Evident’s TPRM platform uses Users and Roles to control access.
Users and Roles let you give the right access to the right people. Team members can work in the platform without having access to sensitive risk decisions.
You manage Users and Roles from the Configuration section of the platform.
Why Users and Roles Matter
Users only access what they need, which improves security. Limiting access also reduces mistakes by ensuring fewer users can make major changes. Roles are ready to use and easy to assign as your team grows.
User Roles
Each higher role includes the access of the roles below it. Role names and permissions are the same for all clients and cannot be changed.
Viewer
A Viewer can see all entities in the platform, including search and filters. Viewers cannot add, update, or remove entities, resolve actions, make exceptions, change settings, or manage users.
Entity Manager
An Entity Manager can view all entities and can add, update, and remove entities. Entity Managers cannot resolve actions, make exceptions, change platform settings, or manage users.
Risk Manager
A Risk Manager can view all entities and manage entity records. Risk Managers can resolve entity-level actions and grant or remove exceptions, but they cannot change platform settings or manage users.
Solutions Architect
A Solutions Architect can view and manage entities, resolve both entity-level and global actions, and change platform settings such as decisioning and branding. Solutions Architects cannot manage users.
Administrator
An Administrator has full access. Administrators can view and manage entities, resolve entity-level and global actions, change platform settings, and add, edit, or remove users.
Important Notes
Each user has one role per client. Users may have different roles for different clients. Only Administrators can manage users and roles.
If your organization uses single sign-on (SSO), roles are still managed directly in the TPRM platform and are not inherited from your identity provider.
Role changes take effect after the user logs out and logs back in.
Managing Users and Roles
To manage users, go to Configuration and select Users and Roles. You will see a list of users and their assigned roles.
Any users added before Users and Roles were introduced are assigned the Administrator role by default.
Adding a User
To add a user, click Add New User and enter the user’s email address and name. Select a role for the user. New users are assigned the Viewer role by default.
An invitation email is sent to the user. If needed, the invitation can be resent.
Editing a User
To change a user’s role, select a new role from the Role dropdown. A message will explain how the user’s access will change.
Role changes are not immediate. The user must log out and log back in for the changes to apply.
To edit a user’s name, click the pencil icon. If the user signs in through an external provider, such as Google, their name must be updated there. Email addresses cannot be edited.
Removing a User
To remove a user, click the trash can icon next to their name and confirm the action.