Overview

Making access privileges easy to understand is an important part of allowing anyone in your organization to participate in managing access privileges. Roles are a great way to do this as they allow access privileges to to be explained in language we are all familiar with, instead of technical language.

How Roles make access privileges easy to understand is best explained by the examples below.


Role examples

People within your organization have different job roles, to make access privileges easy to manage, those organizational roles are reflected in the software that they use.

Accounting Software
Certain people, with specific roles within your organization, use accounting software. To reflect these organizational roles, the software creates roles that are the same or similar to the organizational roles:

  1. CFO
  2. Accountant
  3. Bookkeeper
  4. Payroll
  5. Invoice Entry
  6. Invoice Payment/Approval

When setting which person has access to which features within a piece of software, you simply choose the role in the software that best suits their role within the organization.

Human Resources Software
Certain people, with specific roles within your organization, use human resources software. To reflect these organizational roles, the software creates roles that are the same or similar to the organizational roles:organizational roles:

  1. CHRO
  2. HR Administrator
  3. HR Officer
  4. HR Manager
  5. HR Health & Safety Officer
  6. HR Renumeration Advisor
  7. Payroll

When setting which person has access to which features within a piece of software, you simply choose the role in the software that best suits their role within the organization.

Legal Software
Certain people, with specific roles within your organization, use legal software. To reflect these organizational roles, the software creates roles that are the same or similar to the organizational roles:

  1. CLO (general council)
  2. Solicitor
  3. Lawyer
  4. Legal secretary
  5. Accountant

When setting which person has access to which features within a piece of software, you simply choose the role in the software that best suits their role within the organization.


Rulerr Roles

Rulerr makes use of roles to reflect the different jobs that people need to do in Rulerr. Rulerr offers 3 types of Roles, which are set in different places:

Organization level

  1. Monarch
  2. Risk
  3. Auditor
  4. HR
  5. Helpdesk
  6. Integrator

Product level

  1. Product Expert
  2. Access Approver

People level

  1. Manager
  2. Collaborator
  3. Viewer


Organization level roles


Monarch

Monarchs are people who have the ability to interact with any functionality Rulerr offers.

You should only make people a Monarch if you trust them to have full control of Rulerr and all the data and features Rulerr offers.

The person who signs up to Rulerr is made a Monarch so that they are instantly able to start configuring Rulerr to suit your organization. To add or remove people from being a Monarch, you can use the Monarch section in the Roles page. Only Monarchs can add or remove Monarchs.

Rulerr requires at least one Monarch at all times. Depending on the size and complexity of your organization, you may wish to have one or more Monarch's. If your organization is large and complex, we recommend that you make at least three people Monarch's.


Risk

People who are given the Risk Role are able to recieve notifications of events of interest and access Rulerr Analytics so that they can follow up on those risk notifications.

When a person is given the Risk role, if they do not already have an account, Rulerr will send them an email inviting them to login to Rulerr and start managing Risk within your organization. If they already have an account, they will be sent a notification to inform them they have been given the Risk Role.

People can be given the Risk Role in the Risk section of the Roles page by Monarchs. You do not need to allocate anyone to the Risk Role if you have a Monarch who wishes to manage Risk.


Auditor

Auditors are able to view Access Privileges, Audit Log and Analytics information for all Products within Rulerr.

When a person is given the Auditor role, if they do not already have an account, Rulerr will send them an email inviting them to login to Rulerr and start viewing Audit Logs and Analytics. If they already have an account, they will be sent a notification to inform them they have been given the Auditor Role.

Auditors are set in the Auditors section of the Roles page by Monarchs. Auditors are optional as Monarchs have the ability to do everything they are able to do.


HR

People who are part of the HR Team are able to access the People page within Rulerr and do any actions the People page offers i.e. manage people, groups and their details.

When a person is given the People role, if they do not already have an account, Rulerr will send them an email inviting them to login to Rulerr and start managing People. If they already have an account, they will be sent a notification to inform them they have been given the People Role.

People are given the HR Role in the HR section of the Roles page by Monarchs. You do not need to allocate anyone to the People Role if you have a Monarch who wishes to manage people.


