Roles, user groups and users in ARIS Risk & Compliance Manager
In ARIS Risk & Compliance Manager, users are assigned special user groups. The role (example: Audit manager) of a user group (example: Audit manager group UMG) specifies which privileges the assigned users have (example: Read privilege for audits and audit steps). A user can belong to several user groups at the same time. For detailed information, refer to the online help, chapter Use administration.
Roles, user groups and users in an ARIS modeling environment
Users and user groups are modeled in an Organizational chart diagram using the Role (OT_PERS_TYPE) and Person (OT_PERS) objects. The name of the superior Role object determines the role and role level of the subordinate role objects. The convention for the superior role name is: <role>_<level>. For the superior role no user group is generated in ARIS Risk & Compliance Manager. The subordinate Role objects determine the user groups to be generated in ARIS Risk & Compliance Manager. The subordinate Role objects are connected with the is generalization of connection to exactly one superior Role object. The users to be generated in ARIS Risk & Compliance Manager are modeled with the Person object and have a connection to the subordinate Role objects.
Example
The superior Role object Risk owner_3 (name convention: <role>_<level>) determines the Risk owner role (<role>) and the role level 3 (<level>) that corresponds to the object-specific role level (see table below).
The following objects are generated in ARIS Risk & Compliance Manager:
Role levels
The privileges assigned to the user group based on its role apply to all environments assigned to the user group.
The privileges assigned to the user group based on its role apply to the environment to which the user group is assigned.
The privileges assigned to the user group based on its role apply to the relevant objects of the current environment to which the user group is assigned.
Attribute mappings: Role name (ARCM) to Role (ARIS)
Role name (ARCM) |
Role (ARIS) |
Role level |
---|---|---|
roles.auditauditor |
Audit auditor |
Levels 1, 2, and 3 |
roles.auditmanager |
Audit manager |
Levels 1 and 2 |
roles.auditowner |
Audit owner |
Level 3 only |
roles.auditreviewer |
Audit reviewer |
Level 3 only |
roles.auditstepowner |
Audit step owner |
Level 3 only |
roles.deficiencyauditor.l1 |
Deficiency auditor (L1) |
Level 1 and 2 |
roles.deficiencyauditor.l2 |
Deficiency auditor (L2) |
Level 1 and 2 |
roles.deficiencyauditor.l3 |
Deficiency auditor (L3) |
Level 1 and 2 |
roles.deficiencymanager.l1 |
Deficiency manager (L1) |
Level 1, 2, and 3 |
roles.deficiencymanager.l2 |
Deficiency manager (L2) |
Level 1, 2, and 3 |
roles.deficiencymanager.l3 |
Deficiency manager (L3) |
Level 1, 2, and 3 |
roles.groupusermanager |
User/User group administrator |
Level 1 and 2 |
roles.hierarchymanager |
Hierarchy manager |
Level 1 and 2 |
roles.hierarchyauditor |
Hierarchy auditor |
Level 1 and 2 |
roles.hierarchyowner |
Hierarchy owner |
Level 3 only |
roles.policyauditor |
Policy auditor |
Levels 1, 2, and 3 |
roles.policymanager |
Policy manager |
Levels 1 and 2 |
roles.policyowner |
Policy owner |
Level 3 only |
roles.policyapprover |
Policy approver |
Level 3 only |
roles.policyaddressee |
Policy addressee |
Level 3 only |
roles.riskauditor |
Risk auditor |
Level 1 and 2 |
roles.riskmanager |
Risk manager |
Level 1, 2, and 3 |
roles.riskowner |
Risk owner |
Level 3 only |
roles.riskreviewer |
Risk reviewer |
Level 3 only |
roles.controlauditor |
Control auditor |
1, 2 and 3 |
roles.controlexecutionowner |
Control execution owner |
3 only |
roles.controlmanager |
Control manager |
Level 1, 2, and 3 |
roles.signoffowner |
Sign-off owner |
Level 3 only |
roles.signoffmanager |
Sign-off manager |
Level 2 and 3 |
roles.signoffreviewer |
Sign-off reviewer |
Level 3 only |
roles.surveyauditor |
Survey auditor |
Level 1 and 2 |
roles.surveymanager |
Survey manager |
Level 1, 2, and 3 |
roles.surveyreviewer |
Survey reviewer |
Level 3 only |
roles.questionnaireowner |
Interviewee |
Level 3 only |
roles.testauditor |
Test auditor |
Level 1, 2, and 3 |
roles.testauditorexternal |
Test auditor external |
Level 1 and 2 |
roles.tester |
Tester |
Level 3 only |
roles.testmanager |
Test manager |
Level 1, 2, and 3 |
roles.testreviewer |
Test reviewer |
Level 3 only |
roles.issueauditor |
Issue auditor |
Level 1 and 2 |
roles.issuemanager |
Issue manager |
Level 1 and 2 |
roles.incidentauditor |
Incident auditor |
Level 1 and 2 |
roles.incidentmanager |
Incident manager |
Level 1 and 2 |
roles.incidentowner |
Incident owner |
Level 3 only |
roles.incidentreviewer |
Incident reviewer |
Level 3 only |
roles.lossauditor |
Loss auditor |
Level 1 and 2 |
roles.lossmanager |
Loss manager |
Level 1 and 2 |
roles.lossowner |
Loss owner |
Level 3 only |
roles.lossreviewer |
Loss reviewer |
Level 3 only |
roles.lossowner |
Loss owner |
Level 3 only |