Individual Rights Manager User Roles & Permissions

IRM supports the following user roles with different permissions in the system: Admin, DPO, Participant, Auditor, and CPO.

Admin User Role

Admins within a customer account can configure the IRM system. They can set up intake forms, configure assignees, and more. In addition, they can view and process all requests in the system. This role is usually granted to managers overseeing Data Privacy Officers (DPOs) and Admins helping to set up the system. This role should be granted with caution due to the amount of control it grants.

DPO User Role

DPOs within a customer account can view and process requests assigned to them. They are not able to configure the IRM system. This role, as the name suggests, should be granted to Data Privacy Officers who manage requests on a day-to-day basis.

Participant Role

The Participant role should be granted to all stakeholders who will be working with DPOs on completing a request. In a typical organization, this usually includes, but is not limited to, IT System Administrators, Marketing, and Human Resources.

Once assigned this role, Participants within a customer account can view a request only if they have been @-mentioned within the comments section of that request. Once they have been @-mentioned, they can upload attachments related to fulfilling the request — but they cannot view attachments uploaded by others to the same request.

Participants cannot view the request even if they can view the tasks and subtasks assigned to them. If the parent task is assigned to them, they can view the subtasks regardless of whether the subtasks are assigned to them.

📋 Note: Participants cannot process a request for completion.
Auditor Role

This role, as the name suggests, should be granted to Auditors who check for compliance with required rules such as GDPR and CCPA. Auditors within a customer account can view all requests and download request metadata. They are not able to configure the IRM system, upload attachments to requests, comment on requests, or process requests.

CPO Role

A user with a CPO, or Chief Privacy Officer, role can access the Request page (all requests) and the My Task page (requests' tasks/subtasks). Although this role cannot access the Admin menu, like any admin user, it can be assigned to requests and can accept or reject requests and perform other request operations.

Support Role

A user with the Support role can ONLY see the requests that they are assigned to. This role cannot accept or reject requests.

Permissions Chart

The chart below details the permissions that various users have in the IRM platform for a given account.

  Operations Admin DPO Auditor Participant CPO Support
Requests View Own Account Assigned to Task / Requests / Mentioned Own Account Assigned to Task / Mentioned Own Account Assigned to Task / Requests / Mentioned
Complete Own Account Assigned None None Own Account None
Export Request Report Own Account Assigned Own Account None Own Account Assigned
Notified upon new Request Assigned Assigned None None Assigned Assigned
Extend the request Own Account Assigned None None Own Account Assigned
Change Assignee Own Account Assigned None None Own Account Assigned
Download Intake Form Attachment(s) Own Account Assigned None None Own Account Assigned
Comments in the Request View Own Account Assigned to Task / Requests / Mentioned Own Account Assigned to Task / Mentioned Own Account Assigned to Task / Requests / Mentioned
Post Own Account Assigned to Task / Requests / Mentioned Own Account Assigned to Task / Mentioned Own Account Assigned to Task / Requests / Mentioned
Update Own Own None Own Own Own
Delete Own Account Own None Own Own Account Own
Attachments in the Request View Own Account Assigned Own Account Own Account / Mentioned Own Account Assigned
Upload Own Account Assigned None Own Account / Mentioned Own Account Assigned
Download Own Account Assigned None Own Own Account Assigned
Delete Own Account Assigned None Own Own Account Assigned
Assignee Configuration View Own Account None None None None None
Add Conditional Assignee Own Account None None None None None
Update Conditional Assignee Own Account None None None None None
Delete Conditional Assignee Own Account None None None None None
Add Default Assignee Own Account None None None None None
Delete Default Assignee Own Account None None None None None
Translation Library View Translations Own Account None None None None None
Add Translation Own Account None None None None None
Update Translation Own Account None None None None None
Delete Translation Own Account None None None None None
Intake Forms Configuration View Intake Forms Own Account None None None None None
Create Intake Forms Own Account None None None None None
Update Intake Forms Own Account None None None None None
Delete Intake Forms Own Account None None None None None
Email Templates / Landing Pages / Task Templates Setting View Own Account None None None None None
Create Own Account None None None None None
Update Own Account None None None None None
Delete Own Account None None None None None
Tasks under Requests View Tasks Assigned to Task / Requests / Mentioned in the Tasks Assigned to Task / Requests / Mentioned in the Tasks Own Account Assigned to Task / Mentioned in the Tasks Own Account Assigned to Task / Requests / Mentioned in the Tasks
Create tasks manually Own Account Assigned to Requests None None Own Account Assigned to Requests
Update tasks Own Account Assigned to Task / Requests None Assigned to Task Own Account Assigned to Task / Requests
Update subtasks Own Account Assigned to Task / Requests None Assigned to Subtask / Task Own Account Assigned to Task / Requests
Delete tasks Own Account Assigned to Requests None None Own Account Assigned to Requests
Create subtasks manually Own Account Assigned to Task / Requests None Assigned to Subtask / Task Own Account Assigned to Task / Requests
Attachments in Tasks View Own Account Assigned to Task / Requests / Mentioned Own Account Assigned to Task / Mentioned in the Task Own Account Assigned to Task / Requests / Mentioned
Upload Own Account Assigned to Task / Requests / Mentioned Own Account Assigned to Task / Mentioned in the Task Own Account Assigned to Task / Requests / Mentioned
Download Own Account Assigned to Task / Requests Own Account Assigned to Task Own Account Assigned to Task / Requests
Delete Own Account Own None Own Own Account Own
Comments in Tasks View Own Account Assigned to Tasks / Requests / Mentioned Own Account Assigned to Task / Mentioned in the Task Own Account Assigned to Task / Requests / Mentioned
Post Own Account Assigned to Tasks / Requests / Mentioned Own Account Assigned to Task / Mentioned in the Task Own Account Assigned to Task / Requests / Mentioned
Update Own Account Own None Own Own Account Own
Delete Own Account Own None Own Own Account Own
TrustArc  ·  IRM User Roles & Permissions  ·  support.trustarc.com