Roles

This article details the different roles options in the Security menu, including default roles, how to create a new role, and assign roles to users.

Introduction to roles

Users with the System administrator or Security administrator role can create and modify user roles in the system.

To manage roles, click Administration on the upper-right corner and under Security, select Roles. The Roles page displays a list view of the existing roles in the Brinqa Platform.

Default roles

The Brinqa Platform comes with several default roles, which can be deleted or modified as needed. The following table details the default roles in the Brinqa Platform:

Role	Description
Administrator	The administrator role grants read-only access to all data in the Brinqa Platform, without the ability to perform actions or modify configurations.
Configurator	The configurator role has extensive access to the Brinqa Platform. The configurator role can create automations, clusters, risk scoring models, risk factors, and service-level agreements (SLA). However, this role does not include permissions to create, view, or modify access controls, data integrations, roles, security policies, or users.
Data exporter	The data exporter role grants permissions to download data from list views and access the GraphQL Explorer. This role only grants export privileges. To grant access to the relevant data, you must assign additional roles to the same user, such as administrator, remediation owner, or risk owner. System administrators can export data without needing the data exporter role assigned to them.
Remediation owner	The remediation owner role grants access to data through membership in a Remediation owners cluster or Informed users cluster. Users with this role can see data in the Remediation owner dashboard.
Risk analyst	The risk analyst role grants read-only access to specific datasets through clusters. Risk analysts can also participate in remediation requests as a requester or a reviewer.
Risk owner	The risk owner role grants access to data through membership in a Risk owners cluster or Informed users cluster. Users with this role can see data in the Risk owner dashboard.
Security administrator	The security administrator role can administer security policies with regards to user accounts and access control policies for roles.
System administrator	The system administrator role has full access to the Brinqa Platform.
User	The user role is a parent role for the risk analyst role. Since the functionality of the user role is covered by the risk analyst, risk owner, and remediation owner roles, the best practice is to assign users the specific roles instead of the user role. The user role does not have admin access.

info

For information on the default access controls for each default role, see Access controls.

Create a new role

System administrators and Security administrators in the Brinqa Platform can create new roles. To do so, follow these steps:

1. Navigate to Administration > Security > Roles.

2. Click Create.

3. Fill out the Title, Name, Description, and Roles fields.

   note

   If you select a role when you create a new role, the new role inherits all the permissions associated with the selected role.

4. Click Create.

The Roles page reloads and you should see your new role listed.

Assign roles to users

Users with the System administrator or Security administrator role can assign roles to users. To do so, follow these steps:

1. Navigate to Administration > Security > Users.

2. Select the user you want to assign the roles to.

3. Click the Roles drop-down and select the roles you want to assign to the user.

4. Click Update.

In addition to creating and assigning roles manually, the Brinqa Platform supports Just-In-Time (JIT) Provisioning with Microsoft Entra ID or Okta. This feature automatically creates user accounts and assigns appropriate roles in the Brinqa Platform based on their identities in these systems.

Edit or delete a role

Users with the System administrator or Security administrator role can edit or delete existing roles. Hold the pointer over the entry and click Edit or Delete to modify an existing role.