Here's the breakdown of Credo AI roles and associated permissions. You can manage users' roles from the Users & Teams tab.
|
Access/Permission |
Admin |
Reviewer |
User |
|---|---|---|---|
|
Can see all AI Use Cases in the AI Registry |
Yes |
Yes |
No—can only see Use Cases they are owners or contributors on |
|
Can see dashboards for all AI Use Cases |
Yes |
Yes |
No—can only see dashboards that reflect the Use Cases they are owners or contributors on |
|
Can edit Use Case metadata |
Yes (all Use Cases) |
Only Use Cases they are owners or contributors on |
Only Use Cases they are owners on. |
|
Can answer Use Case intake questions |
Yes (all Use Cases) |
Only Use Cases they are owners or contributors on |
If Owner of Use Case, Yes; If Contributor of Use Case, only questions they have been assigned |
|
Can edit the Use Case Governance Plan (add Risk Scenarios/Controls and Policy Packs) |
Yes (all Use Cases) |
Only Use Cases they are owners or contributors on |
No |
|
Can add Questionnaires to a Use Case |
Yes (all Use Cases) |
Only Use Cases they are owners or contributors on |
No |
|
Can add and remove Stakeholders from a Use Case |
Yes (all Use Cases) |
Only Use Cases they are owners or contributors on |
Only Use Cases they are owners on |
|
Can add evidence to controls |
Yes (all Use Cases) |
Only Use Cases they are owners or contributors on |
Only Use Cases they are owners or contributors on, post intake |
|
Can assign controls and intake questions to other users |
Yes (all Use Cases) |
Only Use Cases they are owners or contributors on |
If Owner of Use Case, yes; |
|
Can initiate a Use Case review |
Yes (all Use Cases) |
Only Use Cases they are owners or contributors on |
Only Use Cases they are owners on |
|
Can close a Use Case review |
Yes (all Use Cases) |
Only Use Cases they are owners or contributors on |
No |
|
Can change Use Case Governance Stage |
Yes (all Use Cases) |
Only Use Cases they are owners or contributors on |
No |
|
Can view Use Case settings |
Yes (all Use Cases) |
Only Use Cases they are owners or contributors on |
Only Use Cases they are owners on, only after a Use Case has moved to the "Governance" stage. (While a Use Case is in Intake, owners & contributors can only see the Questionnaire page.) |
|
Can view Use Case Risks |
Yes (all Use Cases) |
Yes (all Use Cases) |
Yes if they are owners or contributors on the Use Case, only after a Use Case has moved to the "Governance" stage. (While a Use Case is in Intake, owners & contributors can only see the Questionnaire page.) |
|
Can view and generate reports |
Yes (all Use Cases) |
Yes (all Use Cases) |
Owners can generate reports and contributors can view reports only after a Use Case has moved to the "Governance" stage. (While a Use Case is in Intake, owners & contributors can only see the Questionnaire page.) |
|
Can change risk category |
Yes (all Use Cases) |
Only Use Cases they are owners or contributors on |
No |
|
Can edit intake questionnaires & triggers/actions in the Governance Center |
Yes |
No |
No |
|
Can edit tenant metadata fields |
Yes |
No |
No |
|
Can create custom Risk Types, Risk Scenarios, and Controls |
Yes |
No |
No |
|
Can edit the tenant Risk Categories |
Yes |
No |
No |
|
Can create custom Policy Packs |
Yes |
No |
No |
|
Can add local users (if SSO is not configured) |
Yes |
No |
No |
|
Can add vendor users |
Yes |
Yes |
Yes |
|
Can assign users to teams |
Yes |
No |
No |
|
Can assign users' roles |
Yes |
No |
No |