Models, objects, and relationships

Roles, user groups and users in ARIS Risk & Compliance Manager

In ARIS Risk & Compliance Manager, users are assigned special user groups. The role (example: Audit manager) of a user group (example: Audit manager group UMG) specifies which privileges the assigned users have (example: Read privilege for audits and audit steps). A user can belong to several user groups at the same time. For detailed information, refer to the online help, chapter Use administration.

Roles, user groups and users in an ARIS modeling environment

Users and user groups are modeled in an Organizational chart diagram using the Role (OT_PERS_TYPE) and Person (OT_PERS) objects. The name of the superior Role object determines the role and role level of the subordinate role objects. The convention for the superior role name is: <role>_<level>. For the superior role no user group is generated in ARIS Risk & Compliance Manager. The subordinate Role objects determine the user groups to be generated in ARIS Risk & Compliance Manager. The subordinate Role objects are connected with the is generalization of connection to exactly one superior Role object. The users to be generated in ARIS Risk & Compliance Manager are modeled with the Person object and have a connection to the subordinate Role objects.

Example

Structure of users/user groups

The superior Role object Risk owner_3 (name convention: <role>_<level>) determines the Risk owner role (<role>) and the role level 3 (<level>) that corresponds to the object-specific role level (see table below).

The following objects are generated in ARIS Risk & Compliance Manager:

Role levels

Attribute mappings: Role name (ARCM) to Role (ARIS)

Role name (ARCM)

Role (ARIS)

Role level

roles.auditauditor

Audit auditor

Levels 1, 2, and 3

roles.auditmanager

Audit manager

Levels 1 and 2

roles.auditowner

Audit owner

Level 3 only

roles.auditreviewer

Audit reviewer

Level 3 only

roles.auditstepowner

Audit step owner

Level 3 only

roles.deficiencyauditor.l1

Deficiency auditor (L1)

Level 1 and 2

roles.deficiencyauditor.l2

Deficiency auditor (L2)

Level 1 and 2

roles.deficiencyauditor.l3

Deficiency auditor (L3)

Level 1 and 2

roles.deficiencymanager.l1

Deficiency manager (L1)

Level 1, 2, and 3

roles.deficiencymanager.l2

Deficiency manager (L2)

Level 1, 2, and 3

roles.deficiencymanager.l3

Deficiency manager (L3)

Level 1, 2, and 3

roles.groupusermanager

User/User group administrator

Level 1 and 2

roles.hierarchymanager

Hierarchy manager

Level 1 and 2

roles.hierarchyauditor

Hierarchy auditor

Level 1 and 2

roles.hierarchyowner

Hierarchy owner

Level 3 only

roles.policyauditor

Policy auditor

Levels 1, 2, and 3

roles.policymanager

Policy manager

Levels 1 and 2

roles.policyowner

Policy owner

Level 3 only

roles.policyapprover

Policy approver

Level 3 only

roles.policyaddressee

Policy addressee

Level 3 only

roles.riskauditor

Risk auditor

Level 1 and 2

roles.riskmanager

Risk manager

Level 1, 2, and 3

roles.riskowner

Risk owner

Level 3 only

roles.riskreviewer

Risk reviewer

Level 3 only

roles.controlauditor

Control auditor

1, 2 and 3

roles.controlexecutionowner

Control execution owner

3 only

roles.controlmanager

Control manager

Level 1, 2, and 3

roles.signoffowner

Sign-off owner

Level 3 only

roles.signoffmanager

Sign-off manager

Level 2 and 3

roles.signoffreviewer

Sign-off reviewer

Level 3 only

roles.surveyauditor

Survey auditor

Level 1 and 2

roles.surveymanager

Survey manager

Level 1, 2, and 3

roles.surveyreviewer

Survey reviewer

Level 3 only

roles.questionnaireowner

Interviewee

Level 3 only

roles.testauditor

Test auditor

Level 1, 2, and 3

roles.testauditorexternal

Test auditor external

Level 1 and 2

roles.tester

Tester

Level 3 only

roles.testmanager

Test manager

Level 1, 2, and 3

roles.testreviewer

Test reviewer

Level 3 only

roles.issueauditor

Issue auditor

Level 1 and 2

roles.issuemanager

Issue manager

Level 1 and 2

roles.incidentauditor

Incident auditor

Level 1 and 2

roles.incidentmanager

Incident manager

Level 1 and 2

roles.incidentowner

Incident owner

Level 3 only

roles.incidentreviewer

Incident reviewer

Level 3 only

roles.lossauditor

Loss auditor

Level 1 and 2

roles.lossmanager

Loss manager

Level 1 and 2

roles.lossowner

Loss owner

Level 3 only

roles.lossreviewer

Loss reviewer

Level 3 only

roles.lossowner

Loss owner

Level 3 only