Roles determine the permission level and access settings of a user. You must assign a role to a user before they can log into the RiskVision solution. The user only sees the RiskVision solution pages, menu options, and entities that are allowed by their role.
About Access to Entities
You can assign access filters to limit which entities a user can view, modify, and be assigned to as an owner. Access filters--that is, Entity type filters--can be assigned to roles as well as directly to a user. The access filters are cumulative, that is if a user has multiple filters assigned to them, they see all the entities that match each filter.
About Role Privileges and Permissions
Role assignment determines the RiskVision solution user permissions. A privilege is an object or set of objects, typically associated with an RiskVision solution page. Permission is the type of action you can grant to the user. Role permissions are cumulative, that is a user is granted the highest level of permission for the privileges in all the roles assigned to them. For example, if a user is assigned two roles, the first has Assessment View and second has Assessment Manage, the user can manage assessments.
If you grant a role Manage privileges, also grant View privileges to avoid confusion. If a user has Manage but not View privileges, they will not be able to see objects, such as Findings, that they need to manage.
Permissions that are not assigned to any role are shown in red. In general, each permission must be assigned to at least one role that is, in turn, assigned to at least one user.
You cannot explicitly deny or restrict a privilege with respect to a user, only with respect to a role.
Your user role must have the System User Manage permission to create, modify, or delete a role.
