Managing User Access

Overview Managing Users Building Permission Sets Assigning Permission Sets

Overview

Data Mapping & Risk Manager lets you define different permission sets for different users, restricting their access to creating, viewing, editing, or deleting only particular entity types — or even specific entities. Access rights are managed through named permission sets, also called User Groups.

This article explains how to access the Users page, build a custom permission set, and assign it to specific users.

What you can do

✓Navigate to the Users page to manage user records and roles

✓Create custom permission sets (User Groups) tailored to your organization's needs

✓Assign a permission set to individual users to control their access

Prerequisites

✓Admin privileges in both the Admin module and the Data Mapping & Risk Manager module

✓Active TrustArc account with Data Mapping & Risk Manager access

Managing Users

To access the Users page, hover over the Admin icon on the left side of the page, then navigate to User Settings (1) > Users (2). For more information about user roles and how to manage users, see User Roles and Setting Up Your Assessment Manager Account.

Admin navigation menu showing User Settings expanded with the Users option selected

⚠️ Important: Your user record (3) must have Admin rights assigned for both the Admin module and the Data Mapping & Risk Manager module (4) on the Users page.

Users page showing a user record with module assignments including Admin and Data Mapping and Risk Manager

Users page showing the module permission fields expanded for a selected user record

📋 Note: Admin rights in other modules (such as Assessment Manager) do not grant Admin access in Data Mapping & Risk Manager. Only an existing Data Mapping & Risk Manager Admin can promote another user to Admin in that module. If no one in your account has Data Mapping & Risk Manager Admin rights, contact TrustArc Support at support@trustarc.com to designate the first Admin.

Building Custom Permission Sets

User access rights in Data Mapping & Risk Manager are managed through named permission sets, also called User Groups. A user can be assigned one — and only one — permission set at a time. You can use TrustArc's pre-defined sets (User and Admin), or create your own. Creating a custom permission set is recommended so that you have full visibility into exactly which permissions it contains. The default User permission set has almost all permissions enabled, except for administrative ones.

To change the default access rights for a user or group of users, create the permission set first, then manually assign it to each user. See Assigning Permission Sets to Users below.

To create a named permission set, follow these steps:

From the left side of the page, hover over the Admin icon, then navigate to User Settings (1) > Permission Group Settings (2).

Admin navigation showing User Settings expanded with Permission Group Settings selected

In the top-right corner of the Permission Group Settings page, click the + button (3).

Permission Group Settings page with the plus button highlighted in the top-right corner

The Add Permission Group window appears.

Add Permission Group modal showing fields for group name and permission settings for each entity type

Enter a name for your permission set in the Group Name field (4), then configure the permission fields below.

The modal lets you set permissions for actions (Create, Update, Read, Delete, Clone, Add) on each entity type (Business Process, Organization, System, Vendor, and User Groups). Each dropdown may contain the following access levels:

Access Level Options

No Access

No permission. Users cannot perform the specified action on the entity type.

Any

Users can perform the action on any entity of the corresponding type — Business Process, Organization, Vendor, or System.

Own

Users can perform the action only on entities they created, and on Business Processes to which they are assigned as collaborators. Note: a collaborator cannot delete a Business Process unless they were the original creator, even with "Own" permission under Delete. For more information, see Assigning a Business Process Record.

Tag

Users can perform the action only on entities that share the same tags in a custom field. This is useful for restricting users to entities associated with their department or region. See Configuring Tag-Based Access for more information.

Additional permission types in the modal include:

Other Permission Types

Create

Users can create entities of the specified type.

Reindex E9

Admin-only. Reserved for TrustArc internal use.

Update, Read, Delete, Clone

Control whether users can view, update, delete, and clone named permission sets (User Groups) in the Admin module.

The Business Process Collaborator row under the Share section (6) controls whether users can add or remove collaborators from Business Processes. The same four access levels apply:

•No Access — Cannot add or remove collaborators on any Business Process.

•Any — Can add or remove collaborators on any Business Process.

•Own — Can add or remove collaborators only on Business Processes they created.

•Tag — Can add or remove collaborators only on Business Processes sharing at least one tag in common. See Configuring Tag-Based Access for more information.

📋 Tip: Use the Restore Defaults link (5) to pre-populate the permission fields to match either the User or Admin pre-defined set. This is useful when you want a custom set that differs only slightly from a standard one.

Once you have configured all permissions, click Save in the bottom-right corner to save the permission set.

Assigning Permission Sets to Users

To assign a custom permission set to a specific user, follow these steps:

From the left side of the page, hover over the Admin icon, then navigate to User Settings (1) > Users (2).

Admin navigation showing User Settings expanded with the Users option selected

Locate the user you want to update, click the Settings icon (3) to the right of their record, then select Edit User (4) from the context menu.

Users list showing the Settings icon and Edit User option in the context menu for a user record

The Edit User window appears.

Edit User modal showing the user fields including the Data Mapping and Risk Manager permission set selector

Click the Data Mapping & Risk Manager field and select the permission set you want to assign (5). You can assign a custom set you created, or one of the TrustArc pre-defined sets — Admin or User.

Click Update User to save the changes. The user's permissions are now restricted to those defined in the assigned permission set.

📋 Note: You must repeat this process individually for each user you want to assign the permission set to.

TrustArc · Managing User Permissions · support.trustarc.com

Search

Managing User Access