Legacy Role Transitions

High-level overview of how RiskSense roles changed when the Identity & Access Management (IAM) feature went live.

The Identity & Access Management (IAM) feature redefines the RiskSense platform IAM system to allow for more granular control of what users can do within the platform. Previously used roles (i.e., Technician, User, Group Manager, and Manager) are no longer available. This article highlights each legacy role in the platform and shows how those roles have changed after the update.

The following table provides a high-level overview of the role changes.


Legacy Role Roles After Update
  Foundational Supplemental
Manager Data Manager Client Owner
Global Workflow Owner
Automation Owner
User Provisioning Owner
Group Manager Vulnerability Manager  
User Basic User  
Technician Basic User  

Note: Unless you have worked with your Customer Success account manager beforehand, these are your new roles. 

For additional information regarding the privileges available for each legacy role, see Identity and Access Management Privileges by Legacy Role in RiskSense. For more information about roles, see Roles: Overview. For more information about privileges, see Privilege List and Descriptions.

Foundational and Supplemental Roles

Foundational roles are a set of uneditable, predefined roles designed to provide a persona set that can use the platform in different ways. Use these foundational roles to give users the full RiskSense platform experience in their own intended ways.

Supplemental roles are a set of predefined roles designed to provide a specific job function to our customers that can be used in conjunction with other roles to bestow more user privileges without promoting the user to a higher foundational role and giving them additional privileges they should not have.

Manager

Legacy Role Roles After Update
  Foundational Supplemental
Manager Data Manager Client Owner
Global Workflow Owner
Automation Owner
User Provisioning Owner

The Manager role is the only role transitioned from the old system that has both foundational and supplemental roles.

Foundational Role: Data Manager

Data Manager is the highest foundational role with the most privileges. Users with this role can manage integrations, uploads, and groups in addition to other important platform data.

Supplemental Roles

  • Client Owner: Can modify client-level settings.
  • Global Workflow Owner: Can approve/reject/rework all platform workflow types.
  • Automation Owner: Can view, create, and enable/disable playbooks using the automation module.
  • User Provisioning Owner: Can create users and roles using the new Roles page in the IAM module.

Group Manager

Legacy Role Roles After Update
  Foundational Supplemental
Group Manager Vulnerability Manager  

Foundational Role: Vulnerability Manager

A Vulnerability Manager can manage findings, assignments, and remediation projects for your teams.

Supplemental Roles

None: Group managers have no supplemental roles.

Warning: If you had permissions to allow for uploading data before this migration, you will not be able to upload data once this feature goes live. If this is an issue, work with Customer Success before the migration to ensure you receive a supplemental role to upload data for the correct set of users. After the deployment, this supplemental role can be provided to any users that require this job function.

User

Legacy Role Roles After Update
  Foundational Supplemental
User Basic User  

Foundational Role: Basic User

A Basic User can use the platform’s core functionality for findings and assets accessible via group permissions.

Supplemental Roles

None: Users have no supplemental roles.

Technician

Legacy Role Roles After Update
  Foundational Supplemental
Technician Basic User  

Foundational Role: Basic User

A Basic User can use the platform’s core functionality for findings and assets accessible via group permissions.

Supplemental Roles

None: Technicians have no supplemental roles.

Warning: The legacy Technician role only saw findings assigned to them and had limited platform access. After the update, they will still have read access to the platform for their assigned groups; however, they will also see additional data from those assets. They can filter for items assigned to them to focus on their work; however, there is no longer a restriction at the vulnerability level. They have been brought in line with the rest of the platform’s security access system, which is at the group level. If you wish to limit them to a certain asset set, then add them to a group that provides access to the smallest data set possible, following the principle of least privilege.