Configuring a Level 2 User's Report & Third Party Access

Important: New user profiles are created in the Admin Settings of NAVEX One. See Adding a User for more information.

Important: This feature is available to Level 1 users only.

If you select Level 2 for User Level, additional settings are displayed for restricting this user's access to certain report and third party information and for allowing or restricting certain report-related actions.

If RiskRate creates a new report definition, those reports will be available to all users - unless a user has existing report restrictions. Users who are currently restricted from ordering certain reports will not be able to order the new report type.

Apply User Template

The first question asks whether to apply an existing User Template, which would automatically assign user access/restrictions based on the template. Once a User Template is selected, the subsequent options become grayed out. See User Templates for more information.

If proceeding without the use of a User Template, if you select Yes for any of the next four (4) questions, the Save button changes to Next. Click Next to go to settings for the selected restrictions. Each restriction and permission is described below.

Note: These options can vary based on how your RiskRate system is configured.

Restrict Reports This User Can Order

When a RiskRate user’s profile is created in NAVEX One Platform, the user is automatically designated as a Level 2 user. By default, the new user does not have restrictions on which reports can be ordered; however, they are not allowed to add external analyst activity items to report requests. This means:

• The user is able to order most report types, including the ESG due diligence reports for Climate Risk, Human Rights, and Sustainability Risk.

• The user is not allowed to order EDD, IDD, and OSI type reports.

To change their restrictions and specify which reports this user can order:

1. For Do you want to restrict which reports this user can order?, click Yes.
2. Click Next.



Notes: The reports your organization opted to include when setting up RiskRate may be different than those shown above. Restricting a report type does not affect this user's ability to view existing reports of that type in the Reports page.

3. Do one of the following:
   • Select the This user may not request any reports check box.
   • Individually select the reports this user is allowed to request.
4. Click Next or Save (depending on which button is displayed).

Allow This User to Add External Analysis Activities

By default, a user is not allowed to add external analysis activities, such as an analyst review or enhanced due diligence, to a report.

To change this setting:

1. For Is this user allowed to add any external analysis activities to a report?, click Yes.
2. Click Next.



Notes: The external analysis activities your organization opted to include when setting up RiskRate may be different than those shown above. If you also selected Yes for the Do you want to restrict which reports this user can order? option, that setting's options also appear on this Report Information page.

3. Do one of the following:
   • To allow this user to add any available external analysis activity to a report, select the Select All check box.
   • Individually select the external activities this user is allowed to add to a report.
4. Click Next or Save (depending on which button is displayed).

Limit This User's Access to Third Party Information

See Limit Level 2 User Access to Third Parties.

Allow This User to Upload Reports

By default, a newly added user is not allowed to upload reports. Click Yes if you want this user to be able to upload reports for accessible third parties.

Allow This User to Mark Reputation Alerts as False Positives

By default, a newly added user is not allowed to mark reputation alerts as false positives (see Mark a Reputation Alert as a False Positive). Click Yes if you want this user to be able to mark false positives for accessible third parties' reputation alerts.

Note: If your organization has the Unreviewed Screening Reports feature turned on, that replaces this functionality and workflow, and this option would be unavailable.