Roles and Role Extensions

Top Previous Next

In the GRC Suite, authorisation is based on roles and role extensions which can be assigned to users. This is performed in the TrackingOne user administration. A role or role extension in turn determines the privilege to access a certain resource.

Since the Custom UI is, technically speaking, a front-end of TrackingOne, its authorisation mechanism is based on those roles and their extensions which are available in the TrackingOne user administration. In TrackingOne there are two types of roles: built-in and custom. Built-in roles have a fixed meaning within TrackingOne which means that it is fixed which privilege they express.

Those built-in roles which are also relevant for the authorisation in the Custom UI in the sense of a fixed privilege are:

•

T1_User,

•	T1_Analyst, and

•

T1_Admin.

For certain elements, any other (in particular, custom) role can be given a meaning as well by customisation.

A role extensions is a means for expressing that a user has a role with regard to something. For example, a certain user may have the role T1_User with regard to the container "MyStore," but not with regard to the container "OperationalRisk."

There are two built-in types of regards which are also relevant for the authorisation in the Custom UI:

•	container and

•

category.

Please refer to the TrackingOne documentation to learn more about roles and role extensions in TrackingOne.

For any role which the user needs he or she always needs the respective container role extension in addition for the container which the user interface belongs to.