When you add a new user to your CyberRisk instance, you also have the option to assign their permissions:
This is the basic, default setting for all new users. When inviting a user, if none of the checkboxes are selected, that user will have standard permissions. Users with standard permissions are able to add custom domains in BreachSight, add and remove vendors in Vendor Risk, send questionnaires and remediation requests, and apply labels across the product.
Users with Read-Only permissions can see all sections of the tool (with the exception of Data Leaks) but cannot modify the instance. This means they can’t add or remove vendors, send Questionnaires, apply labels, or take any action that would change the information in the instance.
- Account Admin
Users with Account Admin access can do everything a Standard user is able to do, as well as add users, see the Audit Log, create custom Notifications, and generate API keys for their instance.
- Data Leaks
Users with Data Leaks permissions are able to access the Data Leaks module, leave comments, and acknowledge, close or reopen Data Leaks disclosures
- Risk Assessor
Users with Risk Assessor permissions can create and edit Risk Assessments for vendors you're monitoring