Helpdesk

The Helpdesk role exists to allow people who work on your IT helpdesk to create access change requests for anyone in your organization.

When a person is given the Helpdesk Role, a new option will show on their Dashboard, which allows them to create access change requests and view the status of access change requests they have created.

People are given the Helpdesk role in the Access page by Rulerr Product Experts.

When a person is given the Helpdesk Role, if they do not already have an account, Rulerr will send them an email inviting them to login to Rulerr and start creating access change requests. If they already have an account, they will be sent a notification to inform them they have been given the Helpdesk role.

People are given the Helpdesk Role in the Helpdesk section of the Roles page by Monarchs. You do not need to allocate anyone to the Helpdesk Role if you do not need anyone to create access change requests for staff.


Integrator

People who are given the Integrator Role are able to add, view and modify the integrations between Rulerr and external software for your organization. They are able to access the Integrations page

When a person is given the Integrator role, if they do not already have an account, Rulerr will send them an email inviting them to login to Rulerr and start managing Integrations for your organization. If they already have an account, they will be sent a notification to inform them they have been given the Integrator Role.

People are given the Integrator Role in the Integrator section of the Roles page by Monarchs. You do not need to allocate anyone to the Integrator Role if you have a Monarch who wishes to manage Risk.


Product level roles


Product Expert

You can set a Product Expert for each product in Rulerr so they can manage product details, view and manage access privileges and receive/approve access change requests for that product. Product Experts are able to access Audit Log and Analytics information for the Product.

Product Experts receive all access change requests for their Product. If you wish to allocate the Approval of access change requests to someone else, the Product Expert can make someone else in your organization a Access Approver.

When a person is made a Product Expert, if they do not already have an account, Rulerr will send them an email inviting them to login to Rulerr and start managing the product and its access privileges. If they already have an account, they will be sent a notification to inform them they have been made a Product Expert.

Product Experts are set in the Access page by Monarchs. You do not need to allocate anyone to be a Product Expert if you have a Monarch who wishes to manage the Product.


Access Approver

Access Approvers are people who receive and can approve access change requests for the product they are an Access Approver of. When a person requests a access change request it is sent to all Access Approvers and Product Experts for the product. Access Approvers are allocated per Product by the Product Expert for the product or Monarchs. Access Approvers are optional as Product Experts or Monarchs are also able to approve access change requests.

Access Approvers receive access change requests in the notifications page of their Dashboard

When a person is given the Access Approver role, if they do not already have an account, Rulerr will send them an email inviting them to login to Rulerr and start approving access change requests. If they already have an account, they will be sent a notification to inform them they have been given the Access Approver Role.

Access Approvers are set per product in the Access page by Product Experts or Monarchs. Access Approvers are optional as Monarchs and Product Experts have the ability to view and approve access changes.


People level roles


Managers

When you create a group, you can make a person(s) the Manager of the Group.

When you set someone as a Manager, you can also allow them to View or Collaborate on access privileges for people within the group. They will be able to view/collaborate on the access privileges of all the people in the group from their Dashboard

When a person is made a Manager, if they do not already have an account, Rulerr will send them an email inviting them to login to Rulerr and View/Collaborate on theirs and others accesss. If they already have an account, they will be sent a notification to inform them they are now a Manager.

Managers are set per group in the People page by people with the People Role or Monarchs. You do not need to allocate a manager to a group.


Collaborator

Collaborators are people who are able to view and request changes for their (or others if they are a Manager) access privileges. This means they are able to collaborate with Product Experts and Access Approvers. We recommended you allow everyone in your organization to collaborate on their access privileges so you can leverage their knowledge to make your organization more secure.

When a person is made a Collaborator, if they do not already have an account, Rulerr will send them an email inviting them to login to Rulerr and Collaborate on their access. If they already have an account, they will be sent a notification to inform them they can now collaborate on their accesss.

Collaborators can be set individually per person or you can make everyone in a Group a collaborator. You can also make group managers collaborators. This can be done by people with the People Role or Monarchs.


Viewers

Viewers are people who are able to view their (or others if they are a Manager) access privileges, though they are unable to collaborate with Access Approvers or Product Experts on their access privileges.

Viewers are set per person or group in the People page by people with the People Role or Monarchs.