maintainer	Create, Read, Update, Delete	Catalogues Module, Categorization Engines Module, Security Controls Modules, and Importer Tools as well as Workflows, Workflow Designer and Build Workflow in Subsystems
Manager	Create, Read, Update, Delete	Same as general user + ability to impersonate users on the workbench
PolicyUser	Create, Read, Update, Delete	Policys Module
ProgramUser	Create, Read, Update, Delete	Programs Module & Capabilities Module
ProjectUser	Create, Read, Update, Delete	Projects Module
ReadOnly	Read	All Modules
RiskUser	Create, Read, Update, Delete	Risks Module
QuestionnaireUser	Create, Read, Update, Delete	Questionnaires Module
SecurityPlanUser	Create, Read, Update, Delete	Security Plans Module, Security Profiles Module, & Control Implementations Module
SupplyChainUser	Create, Read, Update, Delete	Supply Chains Module
ThreatUser	Create, Read, Update, Delete	Threat Models & Threats Modules
Tasks Module	Create, Read, Update, Delete	All Users have access to the Tasks Module (readonly cannot CRUD opertate)

Assign Roles

To set a role(s) navigate to Setup, ' Identity and Access Management' tab, and search for and/or select the user that you wish to edit by clicking the edit icon under ACTIONS.
Under Manage Roles, select the appropriate role by checking the box next to the role that will allow the least privilege access to only the role(s) necessary for the user to perform their job functions. There is no need to click Save, the role will Auto-save and a toast will appear that states "User added to role successfully."
If the user is currently logged in, they will need to log out and back in to reset their permissions and have the new roles applied

Delete Roles

To delete a role(s) navigate to Setup, ' Identity and Access Management' tab, and search for and/or select the user that you wish to edit by clicking the edit icon under ACTIONS.
Under Manage Roles, select the appropriate role(s) by un-checking the box(es) next to the role that you wish for this user to no longer have. There is no need to click Save, the role will Auto-Save and a toast will appear that states "User removed from role successfully."
If the user is currently logged in, they will need to log out and back in to reset their permissions and have the new roles applied