UpGuard offers granular user permissions to help you control access to your account. When you invite a user to UpGuard, you can set permissions for the specific user or designate custom permissions with a custom role. Using different types of roles ensures you can enact role-based access control to manage your account as you scale.

Note: Only one paid user can access the UpGuard platform with a Basic plan, and role-based access control is available starting with the Professional plan.

UpGuard has three default user roles, each with different permissions:

For some plans, account administrators can also create Custom roles with some permissions enabled and others disabled.

Account administrators can navigate to Settings from the sidebar navigation menu and then select the Users tab to review the permissions associated with each user role. You can optionally set the Custom and Standard roles with administrative features but we recommend following the principle of least privilege when setting user permissions for a large team.

Users with administrative-level access (administrators and any other role that has been set with the option Can administer account) have access to additional features for managing the account and inviting additional users. Account settings, such as company branding, templates, custom labels, API key creation, and custom notifications are limited to users with administrative-level access.

For Professional plans and up, administrators can also access the audit log to review account activity. As an administrator, you can identify important events and filter them by time, event type, and user. This feature ensures that you can keep track of changes to your account and take necessary rollback actions if necessary.

The default state for standard users includes access to BreachSight and Vendor Risk (if your plan includes both products). By default, full access is enabled for most modules included in your plan. The standard role does not have access to Data Leaks.

Any user with administrative-level access can create an unlimited number of restricted users with restricted permissions. Restricted users have limited, read-only access that you can set for BreachSight, Vendor Risk, and Shared Profile.

Modules are only available if they are included in your organization's plan. Some modules, like Identity Breaches and Typosquatting, are only available for users that occupy a paid license seat, so adding those modules to a restricted user will change the user to a standard user.

When you add a new user or edit a user's role, you can set granular permissions for modules within the UpGuard platform.

There are three sections to the Set Permissions page: Account, BreachSight, and Vendor Risk.

In the Account section, you can select a role and decide whether the user(s) can administer your UpGuard account (invite users and access settings). This example sets a custom role that does not have administrative access:

In the BreachSight section, you can provide or revoke access to BreachSight modules. If you provide access, you can decide between standard (Full access) or restricted (Read only) access to the core features: Executive Summary, Risk Profile, Risk Waivers, Domains, IP Addresses, Vulnerabilities, and My Shared Profile. You can also enable or disable access to Identity Breaches, Typosquatting, and Data Leaks for plans that include those features.

In the Vendor Risk section, you can provide or revoke access to Vendor Risk. If you provide access, you can decide between standard (Full access) or restricted (Read only) access to the core features: Executive Summary, Portfolio Risk Profile, Vendors, Remediation, Questionnaires, Shared with Me, and Fourth Parties. You can also enable or disable access to Risk Assessment Author, Questionnaire Builder, and Managed Vendors for plans that include those features.

Continue reading about UpGuard's features with these articles:

For more guidance on user permissions, read these articles next: