Predefined roles

Control Compliance Suite (CCS) includes several predefined roles that you can assign to users. These roles specify the level of interaction that the users have when they log on to the console.

An administrator can allow or block user access to features and functionality in the product by assigning different roles to the console users.

Various CCS roles are based on the features and functionality of the product.

See Table: Administrative roles.

See Table: Default CCS user role.

See Table: Assets roles.

See Table: Standards roles.

See Table: Exception roles.

See Table: Entitlements roles.

See Table: Policy roles.

See Table: Reports and dashboards roles.

Table: Administrative roles

Role

Description

CCS Administrator

The CCS Administrator has full access to all the features of CCS.

You can view the list of available tasks from the Settings > Roles view.

Power User

The Power User role lets the user do everything the CCS Administrator can do except the following tasks:

  • Configure application

  • Manage audits

  • Manage licenses

  • Assign policy audience

You can view the list of available tasks from the Settings > Roles view.

Auditor

The Auditor role lets the user view the following:

  • Browse all console views

  • View reports and dashboards

Table: Default CCS user role

Role

Description

Guest User

By default, all the authenticated CCS users have the Guest User role.

The Guest User role lets the user do the following:

  • Accept or decline policies

  • Request exceptions

  • View policies

Table: Assets roles

Role

Description

Assets Viewer

The Assets Viewer role lets the user do the following:

  • View asset details

  • Visit asset group details

Table: Standards roles

Role

Description

Standards Administrator

The Standards Administrator role lets the user do the following:

  • Update configuration settings

  • Manage standards, sections, and checks

  • Manage jobs

  • Collect data

  • Evaluate standards

  • Manage tags

  • Request exceptions

  • Generate reports and dashboards

  • View assets

  • View standards

  • View evaluation results

  • View roles and permissions

  • View reports and report templates

  • View dashboards and dashboard templates

  • View and customize report templates

  • View roles and permissions

Standards Evaluator

The Standards Evaluator role lets the user do the following:

  • Manage jobs

  • Collect data

  • Evaluate standards

  • Manage jobs

  • Manage tags

  • Request exceptions

  • Generate reports and dashboards

  • View evaluation results

  • View dashboards and reports

  • View assets

  • View standards

  • View and customize dashboard and report templates

Table: Exception roles

Role

Description

Exception Approver

The Exception Approver role lets the user do the following:

  • Approve exceptions

  • Manage tags

Exception Requestor

The Exception Requestor role lets the user do the following:

  • Request exceptions on behalf of a user without an assigned CCS role

  • Manage tags

Table: Entitlements roles

Role

Description

Entitlements Administrator

The Entitlements Administrator role lets the user do the following:

  • Manage the control points

  • Assign the data owners and the alternate data owners to the control points

  • Import entitlements

  • Manage control points

  • Manage users

  • Manage review cycles

  • Manage jobs

  • Manage tags

  • Manage users

  • Request entitlements approval

  • Request exceptions

  • Generate reports and dashboards

  • Customize report templates

  • Update configuration settings

  • Update and view notification templates

  • View assets and asset reconciliation rules

  • View review cycles

  • View control points

  • View dashboards and dashboard templates

  • View reports and report templates

  • View evaluation results

  • View roles and permissions

Entitlements Data Owner

The Entitlements Data Owner role lets the user do the following:

  • Request exceptions

  • Review and approve entitlements

  • Assign the alternate data owner to the control points

  • View roles

Table: Policy roles

Role

Description

Policy Administrator

The Policy Administrator role lets the user do the following:

  • Manage policies

  • Manage jobs

  • Manage tags

  • Manage policy comments

  • Manage policy clarifications

  • Manage policy content

  • Request exceptions

  • Publish policies

  • Update configuration settings

  • Customize report templates

  • Generate reports and dashboards

  • View assets

  • View standards

  • View policies, policy comments, and policy content

  • View dashboards and dashboard templates

  • View reports and report templates

  • View roles and permissions

Policy Approver

The Policy Approver role lets the user do the following:

  • Approve policies

  • Manage policy comments

  • View asset and asset group details

  • View policy and policy content details

  • View roles

Policy Reviewer

The Policy Reviewer role lets the user do the following:

  • Manage policy comments

  • Review policies

  • View asset and asset group details

  • View policy and policy content details

  • View roles

Table: Reports and dashboards roles

Role

Description

Reporting Administrator

The Reporting Administrator role lets the user do the following:

  • Manage jobs

  • Customize report templates

  • Assign permissions to folders

  • Manage tags

  • Request exceptions

  • Generate reports and dashboards

  • Update infrastructure configuration settings

  • View assets and asset reconciliation rules

  • View standards

  • View review cycles

  • View baselines

  • View dashboards and dashboard templates

  • View reports and report templates

  • View evaluation results

  • View roles and permissions

Report Result Viewer

The Report Result Viewer role lets the user do the following:

  • View all jobs

  • View the report templates and the dashboard templates

  • View reports and dashboards