Working with roles

Use the Infor GRC Roles page to create or modify custom roles and assign the required permissions.

Note: The standard roles are predefined roles and are available in the Infor GRC application. Permissions assigned to the standard roles cannot be modified.

To create a custom role:

  1. Select Manage > Infor GRC Roles on the navigation bar and click to create a new custom role. The New Role page is displayed.
  2. Specify this information:
    Role Name
    The name of the role.
    Description
    The description for the role.
    Allow Administrator Level Data Access
    Select this check box to provide the administrator level data access to the custom role.
    Note: If you select this check box, the user has the authorization to access the assigned GRC functionality and the related functionality. Use the Data Access tab to assign permissions for accessing the GRC functionality.
    Copy Privileges as
    The details of an existing role that must be copied to the custom role.
    Customize Permissions
    The permissions to access the GRC functionalities that can be assigned to the custom role.

    See, Standard roles and the permissions.

    Data Access
    The administrator level data access for the GRC functionality and the related functionality. This tab is displayed, only if you select the Allow Administrator Level Data Access check box.
    Note: If administrator level data access is provided for Monitor > Reports functionality, you must add the custom role to the Access Control List(ACL) for InforGRC_Reports document type in the Infor Document Management(IDM) application. Else, the user assigned to the custom role is unable to view the reports subscribed by other users. Perform these steps to add the custom role to IDM:
    1. Navigate to Infor Document Management > Control Center.
    2. Select Document Type in the Administration section.
    3. Locate and select "InforGRC_Reports".
    4. Click the ACL tab.
    5. Select "Infor GRC" and click Edit.
    6. Navigate to the Role List.
    7. Locate and add the custom role to which the admin level data access is provided.
    8. Provide the Read and Delete permission for reviewing and downloading all the future reports that are subscribed by the other users.
  3. Click Save. The role is created in the Infor GRC application with the status set to active.

    The information related to the new role is sent to the IFS using the S.SRM BOD to update the IFS Registry.

    Note: Administrators and Business Process Owners must consider the data security and the privacy compliance requirements when assigning permissions to roles for accessing sensitive data. Access provided without detailed review can be misused. Limited and fine-grained access must be provided to users on the need to know and need to use basis. Faulty implementation may lead to risk.