Required Permissions

Each user must be given correct permissions in order to run Jira and the SoftComply Risk Manager app in a secure manner. Each action in Jira is secured by permissions and permissions can be granted to:

  • Individual user
  • Group
  • Project role
  • Special role (assignee, reporter, project lead)
  • User or Group picker custom fields
  • Anyone

Read more about permissions overview. Correct and reviewed permissions also guarantee safe and secure risk management process. The SoftComply Risk Manager or the SoftComply Risk Manager Plus app permissions are explained in greater detail below and can slightly vary between platforms (Server/Data Center/Cloud).

 

User roles in the SoftComply Risk Manager

In risk management we can outline two major roles that are also reflected the app permissions setup:

  • Risk Manager Administrators
    • Define and set up the risk management process i.e. define the configuration of the risk model and the spreadsheet (risk table) to manage risks in the organisation. The changes to the process are not frequent but they affect risk management in the entire company/product/project. In the context of Jira we can compare it to a project setup and/or project administration tasks.
  • Risk Manager Team members
    • Daily work with risks i.e. adding new risks, editing existing risks, creating/modifying mitigation and verification actions, etc. In the context of Jira the team members work with Jira issues.

 


Server/Data Center (SoftComply Risk Manager and SoftComply Risk Manager Plus)

Quick summary:

  • In order to create Risk Projects you need Jira Global Admin rights.
  • In order to customize matrices/RPN levels and risk table layout you need the Risk Manager Administrator project role.
  • In order to add new columns (i.e. create new custom fields) in the risk table you need Jira Global Admin rights and the Risk Manager Administrator project role.
  • In order to work with risks you need the regular issue related permissions (Browse project, Create/Edit/Link/Resolve/Transition/Assignable user/Assign issues).

more detailed explanation read below at Permissions explained section.


Cloud (SoftComply Risk Manager)

Quick summary:

  • In order to create Risk Projects you need Jira Global Admin rights.
  • In order to customize matrices and risk table layout you need Administer Project permission.
  • In order to add new columns (i.e. create new custom fields) in the risk table you need Jira Global Admin rights and Administer Project permission.
  • In order to work with risks you need the regular issue related permissions (Browse project, Create/Edit/Link/Resolve/Transition/Assignable user/Assign issues).

more detailed explanation read below at Permissions & their rights section.


 

Permissions & their rights

Risk Manager Administrators:

You will need Jira Global Admin rights (System view → Global Permissions → Administer Jira permission) for the following actions:

  1. Creating new Risk Projects, and
  2. Creating new columns in the Risk Table view (i.e. new custom fields are created to the system).

You will need Administer Project permissions (Cloud) or the Risk Manager Administrator project role (Server/DC) for the more sophisticated risk project setup activities like:

  1. Customizing Risk Matrices, and
  2. Customizing the Risk Table layout (adding new columns).

These actions are permitted only to the project administrators as they affect your organisation’s risk management process and as such require careful consideration. You will need to provide the above mentioned permission/role only to the user(s) who can make these risk project level configuration changes (add/remove/edit Severity or Probability values, add/remove table columns).

 

Risk Manager Team members, i.e. regular users:

The following project specific permissions are needed for regular users of the SoftComply Risk Manager/SoftComply Risk Manager Plus:

  1. Browse projects (for accessing project data)
  2. Create Issues (adding new risk issues)
  3. Edit Issues (for traceability links, edit risks)
  4. Link Issues (for traceability links)
  5. Transition Issues (for removing risks from table)
  6. Resolve Issues (for removing risks from table)

Also, if project default assignee is assigned (e.g. Project Lead or somebody else) then:

7. Assign Issues

If project default assignee is assigned then:

8. Project default assignee user must have Assignable User permission.