Roles are assigned to users and can be set on the edit user page. They are cumulative and do not cascade, so if a user needs both manager and auditor privileges both roles must be toggled on. 

  • OrgAdmin - Grants edit access to all organization wide settings. Can enable all roles on users.*
  • SiteAdmin - Grants edit access to site specific settings. Can enable SiteAdmin role and below on users. Allows the reassignment of responsible parties on mitigations.*
  • AuditAuthor - Grants edit access to Documents and the Question Library. Can assign audits.
  • Auditor - Must be enabled for audits to be assigned. Grants access to complete and submit audits.
  • Manager - Must be enabled for user to be set as a responsible party. Grants access to reports.
  • DataEntry - Causes all audits to be visible on dashboard, allows the entry of historical audit information.*


    • The OrgAdmin and SiteAdmin roles are the only two with the ability to delete scheduled audits.
    • The DataEntry role should be disabled for most users, if this role is enabled the user will see all audits assigned to all users on their homepage.