Manage Users and Assign Roles

The Governance Portal supports assignment of users to roles either directly or via user groups. Management of users involves the following key steps:

1. Add, update, and delete users - A user is someone who has a user ID and password to access the Governance Portal. Typically, a user id is an email address and a password is used to authenticate a user. What a user can see and do in the Governance Portal is dependant on his or her roles. See Manage Users via Spreadsheet Upload for additional information.
2. Assign / un-assign users to roles - To give users the ability to perform activities in the system, users must be assigned to roles. Users can be assigned to roles at an enterprise level (e.g. the ability to edit all controls within the system); a specific business entity (e.g. the ability to edit only the controls within a given business process); or a specific data element (e.g. the ability to edit only a single control).

   Role Type	Description
   Enterprise level	Assignment of a user to a role at the enterprise level (i.e. directly through the Admin tab) gives users the ability to perform a certain function for all content pertaining to that function across the enterprise. For example, assigning a user to the Control Owner role directly within the Admin tab gives the user the ability to manage all controls contained within the system. See Add a User to a Role and Add a User Group to a Role for additional information.
   Entity level	Assignment of a user to a role at the entity level (i.e. assignment to a given role at a particular organizational unit, process, IT system, project and event, audit, or audit activity) gives users the ability to perform a certain function for all content pertaining to that function within the specified entity. For example, assigning a user to the Control Owner role within the Close the Books process gives the user the ability to manage all controls contained within Close the Books, but not the ability to manage controls outside of the Close the Books process (e.g. controls contained within the Treasury process). See Assign Entity-Specific Role Membership via the User Interface, Assign Entity-Specific Role Membership via the Spreadsheet Upload and Assign Audit-Specific Role Membership via the User Interface for additional information.
   Specific data element	Assignment of a user to a role for a specific data element (e.g. assignment to a given role for a single control) gives users the ability to perform a certain function for that specific data element. For example, assigning a user to the Control Owner role for the "Reconcile general ledger" control gives the user the ability to manage that specific control, but not the ability to manage any other controls in the system. See Assign Entity-Specific Role Membership via the Spreadsheet Upload for additional information. Note: As roles specific to a given data element are typically viewed as an attribute of the data element (e.g. control owner is an attribute of the control), assignment can also be achieved by editing a given form that pertains to the data element.

Note: Users can also be assigned to roles via user groups. User groups are beneficial when a user is a member of a group that should be assigned to a given role across multiple business entities but not all entities. For example, every member of the Internal Audit team may have the same capability to perform tests of controls as defined by the Internal Audit role. However, let's say the Internal Audit team is split amongst various geographies, and that each geography contains multiple sub-organizations and processes. Further, each group should only be able to perform tests within their assigned geography. In this case, rather than assign each North American auditor to the Internal Audit role for multiple organizations and processes within North America, it will be more efficient to assign a user group (e.g. North America Internal Audit) to the Internal Audit role for the multiple organizations and processes within North America. As a new internal auditor is added to the Governance Portal, this new user can simply be added to the established North America Internal Audit user group rather than having to individually assign the user to the Internal Audit role for all of the organizations and processes that may be contained within North America.