Skip to main content

Portfolio access controls

dave herder
  • Updated

In this article:

    How to enable Portfolio Access Controls

    As an account administrator, create teams of users to control who can access each of your portfolios. Maintain the integrity of your portfolios by granting access to each group only the portfolios that they are responsible for maintaining.

    Overall solution

    Account administrators can create teams of users to control who has access to each portfolio in the account. This includes the ability to:

    • Create “Teams” of users
    • Assign users to each team
    • Specify the portfolios that each team has access to
    • View the Teams that a user is a member of from the User Management page

    How it works

    Each account has 3 default user teams (M&A, Vendor Risk Management, IT & Security) upon activation. Once you have added users to your account, you can then create teams of users to align with your corporate structure. Admin users can create as many new teams as needed, edit the names of the existing teams, and delete existing teams.

    After creating your team structure, you will be able to assign users and portfolios to each team. There is no limit to the number of teams a user can be added to. A portfolio can only be assigned to one team at a time. Upon sign-in, team members will see only team portfolios, personal private portfolios, and any portfolio set to “Company” visibility.

    As an admin, if you want to maintain visibility into all portfolios, you will need to add yourself to each team created.

    Use cases

    Vendor Management: Give your vendor relationship managers access to the portfolio of companies that they are responsible for maintaining

    Procurement: Create a procurement portfolio and grant access to the team evaluating new vendors

    Subsidiary Companies: Create portfolios for each of your subsidiaries, and empower them to log into the platform and manage their vendor security without seeing the vendors that other subsidiaries work with

    Mergers and Acquisitions: Keep M&A activity private by granting access to an M&A portfolio only to users who are authorized to see the information

    Step-by-step guide

    • Make sure you are an Admin user of your account
    • Log in to the platform and navigate to “My Settings”
    • Under Admin settings, click on “Teams”
    • From this page, you can create, edit, and delete teams

    FAQ

    Will users maintain their read-only / user/ admin roles when added to a team?

    Yes. For example, a read-only user assigned to a team will have access just to their team portfolios, and will only be able to view the information in the portfolio, they will not be able to act on it.

    Do admins have visibility into all portfolios, regardless of the visibility set?

    No, admins do not have visibility into all portfolios by default. Admins will have visibility into the portfolios of the teams they are part of, as well as all “Company” portfolios. To view all team portfolios, the admin can be added as a member to all teams. The admin will not be able to view any private portfolios other than their own.

    Can team members see portfolios that are set to “Company” visibility?

    Yes. If you want to ensure that team members see only their “team” portfolios, all portfolios should be assigned to a team, with none visible at the company level.

    Is there a way to specify a team admin?

    Not at this time. If this is functionality that would help you do your job, please submit the feedback to your Customer Success Manager.

    Will team members be able to set up alerts on portfolios that they do not have access to?

    No. Team members can only set alerts for portfolios that they can view.

    Related articles