Managing user roles

AI Risk Essentials has the following two main roles:

  • Risk admin

  • Risk owner

Risk admin role

Risk admins have full access to all system functions. They can:

  • Create, edit, and delete risks

  • Create and edit assessment events

  • Create and edit mitigation plans

  • View all risks, statuses, and data across the platform

Risk owner role

The Risk owner role combines two technical sub-roles, the roles must be assigned at the platform level Platform settings > Users > Manage users

  1. Risk viewer

    • Can view all risks

    • For risks assigned to them using the Risk owner field in the AI Risk Essentials app, they can:

      • Edit risk details

      • Create and update mitigation plans

      • Create and update self-assessments

  2. Risk owner

    • Assigned using the Risk owner field in the AI Risk Essentials app.

    • Can view and edit only the risks assigned to them.

    • For assigned risks, they can:

      • Edit risk details

      • Create and update mitigation plans

      • Create and update self-assessments

Setting up roles

Roles are assigned through Platform settings by the System Admin.

Risk admin, Risk viewer, and Risk owner roles are all assigned through Platform settings > Users > Manage users.

Note

While the Risk owner field appears in the AI Risk Essentials app when creating or editing a risk, assigning the role itself must still be done through the Platform settings.

Assigning risk admin and risk owner roles

  1. Access the platform as a System Admin.

  2. From the main navigation menu, go to Platform settings.

  3. Select Users under Platform settings.

  4. In the Manage users page, go to Asset roles tab.
    The list of existing roles and the assigned users are displayed. If the Risk admin role has no users yet, it may not appear until assigned.

  5. Ensure the correct organization name is displayed at the top of the page. If not, use the dropdown to select the correct org.

  6. Select the + Assign button.

  7. In the Assign role panel, select Risk admin, Risk viewer, or Risk owner from the list of roles.

  8. Select a user.

  9. Select Assign to confirm.

    The assigned users now appear under the selected role in the Asset roles tab.

Assigning risks to risk owners

To assign a Risk owner, follow these steps:

Note

Only users with the Risk admin role can assign Risk owners.

  1. From the main menu, go to Risk identification.

  2. Select the Add Risk button.

  3. Enter the risk details side panel:

    • Enter the Risk name (mandatory).

    • Enter the Category and Description (optional).

    • Select a user from the Risk owner dropdown.

      If a Risk owner was not assigned while adding the risk, use the Risk owner dropdown in the Drafts risks to be activated list to do this.

  4. Select Add risk to save.

    The new risk appears in the Drafts risks to be activated list, with the Risk owner assigned.