Users and user roles
Weitere Optionen
User-roles in HITGuard
Each user role has its own permissions and functions.
User roles can be given separately for every module. The only exception is the Practitioner, as this role is the same across every module.
This means that a user can be an Expert in the Security Assessor (risk management), but a Professional or Practitioner in the Progress Monitor (measures and controls).
Admin
This role is responsible for administration as well as for managing other users. Administrators have no insight into data. So, although administrators can manage and create all management systems, they do not have access to their data, nor can they be defined as responsible persons.
- At the first installation of the software, at least one administrator must be defined.
- There can be several administrators.
- Performs purely administrative tasks like creating users and configuring an Active Directory.
Expert
This role may participate in one or more management systems in your organization.
- Risk management:
- An Expert can perform analyses and create risks.
- Experts are responsible for the administration of the risk policy and the risk management settings.
- Audit management
- An Expert can create, manage and perform audits/audit programs.
- Experts are responsible for the administration of audit management settings.
- Measures and controls
- An Expert can create and manage measures and controls.
- Experts are responsible for the administration of the settings in the Progress Monitor.
- Data protection
- An Expert can create processing activities, assign TOMs, manage external parties and data subjects.
- Case management
- An Expert can process reports and create and manage periods.
- Experts are responsible for case management settings.
- Docu management
- An Expert can create and edit directories.
- An Expert can upload and edit files.
- ESG management
- An Expert an activate and deactivate the menu item.
- An Expert can create and manage impacts and ESG topics.
- Supplier risk management
- An Expert can activate and deactivate the menu item.
- An Expert can create and manage suppliers.
- Experts can create and manage management systems.
- Experts can access the Administration menu and thus also create assets or users.
Professional
Users of this role support the experts of the management systems in the fulfillment of their tasks. A professional has access to all tasks in the management systems they are assigned to, but has limited editing rights.
- Risk management:
- A Professional can create and manage analyses and risks.
- Audit management
- A Professional can create, manage and perform audits/audit programs.
- Measures and controls.
- They can create and manage measures and controls.
- Data Protection
- A Professional can create processing activities, assign TOMs, and manage externals.
- Case Management
- A Professional can process reports and assign periods.
- Doc-management
- A Professional can create and edit directories.
- A Professional can upload and edit files.
- ESG management
- A Professional can create and manage impacts and ESG topics.
- Supplier risk management
- A Professional can assign a review to a supplier as the interview partner.
Observer
Users of this role have similar permissions as professionals with regard to the visibility of menu items. However, unlike professionals, they cannot make any changes to the system. They have read-only access to the software. To gain visibility into a management system, they must be added to the management system team like a professional or expert.
- Risk Management:
- An Observer can view protection needs and vulnerability assessments, risks, measures, and dashboards, and generate reports.
- Audit Management.
- An Observer can view audits and audit programs.
- Measures
- An Observer can view measures, reports, assessments, and dashboards.
- Controls
- An Observer can view controls, reports, and the dashboard.
- Data protection
- An Observer can view processing activities and generate reports. TOMs and externals can be viewed without details. Data privacy impact assessments cannot be viewed.
- Case management
- An Observer can view reports and periods.
- Doc-management
- An Observer can view directories and files.
- ESG management
- An Observer can view impacts and ESG topics.
Practitioner (workflow users)
This role has detailed information and implementation competencies that are required in the management system. It is essential that Practitioners share their knowledge with the HITGuard Experts in order to have a functioning management system.
- The Practitioner has an overview of all their assigned measures, controls, processing activities and assessments to answer.
- The Practitioner is reminded to carry out their duties.
- Practitioner is the default role that each user has across all modules.
User Administration
Create user
There are three possibilities to create a user
- Option 1: Create a user via the user list (for local logins without Active Directory).
- Administration → Users: In the user list, on the right margin, click on the button "Plus" to add a user. Then you can create the user with the relevant data.
- Note on the interface: "Search in directory service", is only displayed if LDAP is enabled in the global settings and an Active Directory is configured. This allows users to be searched from Active Directory and created with their data in HITGuard.
- Note for Azure Active Directory (AAD): Users that were already created before LDAP activation can be linked to their Azure Active Directory account afterwards. This allows to use Single-Sign-On (SSO). This can be done by each user under their profile. (see Profile) Administrators can also load current data from the AAD using a button to the right of the user name. This replaces different information from HITGuard. For this, however, the user must already be linked to an AAD account.
- Option 2: Quick entry
- In the context of use, Active Directory Integration, a new user with minimal permissions for the active module can be created via a person selection screen. To use this, type the person's name or abbreviation in a user selection box. This will load the user from the Active Directory. This user can then log in with his Active Directory data. The user roles can be expanded later, if desired.
- Option 3: Using an Active Directory
- This is only possible if an Active Directory is configured. First, a user must be created as described in point 1. The specified e-mail must match that of their Active Directory user. Then the user can log in with their Active Directory user, if this is enabled in the global settings.
Assign user roles
Under "Administration → User Roles Assignment" it is possible to assign the respective roles for the desired user.
Licenses:
The column headings Experts and Professionals also show how many licenses are currently available and how many are being used. This allows you to see at a glance where you are over-licensed or under-licensed. More information about licenses can be found at "Administration → Licensing".
Assign:
User roles can only be assigned by administrators or experts.
- Administrators can assign any role.
- Experts can assign all roles except Administrator and Compliance Manager.
- The role "Expert" cannot be withdrawn from persons responsible for a management system as long as they are responsible for at least one management system.
Important: Experts and professionals must be assigned to a management system after user role assignment in order to be able to perform their tasks.
| Modules for experts, professionals, und observers | ||
|---|---|---|
| M&C | Measures and controls | part of every license |
| RM | Risk management | part of every license |
| DS | Data protection | Add-on |
| AM | Audit management | Add-on |
| FM | Case management | Add-on |
| DM | Doc-Management | Add-on |
| ESG | ESG management | Add-on |
| SRM | Supplier risk management | Add-on |
Change/reset password
Caution: Changing a password only works if the local login is active. That means: either there is no Active Directory configured or Local Login is enabled under Global Settings. Change own password:
- Click on the profile picture or profile name → Profile.
- click on "Change password" at the bottom right
- Enter old and new password and confirm
Change/reset a password as Administrator or Expert:
- Select the desired user under Administration → User
- click on "Change password" at the bottom right
- enter new password and confirm
- Note: Only administrators can reset passwords of experts. Experts can create and authorize users and they can reset passwords for Professionals and Practitioners. The administrator role can also be assigned to multiple users.
Disable user
Experts and administrators can deactivate users via the user mask. A deactivated user can no longer be selected in the application.
In order for a user to be deactivated, all of the user's management system and team memberships do not need to first be canceled. The user is shown as "deactivated" in any management systems and teams they were already a member of.
When deactivating, there is the option to anonymize the user in the system.
Caution: The anonymization removes all personal data of the user. This can no longer be undone! If "No" is selected in the deactivation dialog, the user is deactivated but not anonymized.
Alternatively to anonymization, an expert or administrator can pseudonymize the user when deactivating them. This is done by manually changing their username, first and last name, and e-mail address according to a determined logic.
Reset profile picture
Experts and administrators can reset a user's profile picture by clicking the icon next to the profile picture.