In this article:
If you are a SecurityScorecard administrator, use this guidance to manage users, roles, access, and permissions in the platform.
Know if you are an administrator
If you are not sure whether you are an administrator:
- Click the avatar for your user profile in the upper-right corner of the platform, and then select My Settings.
- In the Settings panel, look for an Admin Settings section. If you see it, you are an administrator.
Work with roles
- Understand base roles
- Understand platform-generated add-on roles
- Understand custom add-on roles
- Create a custom add-on role
Understanding and managing roles is key to managing users. Roles define what users can do.
Each user has one platform-generated base role. Additionally, you can assign platform-generated add-on roles and customize your own.
Understand base roles
The roles in this table provide specific subsets of access to the platform, except for restricted user, which you can customize with add-on roles for using certain platform features or actions.
| This role... | Can do this... |
|
Administrator |
|
| User |
|
| Read-Only (only available with a paid plan) |
|
| Restricted user |
|
| Guest |
|
Understand platform-generated add-on roles
The platform-generated roles in this table provide access to specific features. When you assign the restricted user base role, you can customize it with these add-on roles.
| This role... | Can do this... |
|
Evidence Locker Admin |
|
| Evidence Locker Assign |
|
| Tagging Admin |
|
| Tagging Assign |
|
Understand custom add-on roles
You can create a role with access to specific features and actions, depending on your organization's needs, and then assign it to a user with a restricted user base role.
You can select and combine different feature permissions for:
- User management:
- Viewing users
- Creating, editing, or deleting roles
- Tag management
- Viewing tags
- Creating, editing, or deleting tags
- Assigning tags
- Portofolio management
- Viewing Portfolios
- Creating, editing, or deleting Portfolios
- Exporting reports for Portfolios that your entire company can access
- Company profile management
- Curate the information in your company profile
- Evidence Locker management
- View your organization's evidence artifacts
- Add, edit, or delete your organization's evidence artifacts
- Manage access to your organization's evidence artifacts, including granting access to parties outside of your organization.
Create a custom add-on role
- Click the Roles tab under Admin Settings.
- In the Roles panel, click Create Add-on Role.
- Name the role and select permissions for this role. Then, click Save.
The new role appears in the Add-on roles table.
Create and manage users
- Create a user
- How Guest access works with Atlas questionnaires
- Grant permissions manually
- Grant permission automatically
When you create a user for your organization's SecurityScorecard account, you assign them a role, which defines what they can do in the platform. Each user has one base role.
Create a user
- Select Users under Admin Settings.
- Click Add User in the Users panel.
- Enter a name and email address, and use the drop-down list to assign a base role.
If you assign a restricted role, select add-on roles to customize it with.
Tip: You can create a bot user so that it will not expire. This prevents a scenario where human users attempt to refresh an expired API token, causing the integration to stop working.
- Click Add User.
The new user appears in the Users table.
As an administrator, you also can change a role and permissions for a current user:
- Click the Users tab under Admin Settings.
- On the displayed list, hover over the three dots for a user and click Edit when it appears.
- Change the contact information, or select a new role in the displayed form. Then, click Save Changes.
How guest access works with Atlas questionnaires
If an Atlas user sends a questionnaire to an email address that is not associated with a SecurityScorecard user account, but the recipient's domain has a SecurityScorecard subscription and administrator, that recipient can automatically gain a Guest role.
Note: If the Atlas user generates a questionnaire using the Create Link option, instead of emailing the recipient directly from Atlas, the recipient will need to create a SecurityScorecard account and have their own SecurityScorecard administrator grant them access.
Also, if, when testing this workflow, you as the Sender attempt to send to an aliased email address, this workflow will not apply, you will need to send to an actual user different from yourself.
Grant requested access manually
- Click the Access Requests tab under Admin Settings.
- For any listed requester, and click Add to grant permission. Otherwise, click Ignore.
- Enter information about the user and set their access permission. Then, click Add.
Requesters who are granted permission receive an email invitation to set up an account.
Guests are then automatically directed to their questionnaires.
Ignored requesters do not receive any notification.
Grant permission automatically
Use automatic settings for granting permission based on specific conditions so that:
- You can save time by limiting how often you have to grant permissions manually.
- Requesters whom you are likely to accept do not have to wait for permission to access the platform. For example, if you have sent a questionnaire to a potential vendor who does not have a SecurityScorecard account, you can expedite the vetting process by giving them immediate access, so they that they respond to the questionnaire.
To set automatic permissions:
- Click the Access Requests under Admin Settings.
- Click Settings on the Access Requests page.
- Select a condition for automatically granting permission from the displayed list. Then, click Close.
Note: Questionnaire recipients automatically receive guest access even if they do not have email addresses attributed to your organization.