User groups are built-in objects giving permissions to all users inside of them, with a specific role across a scope.
For now, it is not possible to create custom role assignments so you need to use built-in user groups. They are linking a domain with a role which contains precise permissions, that will be given to users in this group.
Roles #
Let’s give some details on the 5 built-in roles:
| Role | Permissions |
| Administrator | full access (except approval), and specifically management of domains, users and users rights |
| Domain manager | full access to selected domains (except approval), in particular managing rights for these domains. Read access to global objects |
| Analyst | read-write access to selected perimeters/domains. Read access to global and domain objects |
| Reader | read access to selected perimeters/domains |
| Approver | like reader, but with additional capability to approve risk acceptances |
Django superuser is given administrator rights automatically on startup.
Global user groups #
Once your instance is created, four user groups are already present:
- Global – Administrator
- Global – Analyst
- Global – Reader
- Global – Approver
They give corresponding permissions on Global scope so on every object of your instance.
Domain user groups #
They are created for each domain you add. For example, if you create a domain R&D, there will be:
- R&D – Domain Manager
- R&D – Analyst
- R&D – Reader
- R&D – Approver
They give corresponding permissions on the domain scope so on every object inside R&D.
