Limit Level 2 User Access to Third Parties
In RiskRate, a Level 2 (L2) user's access to third party information is not restricted by default. L2 user access to third parties can be restricted by one of the following criteria:
-
Category/Region/Country
-
Whether they are Owner and/or Approver of the third party
To best fit your organizational needs, select one of the following criteria to restrict access:
| Criteria | Description |
|---|---|
| Country, Region, or Category |
Select what third parties they can access by Category, Region, and/or Country. This is the default option. See Logic Options for a detailed explanation of how this restriction option works. |
| Owner | L2 users will only be able to access third parties for which they are Owner. |
| Approver* | L2 users will only be able to access third parties for which they are Approver. |
| Owner or Approver* | L2 users will only be able to access third parties for which they are either Owner or Approver. |
| Owner and Approver* | L2 users will only be able to access third parties for which they are both Owner and Approver. |
Important: *For the Approver option to be available, they must be given the permission "May be assigned an Approver" for third parties. Otherwise, this option will not appear and only the Owner option is available.
For example, an organization may need tighter restrictions if they have multiple divisions in the same Country/Region/Category, or they might need to restrict by Owner/Approver for data privacy issues.
When restrictions are in place, L2 users will not be able to see third parties in searches, or the Third Parties, Reports or Risk Codes grids for which they do not have appropriate permissions.
To configure this setting:
- While editing a L2 user, for Is this user's access to Third Parties limited, click Yes.
- Click Next.
-
Select the desired option in which to restrict the L2 user's access.
Restrict by Category, Region, or Country
- Select one or more criteria (Category, Country, or Region) by which you will restrict third party access. Selecting a criteria displays its related options below. See Logic Options for a detailed explanation of how this restriction option works.
(Conditional) If you select more than one criteria, you will also be prompted to choose how you want the multiple criteria applied. See Logic Options below for a detailed explanation of the two options.
- For each selected criteria, do one of the following:
- Select only those criteria options whose associated third parties you want this user to have access to.
- To allow this user to see the third parties associated with any of the available options for a selected criteria, select the Select All check box.
- Click Save.
Logic Options
To help explain how the logic options work, imagine that the following third parties exist in your system:
|
Name |
Category |
Region |
Country |
|
Third Party 1 |
Business Services |
Americas |
United States |
|
Third Party 2 |
Business Services |
Asia |
Japan |
|
Third Party 3 |
IT Services |
Asia |
Korea |
|
Third Party 4 |
Travel Services |
Europe |
Germany |
If you select At least one of the criteria defined below is met (OR logic) and the criteria options you selected are the Business Service category and the Asia region, the current user will have access to any third party who is either categorized as a Business Service or is located in Asia. Therefore, referring to the table above, this user would have access to Third Party 1 (Business Services category), Third Party 2 (Business Services category and Asia region), and Third Party 3 (Asia region).
If you keep the same criteria option selections and change to the second logic option—All of the criteria defined below are met (AND logic)—then the current user will have access to any third party who is both categorized as a Business Service and is located in Asia. In this case, the user would only have access to Third Party 2.
Restrict by Owner and/or Approver
-
Select the specific Owner and/or Approver criteria by which you will restrict third party access.
In the example above, This user will be restricted to third parties for which they are either Owner or Approver. They must be one or the other in order to access the third party.
Note: For a L2 user with Owner and/or Approver restrictions, when creating a third party, the user will automatically populated as Owner and/or Approver since that permission is required for them to view the third party. They will not be able to edit the field(s).
-
Click Save.
Product Information
Copyright
Copyright © 2024 NAVEX Global, Inc. NAVEX Global® is a registered trademark/service mark of NAVEX Global, Inc. The NAVEX Global® logo is a trademark/service mark of NAVEX Global, Inc. Unauthorized use of NAVEX Global, Inc.’s trademarks/service marks is strictly prohibited without prior written permission from NAVEX Global, Inc.