User Roles and Permissions for ETM
Assign the correct roles to ensure users have the right level of access to view insights and perform actions in Enterprise TruRisk Management (ETM). Roles determine what data users can view and what configuration or remediation actions they can perform.
View ETM Roles and Permissions
On the Role Management tab, create a role and related permissions. For more information, see Creating a Role and Managing Roles and Permissions.
Assigning Tags and Asset Groups to a User
You can assign the required tags and asset groups to the users. For more information, see Managing Users.
Role Summary
| Role | Best For | Access Level |
|---|---|---|
|
ETM Manager |
Security leaders, admins |
Full access including configuration and response actions |
|
ETM Viewer |
Analysts, auditors |
View-only application access |
Application Access Permissions
| Permission | Description | Manager | Viewer |
|---|---|---|---|
| ETM UI Access | Can log in and view the ETM interface. | ✔ | ✔ |
| ETM API Access | Can access API |
User Roles Comparison
The ETM application has several access permissions that are assigned to each user role. The following table compares these permissions granted to the default user roles for ETM:
Response Management Permissions
Control who can create and manage remediation response actions and rules.
| Permission | Description | Manager | Viewer |
|---|---|---|---|
| Edit any Rule |
Modify rules created by any user across the organization. | ✔ | |
| Delete any Rule |
Remove rules created by any user across the organization. | ✔ | |
| Manage Response Actions |
Access and manage remediation actions within the Responses tab. | ✔ | |
| Create, Edit, Delete your own Action |
Fully manage remediation actions that you created. | ✔ | |
| Edit any Action |
Modify remediation actions created by any user. | ✔ | |
| Delete any Action |
Remove remediation actions created by any user. | ✔ | |
| Create, Edit, Delete your own Rule |
Fully manage rules that you created. | ✔ |
Configuration Permissions
| Permission | Description | Manager | Viewer |
|---|---|---|---|
| View Company Profile | View the Company Profile settings. | ✔ | ✔ |
| Edit Company Profile | Update company details and governance settings. | ✔ | |
| View Company Risk Appetite | Review corporate risk appetite settings. | ✔ | ✔ |
| Edit Company Risk Appetite | Modify risk appetite thresholds. | ✔ |
Business Entity Permissions
Control who can define ownership structures and risk alignment.
| Permission | Description | Manager | Viewer |
|---|---|---|---|
| Create, Edit, Delete your own Business Entity | Fully manage business entities that you have created. | ✔ | |
| View Business Entity | Access and view business entity details and structure. | ✔ | ✔ |
| Edit Business Entity | Modify any business entity within the organization. | ✔ | |
| Delete Business Entity | Remove any business entity within the organization. | ✔ | |
| Edit Risk Appetite | Update risk appetite settings for assigned business entities. | ✔ | |
| Edit Risk Quantification | Modify quantification parameters applied to business entities. | ✔ |
Prioritization Permissions
| Permission | Description | Manager | Viewer |
|---|---|---|---|
| Create, Edit, Delete your own Prioritization Plan | Fully manage prioritization plans that you have created. | ✔ | |
| View Prioritization Plan | Access and view prioritization plans in the Risk Workbench. | ✔ | ✔ |
| Delete Prioritization Plan | Remove any prioritization plan within the organization. | ✔ | |
| Download Prioritization Reports | Export prioritization plan details for offline analysis or reporting. | ✔ | ✔ |
Finding Rules Permissions
| Permission | Description | Manager | Viewer |
|---|---|---|---|
| View Finding Identification Rules | Access Finding Rules > Identification tab. | ✔ | ✔ |
| View Finding Merge Rules | Access Finding Rules > Merge tab. | ✔ | ✔ |
| Edit Finding Merge Rules | Modify merge rules to refine how findings are grouped. | ✔ | |
| View Finding Purge Rules | Review rules that control how outdated findings are removed. | ✔ | ✔ |
| Edit Finding Purge Rules | Update purge rules applied across findings. | ✔ | |
| Delete Finding Purge Rules | Remove purge rules that are no longer needed. | ✔ | |
| Create, Edit, Delete your own Finding Purge Rules | Fully manage purge automation rules that you created. | ✔ |
View MITRE-View-Priorization Data Permission
| Permission | Description | Manager | Viewer |
|---|---|---|---|
| View MITRE-View-Priorization data | View MITRE-based prioritization details for findings and assets. | ✔ | ✔ |
Custom Attribute Permissions
| Permission | Description | Manager | Viewer |
|---|---|---|---|
| View custom Attributes | View custom attributes. | ✔ | ✔ |
| Update custom Attributes | Modify or edit existing custom attributes. | ✔ |