IRM supports the following user roles with different permissions in the system: Admin, DPO, Participant, Auditor, and CPO.
Admin User Role
Admins within a customer account can configure the IRM system. They can set up intake forms, configure assignees, etc. In addition, they are able to view and process all requests in the system. This role is usually granted to managers overseeing Data Privacy Officers (DPOs) and Admins helping to set up the system. This role should be granted with caution due to the amount of control it grants.
DPO User Role
DPOs within a customer account can view and process requests assigned to them. They are not able to configure the IRM system. This role, as the name suggests, should be granted to Data Privacy Officers who manage requests on a day-to-day basis.
Participant Role
The participant role should be granted to all stakeholders who will be working with DPOs on completing a request. In a typical organization, this usually includes, but is not limited to, IT System Administrators, Marketing, Human Resources, etc.
Once assigned this role, Participants within a customer account can view a request only if they have been commented at with an @-mention within the comments section of that request. Once they include an @-mention, they can upload attachments related to fulfilling the request. But they cannot view attachments uploaded by others to the same request.
Participants cannot view the request even if they can view the tasks and subtasks assigned to them. If the parent tasks are assigned to them, they can view the subtasks regardless of whether or not the subtasks are assigned to them.
Participants cannot process a request for completion.
Auditor Role
This role, as the name suggests, should be granted to Auditors who check for compliance to required rules such as GDPR and CCPA. Auditors within a customer account can view all requests and download request metadata. They are not able to configure the IRM system, upload attachments to requests, comment on requests, or process requests.
CPO Role
A user with a CPO or Chief Privacy Officer role can access the Request page (all requests) and the My task page (request’s task/sub task). Although this role cannot access the Admin menu, like any admin user, it can be assigned to requests and they would be able to accept or reject requests and perform other request operations.
Support Role
A user with the Support role can ONLY see the requests that they are assigned to. This role cannot accept or reject requests.
The below chart details the permissions that various users have in the IRM platform for a given account:
| Operations | Admin | DPO | Auditor | Participant | CPO | Support | |
Requests | View | Own Account | Assigned to Task / Requests / Mentioned | Own Account | Assigned to Task / Mentioned | Own Account | Assigned to Task / Requests / Mentioned |
| Complete | Own Account | Assigned | None | None | Own Account | None | |
| Export Request Report | Own Account | Assigned | Own Account | None | Own Account | Assigned | |
| Notified upon new Request | Assigned | Assigned | None | None | Assigned | Assigned | |
| Extend the request | Own Account | Assigned | None | None | Own Account | Assigned | |
| Change Assignee | Own Account | Assigned | None | None | Own Account | Assigned | |
| Download Intake Form Attachment/s | Own Account | Assigned | None | None | Own Account | Assigned | |
| Comments in the Request | View | Own Account | Assigned to Task / Requests / Mentioned | Own Account | Assigned to Task / Mentioned | Own Account | Assigned to Task / Requests / Mentioned |
| Post | Own Account | Assigned to Task / Requests / Mentioned | Own Account | Assigned to Task / Mentioned | Own Account | Assigned to Task / Requests / Mentioned | |
| Update | Own | Own | None | Own | Own | Own | |
| Delete | Own Account | Own | None | Own | Own Account | Own | |
| Attachments in the Request | View | Own Account | Assigned | Own Account | Own Account Mentioned | Own Account | Assigned |
| Upload | Own Account | Assigned | None | Own Account Mentioned | Own Account | Assigned | |
| Download | Own Account | Assigned | None | Own | Own Account | Assigned | |
| Delete | Own Account | Assigned | None | Own | Own Account | Assigned | |
| Assignee Configuration | View | Own Account | None | None | None | None | None |
| Add Conditional Assignee | Own Account | None | None | None | None | None | |
| Update Conditional Assignee | Own Account | None | None | None | None | None | |
| Delete Conditional Assignee | Own Account | None | None | None | None | None | |
| Add Default Assignee | Own Account | None | None | None | None | None | |
| Delete Default Assignee | Own Account | None | None | None | None | None | |
| Translation Library | View Translations | Own Account | None | None | None | None | None |
| Add Translation | Own Account | None | None | None | None | None | |
| Update Translation | Own Account | None | None | None | None | None | |
| Delete Translation | Own Account | None | None | None | None | None | |
| Intake Forms Configuration | View Intake Forms | Own Account | None | None | None | None | None |
| Create Intake Forms | Own Account | None | None | None | None | None | |
| Update Intake Forms | Own Account | None | None | None | None | None | |
| Delete Intake Forms | Own Account | None | None | None | None | None | |
| Email Templates / Landing Pages / Task Templates Setting | View | Own Account | None | None | None | None | None |
| Create | Own Account | None | None | None | None | ||
| Update | Own Account | None | None | None | None | None | |
| Delete | Own Account | None | None | None | None | None | |
| Tasks under Requests | View Tasks | Assigned to Task / Requests / Mentioned in the Tasks | Assigned to Task / Requests / Mentioned in the Tasks | Own Account | Assigned to Task / Mentioned in the Tasks | Own Account | Assigned to Task / Requests / Mentioned in the Tasks |
| Create tasks manually | Own Account | Assigned to Requests | None | None | Own Account | Assigned to Requests | |
| Update tasks | Own Account | Assigned to Task / Requests | None | Assigned to Task | Own Account | Assigned to Task / Requests | |
| Update subtasks | Own Account | Assigned to Task / Requests | None | Assigned to Subtask/Task | Own Account | Assigned to Task / Requests | |
| Delete tasks | Own Account | Assigned to Requests | None | None | Own Account | Assigned to Requests | |
| Create subtasks manually | Own Account | Assigned to Task / Requests | None | Assigned to Subtask / Task | Own Account | Assigned to Task / Requests | |
| Attachments in Tasks | View | Own Account | Assigned to Task / Requests / Mentioned | Own Account | Assigned to Task / Mentioned in the Task | Own Account | Assigned to Task / Requests / Mentioned |
| Upload | Own Account | Assigned to Task / Requests / Mentioned | Own Account | Assigned to Task / Mentioned in the Task | Own Account | Assigned to Task / Requests / Mentioned | |
| Download | Own Account | Assigned to Task / Requests | Own Account | Assigned to Task | Own Account | Assigned to Task / Requests | |
| Delete | Own Account | Own | None | Own | Own Account | Own | |
| Comments in Tasks | View | Own Account | Assigned to Tasks / Requests / Mentioned | Own Account | Assigned to Task / Mentioned in the Task | Own Account | Assigned to Task / Requests / Mentioned |
| Post | Own Account | Assigned to Tasks / Requests / Mentioned | Own Account | Assigned to Task / Mentioned in the Task | Own Account | Assigned to Task / Requests / Mentioned | |
| Update | Own Account | Own | None | Own | Own Account | Own | |
| Delete | Own Account | Own | None | Own | Own Account | Own |