Skip to main content

Managing Users and Roles within DataGrail

DataGrail uses role-based access control to provide flexible user management throughout DataGrail's products. This document describes the available roles in the platform, the permissions they grant, and how to assign these roles to your users.

Managing Users and Roles

The full list of DataGrail users and their respective roles can be found by navigating to Settings and then User Admin. This page allows you to assign user roles and manage user invitations using Google and Microsoft SSO.

Group and Just-in-Time Provisioning

Customers using Group Provisioning or Just-in-Time Provisioning must manage user roles directly in their SAML provider.

Modifying Roles

User roles can be modified by taking the following steps within the DataGrail platform:

  1. Select the user for whom you'd like to modify permissions, and then select Edit User.

    Edit User

  2. Select the Roles dropdown to add or remove additional roles from the user's profile.

    User Roles

  3. (Optional) If the selected user needs to manage a system in Live Data Map, it can be assigned using the Systems to manage in LDM dropdown.

  4. (Optional) If the selected user needs to approve a system on a Privacy Request, it can be assigned using the Systems to Approve dropdown.

  5. Once complete, select Update User.

Roles and Permissions

DataGrail offers a number of roles with the platform to help your privacy team connect and maintain systems and manage requests.

Principle of Least Privilege

DataGrail recommends following the Principle of Least Privilege (PoLP) and only assigning users the role that provides the minimum permissions necessary for the user to perform their tasks within DataGrail.

General Roles

RoleDescription & Permissions
Super AdminFull visibility into all product sections and can perform any action within DataGrail.
Connections ManagerIntended for system owners who must connect integrations.
- View and connect systems on the Integrations page
API Credentials ManagerFor users who need to create DataGrail API Keys.
- View and create API Keys in the Settings > API Keys section
Content ManagerManage email templates sent from the platform.
- View and edit Request Manager email templates

Request Manager Roles

RoleDescription & Permissions
Request AdminAll Request Agent capabilities plus:
- View the Compliance Dashboard
- Approve results for any connection needing approval
Request AgentAll Request Approver capabilities plus:
- Create Privacy Requests
- Edit Privacy Request details (policy, data subject info, etc.)
- Stop processing Direct Contact integrations
- Assign Privacy Requests
- Process Privacy Requests
- View and complete Opt Out Requests
Request ApproverCan view and approve results for assigned integrations.
- Upload files to a Privacy Request
- Edit Privacy Request results
- View Privacy Request queue and details
- Comment on Privacy Requests
- Approve results for assigned integrations
RoleDescription & Permissions
Consent Management AdminCan perform all actions within the Consent Management product.
Also requires the Connections Manager Role to connect GTM and other Consent integrations.
Consent Management EditAll Consent Management Read capabilities plus:
- Manage Consent Containers
- Manage Consent Policies
- Edit Consent Banner text and style
- Manage & categorize Tracking Services
- Publish to connected containers
Consent Management ReadView-only for all Consent product sections.
- View all Consent Management areas
- Download Consent Audits
Connecting Integrations For Consent

The Connections Manager Role is also needed to connect Google Tag Manager and any integrations used by the Consent Product.

Live Data Map Roles

RoleDescription & Permissions
Live Data Map AdminCan perform all actions within the Live Data Map product.
Inventory ManagerManage Processing Activity Reports (may be scoped to specific systems or all).
- View, edit, and approve Processing Activity Reports
- Export the Overview
- Export the Data Processing Report

Risk Assessments Roles

RoleDescription & Permissions
Risk Assessments AdminCan perform all actions within the Risk Monitor product.

Responsible Data Discovery Roles

RoleDescription & Permissions
Data Discovery AdminCan perform all actions within the Responsible Data Discovery product.
Data Discovery ReadReview and export Data Classification information.

 

Need help?
If you have any questions, please reach out to your dedicated Account Manager or contact us at support@datagrail.io.

Disclaimer: The information contained in this message does not constitute as legal advice. We would advise seeking professional counsel before acting on or interpreting any material.