Role Based Views: Display Risk and Control Evaluation information by Role
Role-based views allow you to display certain risk and control evaluation information to different users according to their assigned roles so that users across GRC domains can view only the information that pertains to their individual stakeholder group.
The Risk Evaluation module is located under the Analysis tab on the Risk or Control form. By default, there is a standard version of the module that is displayed to all users who have permission to view the evaluation. However, there are four additional versions that can be modified and displayed according to the users’ permissions.
Notes:
This functionality requires advanced knowledge of security and configuration within the Governance Portal. Make sure that this is completed only by a qualified administrator.
Argentina, Belgium, China, Denmark, France, Germany, Hungary, Iceland, Ireland, Italy, Netherlands, Norway, Poland, Portugal, Spain, Sweden, Switzerland, UK
00-800-884-44480
Australia
0011-800-884-44480
Brazil
0800-891-4425
Finland
999-800-844-4480
India
000-800-100-1147
Indonesia
001-803-1-004-9765
Israel BARAK ITC
013-800-884-44480
Israel BEZEK INT'L
014-800-884-44480
Israel GOLDEN LINES
012-800-884-44480
Mexico
001-800-889-5474
Peru
0800-7-7019
Russia
0-10-800-110-1011 THEN 800-889-5474
Russia
0-10-800-120-1011 THEN 800-889-5474
Russia Moscow
755-5042 THEN 800-889-5474
Singapore
001-800-884-44480
South Africa
09-800-884-44480
South Korea (DACOM)
002-800-884-44480
South Korea (Korea Telecom)
001-800-884-44480
South Korea (ONSE)
008-800-884-44480
Turkey
0811-288-0001 THEN 800-889-5474
Venezuela
0800-176-6467
Hours of Operation: 5:00 am to 5:00 pm Pacific Time Monday – Friday. Limited after hours support is available from 5:00 pm to 5:00 am PST Monday-Friday.
Enabling Role-Based Views
To enable role-based views, you must assign users or user groups to a role, link the evaluation module to those roles, and then configure the evaluation module according to the needs of the users in the role.
In our use case example, two stakeholder groups will be evaluating risk within an organization: Information Security and Physical Security. You will configure the Risk form to display a version of the Risk Evaluation module for the Information Security and Physical Security user groups according to the permissions created for these groups.
If you do not have roles created for each group that will be requiring their own view/version of the Risk Evaluation module, you must log in as an administrator, create roles, and link the user or user group to that role. For the use case example, we would create roles for the Information Security and Physical Security stakeholder groups, and link their respective users to the role.
Notes:
Make sure the GRC Administrator user is linked to both roles so the administrator can access both versions of the module.
Once the roles have been created, you now must link each of them to the associated evaluation module. In the use case example, you would link the Physical Security and Information Security roles to their own respective Risk Evaluation modules. Once linked, only users in the Physical Security and Information Security roles would be able to view the modules to which they are linked.
Select the Default GRC context from the context menu.
Click the Administration tab.
Select Pages from the Layout group.
Click the page or sub page name from the list.
Click Expand to view the tree to locate a sub page if necessary.
In the tabs section, go to Invisible Tabs (Portal)/SarbOx/Risk Matrices/ProcRiskform (SarbOx).
Highlight one of the 10 Evaluation modules in the Content Pane window in the Organize Modules section and click Edit.
Click Edit in the Evaluation module you have chosen.
Rename the module after the corresponding stakeholder group (i.e. Information Security Evaluation, or Physical Security Evaluation) and assign the roles you created for the user to the module.
Note: For more information on editing modules, see Edit a Module.
Once you have linked the Risk Evaluation forms to their respective roles, you will configure the Information Security Evaluation and Physical Security Evaluation versions of the Risk Evaluation module according to the needs of the individual stakeholder groups.
Open the risk form by accessing a risk through the RCM for the entity. Because you have administrative rights, you should be able to see all Risk Evaluation modules. For our use case, the Physical Security Evaluation and Information Security Evaluation modules are showing
Note: For more information on accessing the risk form, see Add and Manage Risks.
Click Configure in the version of the Evaluation module you wish to configure. From here, you can configure field names, field behavior (visible, required etc.), field layout (height, width etc.), and field security.
Note: For more information on configuring a form, see Configure a Form.
Assign a Risk Evaluation Module to a Role
Expand to view the tree to locate a sub page if necessary.
Configure in the version of the Evaluation module you wish to configure. From here, you can configure field names, field behavior (visible, required etc.), field layout (height, width etc.), and field security.