Permissions and Designations

Because Ryskview typically has sensitive data, users cannot create user accounts themselves.  User accounts are created by an Application Administrator.  Users have permissions, which govern what Program Offices and Systems are accessible to the user, and designations, which are the roles that a user may have for a Program Office of System.  The combination of the permissions and the designations is what creates a customized experience and scalable application.

Users can have permissions such are Reviewer (read-only)  and Administrator (read/write).  These permissions are applied to Program Offices and/or individual Systems and determine what Programs Offices and Systems are accessible for any given user.  

Permissions

Global Program Admin – This permission is for Application Administrators and allows the user to create, view, and edit all Program Offices and Systems.  It also allows for creating and editing User and Groups, 

Global Program Reviewer – This provides read permissions for all Program Offices and Systems.  Users with only this permission will not be able to edit data or hold designations 

Program Office Administrator – This provides read/write permissions for all Systems inside of the Program Office.

Program Office Reviewer – This provides read permissions for all Systems inside a Program Office.

System Administrator – Read/write permissions for a single System.

System Reviewer – Read permissions for a single System.

Asset Manager – When Ryskview ingests data from an unrecognized Asset, the Asset is created in the “Unknown Assets” System.  The Asset Manager permission provides the user with visibility to the Unknowns Assets and the ability to move one or more Assets into a different System where it belongs. 

Application Manager – Access to administrative Ryskview functions, configurations, and settings.

Designations

Designations are a role, such as System Administrator, ISSO, or CIO that are assigned to an individual user or group.  

The user Dashboard, Scan Data, and POAM Task Queue are all provide custom information based upon the assigned designations.  A user can have more than one designation.  For example, a user may be the System Administrator for a System, as well as the ISSO for another System. Or a user may be the CIO for multiple Program Offices. 

A user must have permission to an Program Office or System in order to be assigned a designation.  It is possible that a user may have permission to a Program Office or System, but not have a designation in it. 

If a user is part of a Group that has a designation, then the user will also have that designation.  Likewise, if a user is part of a group that has a permission, the user will inherit that permission.

Designations can be customized for each customer to appropriately match their organizational structure and needs.