Here's the breakdown of Credo AI roles and associated permissions. You can manage users' roles from the Users & Teams tab.
|
Access/Permission
|
Admin
|
Reviewer
|
User
|
|---|---|---|---|
|
Can see all AI Use Cases in the AI Registry. |
Yes |
Yes |
No—can only see Use Cases they are stakeholders on (owners or contributors) |
|
Can see dashboards for all AI Use Cases |
Yes |
Yes |
Yes—only for Use Cases they are owners or contributors of. |
|
Can register new AI Use Cases |
Yes |
Yes |
Yes |
|
Can see all Models in the Model Registry |
Yes |
Yes |
Yes |
|
Can see all Vendors in the Vendor Registry |
Yes |
Yes |
Yes |
|
Can add Models to the Model Registry |
Yes |
Yes |
Yes |
|
Can edit Model overview fields. |
Yes (all models) |
Only Models they are owners of |
Only Models they are owners of |
|
Can delete a Model. |
Yes (all models) |
Only Models they are owners of |
Only Models they are owners of |
|
Can add Vendors to the Vendor Registry |
Yes |
No |
No |
|
Can edit Vendor questionnaire answers for a Vendor |
Yes |
No |
No |
|
Can delete a Vendor. |
Yes (all Vendors) |
No |
No |
|
Can edit Use Case name & description |
Yes (all Use Cases) |
Only Use Cases they are owners or contributors on |
Only Use Cases they are owners on. |
|
Can edit Use Case metadata |
Yes (all Use Cases) |
Only Use Cases they are stakeholders on (owners or contributors) |
Only Use Cases they are owners on. |
|
Can edit Use Case associations (i.e. add Models and Vendors to Use Cases) |
Yes (all Use Cases) |
Only Use Cases they owners of |
Only Use Cases they owners of |
|
Can answer Use Case intake questions |
Yes (all Use Cases) |
If Owner of a Use Case, Yes; If Contributor on a Use Case, only questions they have been assigned. |
If Owner of Use Case, Yes; If Contributor on Use Case, only questions they have been assigned |
|
Can edit the Use Case Governance Plan (add Risk Scenarios/Controls and Policy Packs) |
Yes (all Use Cases) |
Only Use Cases they are stakeholders on (owners or contributors) |
No |
|
Can add Questionnaires to a Use Case |
Yes (all Use Cases) |
Only Use Cases they are stakeholders on (owners or contributors) |
No |
|
Can add and remove Stakeholders from a Use Case |
Yes (all Use Cases) |
Yes if they are Owners; If they are contributors, can add a contributor but not an Owner; and cannot update role/delete stakeholders from a Use Case. |
Yes if they are Owners; If they are contributors, can add a contributor but not an Owner; and cannot update role/delete stakeholders from a Use Case. |
|
Can add/remove risk scenarios and risk-mitigating controls from a Use Case. |
Yes (all Use Cases) |
Only Use Cases they are stakeholders on (owners or contributors) |
No |
|
Can add/remove Policy Packs from a Use Case. |
Yes (all Use Cases) |
Only Use Cases they are stakeholders on (owners or contributors) |
No |
|
Can add evidence to controls |
Yes (all Use Cases) |
If Owner of a Use Case, Yes; If Contributor on a Use Case, only controls they have been assigned. |
If Owner of a Use Case, Yes; If Contributor on a Use Case, only controls they have been assigned. |
|
Can assign controls and intake questions to other users |
Yes (all Use Cases) |
Only Use Cases they are stakeholders on (owners or contributors) |
If Owner of Use Case, yes; If Contributor on a Use Case, they can only reassign controls & intake questions they have been assigned. |
|
Can initiate a Use Case review |
Yes (all Use Cases) |
Only Use Cases they are stakeholders on (owners or contributors) |
Only Use Cases they are owners on |
|
Can manually add reviewers to a Use Case |
Yes (all Use Cases) |
Only Use Cases they are stakeholders on (owners or contributors) |
No |
|
Can complete a Use Case review (close or approve and close) |
Yes (all Use Cases) |
Only Use Cases they are stakeholders on (owners or contributors) |
No |
|
Can move a Use Case from Intake to Governance |
Yes (all Use Cases) |
Only Use Cases they are stakeholders on (owners or contributors) |
No |
|
Can revert a Use Case from Governance to Intake |
Yes (all Use Cases) |
No |
No |
|
Can view Use Case settings <GOING AWAY IN 15.0!> |
Yes (all Use Cases) |
Only Use Cases they are stakeholders on (owners or contributors) |
Only Use Cases they are owners on, only after a Use Case has moved to the "Governance" stage. (While a Use Case is in Intake, owners & contributors can only see the Questionnaire page.) |
|
Can view Use Case Risks |
Yes (all Use Cases) |
Yes (all Use Cases) |
Yes if they are owners or contributors on the Use Case. |
|
Can view and generate Use Case reports |
Yes (all Use Cases) |
Only Use Cases they are stakeholders on (owners or contributors) |
Only Use Cases they are Owners of |
|
Can change risk category of a Use Case |
Yes (all Use Cases) |
Only Use Cases they are stakeholders on (owners or contributors) |
No |
|
Can delete a Use Case |
Yes (all Use Cases) |
Only Use Cases they are owners of |
Only Use Cases they are owners of |
|
Can edit intake questionnaires & triggers/actions in the Governance Center |
Yes |
No |
No |
|
Can edit tenant metadata fields (create custom and hide default) |
Yes |
No |
No |
|
Can create custom Risk Types, Risk Scenarios, and Controls |
Yes |
No |
No |
|
Can edit the tenant Risk Categories |
Yes |
No |
No |
|
Can create custom Policy Packs |
Yes |
No |
No |
|
Can add local users (if SSO is not configured) |
Yes |
No |
No |
|
Can add vendor users |
Yes |
No |
No |
|
Can assign users to teams |
Yes |
No |
No |
|
Can assign users' roles |
Yes |
No |
No |