Important notice
The Classic Experience will be sunset on
Aug. 1.
If you have questions, contact your Customer Success and Implementation Manager,
Account Manager, or
support@trustarc.com.
Data Mapping & Risk Manager lets you define different permission sets for different users, restricting their access to creating, viewing, editing, or deleting only particular entity types — or even specific entities. Access rights are managed through named permission sets, also called User Groups.
This article explains how to access the Users page, build a custom permission set, and assign it to specific users.
What you can do
✓Navigate to the Users page to manage user records and roles
✓Create custom permission sets (User Groups) tailored to your organization's needs
✓Assign a permission set to individual users to control their access
Prerequisites
✓Admin privileges in both the Admin module and the Data Mapping & Risk Manager module
✓Active TrustArc account with Data Mapping & Risk Manager access
Managing Users
To access the Users page, hover over the Admin icon on the left side of the page, then navigate to User Settings1 > Users2. For more information about user roles and how to manage users, see User Roles and Setting Up Your Assessment Manager Account.
⚠️ Important: Your user record 3 must have Admin rights assigned for both the Admin module and the Data Mapping & Risk Manager module 4 on the Users page.
📋 Note: Admin rights in other modules (such as Assessment Manager) do not grant Admin access in Data Mapping & Risk Manager. Only an existing Data Mapping & Risk Manager Admin can promote another user to Admin in that module. If no one in your account has Data Mapping & Risk Manager Admin rights, contact TrustArc Support at support@trustarc.com to designate the first Admin.
Building Custom Permission Sets
User access rights in Data Mapping & Risk Manager are managed through named permission sets, also called User Groups. A user can be assigned one — and only one — permission set at a time. You can use TrustArc's pre-defined sets (User and Admin), or create your own. Creating a custom permission set is recommended so that you have full visibility into exactly which permissions it contains. The default User permission set has almost all permissions enabled, except for administrative ones.
To change the default access rights for a user or group of users, create the permission set first, then manually assign it to each user. See Assigning Permission Sets to Users below.
To create a named permission set, follow these steps:
1
From the left side of the page, hover over the Admin icon, then navigate to User Settings1 > Permission Group Settings2.
2
In the top-right corner of the Permission Group Settings page, click the + button 3.
The Add Permission Group window appears.
3
Enter a name for your permission set in the Group Name field 4, then configure the permission fields below.
The modal lets you set permissions for actions (Create, Update, Read, Delete, Clone, Add) on each entity type (Business Process, Organization, System, Vendor, and User Groups). Each dropdown may contain the following access levels:
Access Level Options
No Access
No permission. Users cannot perform the specified action on the entity type.
Any
Users can perform the action on any entity of the corresponding type — Business Process, Organization, Vendor, or System.
Own
Users can perform the action only on entities they created, and on Business Processes to which they are assigned as collaborators. Note: a collaborator cannot delete a Business Process unless they were the original creator, even with "Own" permission under Delete. For more information, see Assigning a Business Process Record.
Tag
Users can perform the action only on entities that share the same tags in a custom field. This is useful for restricting users to entities associated with their department or region. See Configuring Tag-Based Access for more information.
Additional permission types in the modal include:
Other Permission Types
Create
Users can create entities of the specified type.
Reindex E9
Admin-only. Reserved for TrustArc internal use.
Update, Read, Delete, Clone
Control whether users can view, update, delete, and clone named permission sets (User Groups) in the Admin module.
The Business Process Collaborator row under the Share section 6 controls whether users can add or remove collaborators from Business Processes. The same four access levels apply:
•No Access — Cannot add or remove collaborators on any Business Process.
•Any — Can add or remove collaborators on any Business Process.
•Own — Can add or remove collaborators only on Business Processes they created.
•Tag — Can add or remove collaborators only on Business Processes sharing at least one tag in common. See Configuring Tag-Based Access for more information.
📋 Tip: Use the Restore Defaults link 5 to pre-populate the permission fields to match either the User or Admin pre-defined set. This is useful when you want a custom set that differs only slightly from a standard one.
4
Once you have configured all permissions, click Save in the bottom-right corner to save the permission set.
Assigning Permission Sets to Users
To assign a custom permission set to a specific user, follow these steps:
1
From the left side of the page, hover over the Admin icon, then navigate to User Settings1 > Users2.
2
Locate the user you want to update, click the Settings icon 3 to the right of their record, then select Edit User4 from the context menu.
The Edit User window appears.
3
Click the Data Mapping & Risk Manager field and select the permission set you want to assign 5. You can assign a custom set you created, or one of the TrustArc pre-defined sets — Admin or User.
4
Click Update User to save the changes. The user's permissions are now restricted to those defined in the assigned permission set.
📋 Note: You must repeat this process individually for each user you want to assign the permission set to.