In the Carbide platform, user roles play a crucial role in managing individuals involved in policy creation, task completion, policy sign-off, and program auditing. This article provides an overview of the different user roles available in Carbide and their respective permissions.
Assigning User Roles
When adding users to your Carbide account, their roles can be selected. If necessary, you can modify a user's role at any time by following these steps:
-
Navigate to the People → Users section.
-
Locate the user whose role you wish to change and click on their profile.
-
From the user's profile, you can update their role to a different one.
Upon signing in, users will be guided through the setup process relevant to their assigned role. They will only see features and content authorized for their specific role.
User Roles in Carbide
Carbide offers the following user roles with distinct permissions:
Owner
The account Owner possesses full access to all data within the account, including subscription information. Only an existing Owner or support@carbidesecure.com can assign the Owner role.
Admin
Admins have the same access as the account owner, except they cannot view subscription information. Admins can manage account settings, integrations, and add users.
Member
Members have access to specific areas assigned to them in the application, such as Policies, Projects, Tasks, and Security Awareness Training. Members can view and sign-off on elements they are assigned to.
Project Leader
The Project Leader role is not applicable when initially adding a user to the account. It can only be assigned through the Projects section in the main left navigation menu. Users with any role (Owner, Admin, or Member) can be designated as Project Leaders. Project Leaders are responsible for overseeing a project within Carbide.
Project Leaders with the Member role gain full access to the associated project and can assign team members to the plan or any included tasks.
Auditor
Auditors have selective access to the Carbide platform and are limited to viewing the audits assigned to them, information about the organization’s implementation of Organizational Controls (which are mapped to the relevant framework(s) that the auditor is reviewing), and evidence in the Evidence Manager.
Auditors also have the ability to comment and respond to uploaded evidence directly in the Platform, making it easy for both Carbide Admins and the auditor to track current progress, identify any outstanding requests, and associate feedback and discussion with specific controls, thereby eliminating any confusion.
Understanding the various user roles in Carbide is essential for effective management of individuals and their access to different features and content within the platform. Assigning the appropriate roles ensures that users have the necessary permissions to perform their designated tasks and responsibilities.