Benutzer und Benutzerrollen/en: Unterschied zwischen den Versionen

Each user role has its own permissions and functions.
User roles can be given seperately for every modul. The only exception is the practitioner, as this role is the same across every module. This means that a user can be an Expert in the Security Assessor (risk management), but Professional or Practitioner in the Progress Monitor (measures and controls).

Admin:

This role is responsible for administration as well as for managing other users. Administrators have no insight into data. So, although administrators can manage and create all management systems, they do not have access to their data, nor can they be defined as responsible persons.

• At the first installation of the software at least one administrator must be defined.
• There can be several administrators.
• Performs purely administrative tasks like creating users and configuring an Active Directory.

Expert:

This role may participate in one or more management systems in your organization.

• Risk management:
  • An expert can perform analyses and create hazard situations.
  • Experts are responsible for the administration of the risk policy
• Audit management
  • An expert can create, manage and perform audits / audit programs.
  • Experts are responsible for the administration of audit management settings.
• Measures and controls
  • An expert can create and administer measures and controls.
  • Experts are responsible for the administration of the settings in the Progress Monitor.
• Data protection
  • An expert can create processing activities, assign TOMs, administer external parties and data subjects.
• Case management
  • An expert can process reports and create and manage periods.
  • Experts are responsible for case management settings.
• Experts can create and manage management systems
• Experts can access the Administration item and thus also create assets or users

Professional:

Users of this role support the experts of the management systems in the fulfillment of their tasks. A professional has access to all tasks in the management systems to which he is assigned, but has limited editing rights.

• Risk management:
  • A Professional can create and manage analyses and hazard situations.
• Audit management
  • A Professional can create, manage and perform audits / audit programs.
• Measures and controls.
  • He can create and manage measures and controls
• Data Protection
  • A Professional can create processing activities, assign TOMs, and manage externals.
• Case Management
  • A Professional can process reports and assign periods.

Observer:

Users of this role have similar permissions as Professionals with regard to the visibility of menu items. However, unlike Professionals, they cannot make any changes to the system. They have read-only access to the software. To gain visibility into a management system, they must be added to the management system team like a Professional or Expert.

• Risk Management:
  • An observer can view protection needs and vulnerability assessments, exposure situations, measures, and dashboards, and generate reports.
• Audit Management.
  • An observer can view audits and audit programs.
• Measures
  • An observer can view measures, reports, assessments, and dashboards.
• Controls
  • An observer can view the dashboard only.
• Data protection
  • An observer can view processing activities and generate reports. TOMs and externals can be viewed without details. Privacy impact assessments cannot be viewed.
• Case management
  • An observer can view reports and periods.

Practitioner:

This role has detailed information and implementation competencies that are required from the management system. It is essential that practitioners share their knowledge with the HITGuard experts in order to have a functioning management system.

• has an overview of all his assigned measures, controls, processing activities and assessments to answer
• is reminded to carry out his duties
• is the default role that each user has across all modules.

There are three possibilities to create a user

• Option 1: Create a user via the user list (for local logins without Active Directory).

Administration → Users

In the user list, on the right margin, click on the button "Plus" to add a user.
Then you can create the user with the relevant data.

"Search in directory service", is only displayed if LDAP is enabled in the global settings and an Active Directory is configured. This allows users to be searched from Active Directory and created with their data in HITGuard.

Note for Azure Active Directory (AAD):

• Users that were already created before LDAP activation can be linked to their Azure Active Directory account afterwards. This allows to use Single-Sign-On (SSO). This can be done by each user under their profile. (see Profile) Administrators can also load current data from the AAD using a button to the right of the user name. This replaces different information from HITGuard. For this, however, the user must already be linked to an AAD account.

• Option 2: Fast entry

In the context of use, Active Directory Integration, a new user with minimal permissions for the active module can be created via a person selection screen.

To use this, type the person's name or abbreviation in a user selection box. This will load the user from the Active Directory. This user can then log in with his Active Directory data.

• Option 3: Using an Active Directory

This is only possible if an Active Directory is configured.

First a user must be created as described in point 1. The specified email must match that of his Active Directory user.

Then the user can log in with his Active Directory user, if this is enabled in the global settings.

Under "Administration → User Roles Assignment" it is possible to assign the respective roles for the desired user.

Licenses:

The column headings Experts and Professionals also show how many licenses are currently available and how many are being used. This allows you to see at a glance where you are over-licensed or under-licensed. More information about licenses can be found at "Administration → Licensing".

Assign:

User roles can only be assigned by administrators or experts.

• Administrators can assign any role.
• Experts can assign all roles except Administrator and Compliance Manager.
• The role "Expert" cannot be withdrawn from persons responsible for a management system as long as they are responsible for at least one management system.

Important: Experts and professionals must then be assigned to a management system to be able to perform their tasks. (see Assign users to management systems)

Caution: Changing a password only works if the local login is active. That means: either there is no Active Directory configured or Local Login is enabled under Global Settings. Change own password:

1. Click on the profile picture or profile name → Profile.
2. click on "Change password" at the bottom right
3. Enter old and new password and confirm

Change/reset a password as Administrator or Expert:

1. Select the desired user under Administration → User
2. click on "Change password" at the bottom right
3. enter new password and confirm

To note: Only administrators can reset passwords of experts. Experts can create and authorize users and they can reset passwords for Professionals and Practitioners. The administrator role can also be assigned to multiple users.

Experts and administrators can deactivate users via the user mask. A deactivated user can no longer be selected in the application.

In order for a user to be deactivated, all of the user's management system and team memberships must first be canceled.

When deactivating, there is the option to anonymize the user in the system.

Attention: The anonymization removes all personal data of the user. This can no longer be undone! If "No" is selected in the deactivate dialog, the user is deactivated but not anonymized.

Experts and administrators can reset a user's profile picture by clicking the icon next to the profile picture.