Limit Level 2 User Access to Third Parties

In RiskRate, a Level 2 (L2) user's access to third party information is not restricted by default. L2 user access to third parties can be restricted by one of the following criteria: 

  • Category/Region/Country

  • Whether they are Owner and/or Approver of the third party

To best fit your organizational needs, select one of the following criteria to restrict access:

Criteria Description
Country, Region, or Category

Select what third parties they can access by Category, Region, and/or Country. This is the default option.

See Logic Options for a detailed explanation of how this restriction option works.

Owner L2 users will only be able to access third parties for which they are Owner.
Approver* L2 users will only be able to access third parties for which they are Approver.
Owner or Approver* L2 users will only be able to access third parties for which they are either Owner or Approver.
Owner and Approver* L2 users will only be able to access third parties for which they are both Owner and Approver.

Important: *For the Approver option to be available, they must be given the permission "May be assigned an Approver" for third parties. Otherwise, this option will not appear and only the Owner option is available.

For example, an organization may need tighter restrictions if they have multiple divisions in the same Country/Region/Category, or they might need to restrict by Owner/Approver for data privacy issues.

When restrictions are in place, L2 users will not be able to see third parties in searches, or the Third Parties, Reports or Risk Codes grids for which they do not have appropriate permissions.

To configure this setting:

  1. While editing a L2 user, for Is this user's access to Third Parties limited, click Yes.
  2. Click Next.
  3. Select the desired option in which to restrict the L2 user's access.

 

Restrict by Category, Region, or Country

  1. Select one or more criteria (Category, Country, or Region) by which you will restrict third party access. Selecting a criteria displays its related options below. See Logic Options for a detailed explanation of how this restriction option works.

    (Conditional) If you select more than one criteria, you will also be prompted to choose how you want the multiple criteria applied. See Logic Options below for a detailed explanation of the two options.

  2. For each selected criteria, do one of the following:
    • Select only those criteria options whose associated third parties you want this user to have access to.
    • To allow this user to see the third parties associated with any of the available options for a selected criteria, select the Select All check box.
  3. Click Save.

Logic Options

To help explain how the logic options work, imagine that the following third parties exist in your system:

Name

Category

Region

Country

Third Party 1

Business Services

Americas

United States

Third Party 2

Business Services

Asia

Japan

Third Party 3

IT Services

Asia

Korea

Third Party 4

Travel Services

Europe

Germany

If you select At least one of the criteria defined below is met (OR logic) and the criteria options you selected are the Business Service category and the Asia region, the current user will have access to any third party who is either categorized as a Business Service or is located in Asia. Therefore, referring to the table above, this user would have access to Third Party 1 (Business Services category), Third Party 2 (Business Services category and Asia region), and Third Party 3 (Asia region).

If you keep the same criteria option selections and change to the second logic option—All of the criteria defined below are met (AND logic)—then the current user will have access to any third party who is both categorized as a Business Service and is located in Asia. In this case, the user would only have access to Third Party 2.

 

Restrict by Owner and/or Approver

  1. Select the specific Owner and/or Approver criteria by which you will restrict third party access.

    In the example above, This user will be restricted to third parties for which they are either Owner or Approver. They must be one or the other in order to access the third party.

    Note: For a L2 user with Owner and/or Approver restrictions, when creating a third party, the user will automatically populated as Owner and/or Approver since that permission is required for them to view the third party. They will not be able to edit the field(s).

  2. Click Save.