Managing Users and Roles within DataGrail
DataGrail uses role-based access control to provide flexible user management throughout DataGrail's products. This document describes the available roles in the platform, the permissions they grant, and how to assign these roles to your users.
Managing Users and Roles
The full list of DataGrail users and their respective roles can be found by navigating to Settings and then User Admin. This page allows you to assign user roles and manage user invitations using Google and Microsoft SSO.
Customers using Group Provisioning or Just-in-Time Provisioning must manage user roles directly in their SAML provider.
Modifying Roles
User roles can be modified by taking the following steps within the DataGrail platform:
-
Select the user for whom you'd like to modify permissions, and then select Edit User.
-
Select the Roles dropdown to add or remove additional roles from the user's profile.
-
(Optional) If the selected user needs to manage a system in Live Data Map, it can be assigned using the Systems to manage in LDM dropdown.
-
(Optional) If the selected user needs to approve a system on a Privacy Request, it can be assigned using the Systems to Approve dropdown.
-
Once complete, select Update User.
Roles and Permissions
DataGrail offers a number of roles with the platform to help your privacy team connect and maintain systems and manage requests.
DataGrail recommends following the Principle of Least Privilege (PoLP) and only assigning users the role that provides the minimum permissions necessary for the user to perform their tasks within DataGrail.
General Roles
Super Admin
Super Admin roles have visibility into all product sections and can perform any action within DataGrail.
Connections Manager
The Connections Manager role is granted to a system owner who needs to connect an integration.
- View and connect systems on the Integrations page
API Credentials Manager
The API Credentials Manager role is granted to a user who needs to create a DataGrail API Key.
- View the and create API Keys in the API Keys section on the settings page
Content Manager
The Content Manager role is granted to users who need the ability to view and edit templates for emails sent from the DataGrail platform.
- View and edit email templates for Request Manager
Request Manager Roles
Request Admin
The Request Admin is able to perform all the actions that the Request Agent can as well as the following:
- View the Compliance Dashboard
- Approve results for any connection where approval is required
Request Agent
The Request Agent role is able to perform all the actions that the Request Approver can. In addition, they can create and edit Privacy Requests as well as interact with Opt Out requests.
- Create Privacy Requests
- Edit Privacy Request details (i.e. request policy, data subject information, etc)
- Stop processing Direct Contact integrations
- Assign Privacy Requests
- Process Privacy Requests
- View and Complete Opt Out Requests
Request Approver
The Request Approver role is able to view and approve results on a Privacy Request for assigned system integrations.
- Upload files to a Privacy Request
- Edit Privacy Request results
- View Privacy Request queue
- View Privacy Request details
- Comment on Privacy Requests
- Approve results for assigned integrations on a Privacy Request
Consent Management Roles
Consent Management Admin
The Consent Management Admin role is able to perform all actions within the Consent Management product.
The Connections Manager Role is also needed to connect Google Tag Manager and any integrations used by the Consent Product.
Consent Management Edit
The Consent Management Edit role is able to perform all the actions that the Consent Management Read can. In addition, they can modify all Consent Management Settings.
- Manage Consent Containers
- Manage Consent Policies
- Edit the Consent Banner Text and Style
- Manage and Categorize Tracking Services
- Publish to Connected Containers
Consent Management Read
The Consent Management Read role can view all sections within the Consent Product, but cannot modify any settings or publish changes.
- View all Consent Management product sections
- Download Consent Audits
Live Data Map Roles
Live Data Map Admin
The Live Data Map Admin role is able to perform all actions within the Live Data Map product.
Inventory Manager
The Inventory Manager role grants users the ability to manage the Live Data Map Inventory System Reports. This role may be assigned specific systems or have access to all systems for an organization.
- View, edit, and approve Inventory System Reports
- Export the Overview
- Export the Data Processing Report
Risk Assessments Roles
Risk Assessments Admin
The Risk Assessments Admin role is able to perform all actions within the Risk Monitor product.
Responsible Data Discovery Roles
Data Discovery Admin
The Data Discovery Admin role is able to perform all actions within the Responsible Data Discovery product.
Disclaimer: The information contained in this message does not constitute as legal advice. We would advise seeking professional counsel before acting on or interpreting any material.