User permissions

Abstract

Lists Maxsight permissions by feature, with access levels and actions for assessments, reports, smart policy, user management, developer tools, and data protection.

Permissions provide users or team members with different levels of access to areas of the Maxsight product. They are assigned to users through their individual or team roles.

The access types are:

No access: The user or team members can't see the product area.
Read-only: Limited access to the product area.
Read and write: Full access to the product area.

What users and team members can do with read-only and read and write access is different for each permission.

Assessments

Access for the Assessment permission is assigned per assessment type:

Permission	Access types
One permission is displayed for each assessment type	No access: Entities with assessments of this type only are not displayed. If No access is assigned for all assessments, the Entity management page is not displayed. Read-only: See all entities with assessments of this type. Add files and comments to entity conversations. See tasks and check results. Add files and notes to task notes. Assign assessments to users and teams. Read and write Add new assessments of this type. Pass, fail, or cancel assessments. Create and apply decision reasons. Pass/fail/incomplete tasks. Run checks. View and edit entity data. Plus, all permissions that are assigned to users with Read-only access. Caution Users with Read-only or Read and write access to any of the entity's assessments can see all of the entity's assessments and associated tasks and the full history of all assessments in the audit report. However, they can't act on assessments they don't have permission for, such as passing/failing the assessment, passing/failing tasks, or running checks.

Permission

Access types

One permission is displayed for each assessment type

No access: Entities with assessments of this type only are not displayed.
If No access is assigned for all assessments, the Entity management page is not displayed.
Read-only:
- See all entities with assessments of this type.
- Add files and comments to entity conversations.
- See tasks and check results.
- Add files and notes to task notes.
- Assign assessments to users and teams.
Read and write
- Add new assessments of this type.
- Pass, fail, or cancel assessments.
- Create and apply decision reasons.
- Pass/fail/incomplete tasks.
- Run checks.
- View and edit entity data.
- Plus, all permissions that are assigned to users with Read-only access.
Caution
Users with Read-only or Read and write access to any of the entity's assessments can see all of the entity's assessments and associated tasks and the full history of all assessments in the audit report. However, they can't act on assessments they don't have permission for, such as passing/failing the assessment, passing/failing tasks, or running checks.

Reports

Permission	Access types
All reports	No access: The Reports tab is not displayed. Read-only: See reports for assessments, tasks, and checks.
Export data	No access: The button to export report data from the Assessment overview section is disabled. Read-only: Export report data from assessments and check reports. Note that to do this, you also need Read-only access for the All reports permission because this is what enables you to see the reports.

Smart policy

Permission	Access types
Policy builder	No access: The Policy Builder tab is not displayed. Read-only: See your smart policy configuration details, such as data provider setup and task configuration. Read and write: Edit your configuration details, review and publish changes to your smart policy.
Policy export	No access: The Export option is not displayed on your policy version history page. Read-only: Export the smart policy configuration for your institution.
Policy import	No access: The Import policy option is not displayed on your policy version history page. Read and write: Import a smart policy configuration that has been exported from another institution into your institution.

User management

Permission	Access types
Manage users	No access: The Manage users section is not displayed on the User Management tab. Read-only: See all users on your account, along with their personal details and user roles. Read and write: Add users. Deactivate or reactivate users. Edit user details. Assign roles to users and teams. Plus, all permissions that are assigned to users with Read-only access.
Manage roles	No access: The Manage roles section is not displayed on the User Management tab. If No access is assigned for Manage users and Manage roles, the User Management tab is not displayed. Read-only: See all roles for your account. Read and write: Create/edit/delete user roles. Plus, all permissions that are assigned to users with Read-only access.

Developer tools

Permission	Access types
Master API key	No access: The API key section is not displayed on the Manage account menu. Read-only: Get the key(s) used to make calls to the Maxsight API. Read and write: Issue/revoke API keys.Manage API keys
Webhook config	No access: The Webhook config section is not displayed on the Manage account menu. Read and write: Configure/edit webhooks.
IP allow list	No access: The IP allow listing section is not displayed on the User Management tab. Read-only: See all IP addresses on the allow list. Read and write: Enable/disable IP allow listing. Add/remove IP addresses and ranges. Edit descriptions for IP addresses and ranges.

Data protection

Permission	Access types
Permanently delete entities	No access: The Delete this entity option is not displayed on entities. Read and write: Permanently delete entities using the Delete this entity option. Caution Deleting entities is a permanent action, and the entity cannot be recovered. We recommend only enabling this option for users who need to delete entities to meet GDPR requirements. For entities that may be needed at a later date, we recommend failing or canceling the assessment, which removes it from the Entity management page. To permanently delete an entity, the user must also have Read-only or Read and write access for the entity's assessment for the Assessments permission.
Permanently delete files	No access: The Delete file option is not displayed for entity files. Read and write: Permanently delete entity files using the Delete file option. These files will be inaccessible and will not be recoverable via the portal or the API. We recommend only enabling this option for users who need to delete files to meet GDPR requirements.

Permission

Access types

Permanently delete entities

No access: The Delete this entity option is not displayed on entities.
Read and write: Permanently delete entities using the Delete this entity option.
Caution
Deleting entities is a permanent action, and the entity cannot be recovered. We recommend only enabling this option for users who need to delete entities to meet GDPR requirements. For entities that may be needed at a later date, we recommend failing or canceling the assessment, which removes it from the Entity management page.

To permanently delete an entity, the user must also have Read-only or Read and write access for the entity's assessment for the Assessments permission.

Permanently delete files

No access: The Delete file option is not displayed for entity files.
Read and write: Permanently delete entity files using the Delete file option. These files will be inaccessible and will not be recoverable via the portal or the API. We recommend only enabling this option for users who need to delete files to meet GDPR requirements.

Additional information

Manage roles

In this section: