Using System Default Roles

AI Governance Manager

Al Governance Managers are responsible for overseeing all aspects of artificial intelligence policy and governance within the organization.

Assessments Manager

Assessment Managers are responsible for overseeing their organization's privacy assessment initiatives. Users with this role are able to access the PIA & DPIA Automation module and can configure templates, launch assessments, and approve responses.

Audit Manager

Audit Managers are responsible for managing all aspects of the audit process. Users with this role are fully authorized in the Audit Management module and can create and manage audits, workpapers, and findings as well as configure related audit settings.

Auditor

Auditors are responsible for reviewing the audit they were assigned. Users with this role are able to access the Audit Management module and can access and complete work on any audit, workpaper, and finding for which they were assigned.

Campaign Administrator

Campaign Administrators are responsible for overseeing the creation and management of campaigns in the Campaigns module. Users with this role can modify assigned users, recipient lists, action items, dashboards, and custom emails. They can also see campaigns that have been created, including those in draft, scheduled, active, and ended.

Consent Manager

Consent Managers are responsible for managing all aspects of the consent and preference management process. Users with this role have full access to all administrative functions in the Universal Consent & Preference Management module and can manage Collection Points, Preference Centers, data subject profiles and records, receipts, transactions, and other module objects and settings.

Cookie Consultant

Cookie Consultants are responsible for reviewing their organization's cookie configurations. Users with this role are able to access the Cookie Consent module (read-only) and can view templates, publish test scripts, and export data.

Cookie Manager

Cookie Managers are responsible for implementing and reviewing their organization's consent tools. Users with this role are able to access the Cookie Consent module and can launch scans, configure templates, and publish production scripts.

Data Governance Manager

Data Governance Managers are responsible for overseeing all governance features and functions in the Data Catalog module. Users with this role can take action on including, but not limited to, classification tag inheritance, attributes, tasks, terms, and business glossaries.

Data Governance Viewer

Data Governance Viewers can view basic details for assets and objects in the Data Catalog module. Users with this role cannot alter any configurations, nor can they create, update, or delete any data assets in the Data Catalog or Data Dictionary.

Data Mapping Automation Manager

Data Mapping Automation Managers are responsible for overseeing their organization's data mapping processes. Users with this role are able to access the Data Mapping Automation module and can configure inventories, launch and review assessments, scan systems for data, and generate reports.

Data Steward

Data Stewards are business users that can perform the same actions as someone with the Data Governance Manager role with the exception of modifying or deleting items in the Data Catalog or Data Dictionary. Users with this role are typically granted access into select glossaries and data sources rather than having open access across all items within the organizational hierarchy.

Disclosure Approver

Disclosure Approvers are responsible for responding to disclosure tasks that have been assigned to them in the Disclosure Management module. Users with this role are able to create and manage disclosures, plus respond to attestations.

Disclosures Administrator

Disclosure Administrators are business users who are fully authorized to create and manage disclosures, tasks, disclosure access controls, and attestations within the Disclosure Management module.

Employee

Employees have read-only access and can respond to Courses, Disclosures, or Policies from the Employee Portal. Users with this role can only take action on items that have been shared or assigned to them. This role can be used in unison with other Ethics & Compliance roles.

Enterprise Policy Manager

Enterprise Policy Managers are responsible for managing all aspects of policy creation. Users with this role are fully authorized in the Policy Management module and can create, organize, and manage documents.

EPM Policy View Only

EPM Policy View Only users are responsible for viewing policies. Users with this role are able to access the Policy Management module and view policies without the ability to create, edit, delete, or download the policy.

EPM Procedure View Only

EPM Procedure View Only users are responsible for viewing procedures. Users with this role are able to access the Policy Management module and view procedures without the ability to create, edit, delete, or download the procedure.

EPM Standard View Only

EPM Standard View Only users are responsible for viewing standards. Users with this role are able to access the Policy Management module and view standards without the ability to create, edit, delete, or download the standard.

EPM View Only

EPM View Only users are responsible for viewing policies, standards, and procedures. Users with this role are able to access the Policy Management module and view policies, standards, and procedures without the ability to create, edit, delete, or download the documents.

ERM Manager

ERM Managers are responsible for managing all aspects of the enterprise risk process. Users with this role are fully authorized in the Enterprise Risk Management module to manage and edit risk attributes, risk scoring, risk categories, risk assessments, and view reports.

ESG Manager

ESG Managers are responsible for implementing and tracking their organization's ESG program. Users with this role have access to the ESG Program Reporting & Disclosures module and can configure frameworks and metrics, collect metric data, create initiatives, and generate reports.

Ethics Policy Manager

Ethics Policy Managers are responsible for creating, organizing, and managing all aspects of ethics policies. Users with this role are fully authorized in the Ethics Policy Management module and also have access and management abilities in Reports and Campaigns.

Ethics Policy Owner

Ethics Policy Owners are responsible for building and editing the policies in which they are assigned. Users with this role are able to access the Ethics Policy Management module and can facilitate policy workflows without the ability to edit workflow stages, edit policy attributes, or bypass approvals.

Exchange Manager

Exchange Managers are responsible for managing all aspects of vendors in the Exchange. Users with this role are fully authorized in the Third-Party Risk Exchange module and can add vendors from the Exchange, request exchange assessments, and edit Exchange template rules.

Helpline Case Assignee

Helpline Case Assignees are users who are eligible to view select cases in the Helpline & Case Management module. Their user name will appear as an available selection in ethics portal settings, as well as populate in the available user list shown to the case admin who manages case access controls.

Helpline Manager

Helpline Managers are fully authorized administrators in the Helpline & Case Management module. Users with this role can view cases and assign access controls, in addition to create and edit workflows, ethics portals, and intake forms.

Incident General User

Incident General Users are responsible for viewing and editing the incidents they were assigned. Users with this role are able to access the Incident Management module and can access and edit incidents without the ability to delete or configure incident settings.

Incidents Manager

Incidents Managers are responsible for managing all aspects of incident management. Users with this role are fully authorized in the Incident Management module and can create, edit, and manage incidents.

Integration Manager

Integration Managers are responsible for configuring and managing workflow connections integrated between external systems and the OneTrust platform. Users with this role can set up custom connections, create system credentials, retrieve and alter data throughout the platform, investigate detailed logs, and add systems and values for their business purposes.

Invited User

Invited users have minimal access to the application. By default, Invited users can only access assessments which they have been invited to complete. The application is only accessible to these users through the link provided to them via email. Invited users are added by email address from an assessment. Invited users cannot be created on the Users screen.

IT Risk Approver

IT Risk Approvers are responsible for reviewing and approving risks they are assigned. By default, IT Risk Approvers do not have access to administrative and destructive functions.

IT Risk Manager

IT Risk Managers are responsible for managing all aspects of the risk management process. Users with this role are fully authorized in the IT & Security Risk Management module and can create, edit, and manage risks.

Maturity & Planning Manager

Maturity & Planning Managers are business users who have access to most everyday and some administrative functions in the Maturity & Planning module. By default, Maturity & Planning Managers have limited access to destructive and configuration functions.

Policy Attestation Respondent

Policy Attestation Respondents are responsible for reviewing the attestations they were assigned. Users with this role are able to access the Self Service Portal to review, acknowledge, and attest policies.

Policy Owner

Policy Owners are responsible for reviewing the policies they were assigned. Users with this role are able to access the Policy Management module to manage all aspects of a policy and assign controls to a policy.

Privacy Notice Author

Privacy Notice Authors are responsible for managing custom privacy notices. Users with this role are able to access the Policy & Notice Management module and can view, create, edit, publish, and delete custom privacy notices.

Privacy Notice Manager

Privacy Notice Managers are responsible for managing all aspects of policy notice creation. Users with this role are fully authorized in the Policy & Notice Management module and can create, organize, and manage privacy notices.

Privacy Notice Viewer

Privacy Notice Viewers are responsible for viewing privacy notices. Users with this role are able to access the Policy & Notice Management module and view privacy notices without the ability to create, edit, delete, or download the notice.

Privacy Officer

Privacy Officers are high-level users who have access to most functions in the application. By default, Privacy Officer users do not have access to administrative and destructive functions such as audit logging, deletion, and integrations.

Privacy Rights Automation Manager

Privacy Rights Automation Managers are responsible for overseeing their organization's data subject access requests and related policies. Users with this role are able to access the Privacy Rights Automation module and can configure web forms, process requests, build workflows, and respond to data subjects.

Privacy Template Author

Privacy Template Authors are responsible for managing custom privacy notice and section templates. Users with this role are able to access the Policy & Notice Management module and can view, create, edit, publish, and delete custom notice and section templates.

Program Benchmarking Manager

Program Benchmarking Managers are business users who have access to most everyday and some administrative functions in the Program Benchmarking module. By default, Program Benchmarking Managers have limited access to destructive and configuration functions.

Project Owner

Project Owners are business users who have access to everyday functions in the application. By default, Project Owner users have limited access to administrative, destructive, and configuration functions. Users with this role can launch assessments, review inventory data, view scan results, and complete other everyday business tasks.

Project Respondent

Project Respondents can create a password to log into the application and access a list of all assessments assigned to them. Users with this role can be assigned assessments, risks, and needs more information requests, respond to assigned assessments, and add comments to assessments.

Project Viewer

Project Viewers have read-only access to the application. Users with this role can view information, but cannot make any changes or respond to assessments. Project Viewer users cannot be selected as the respondent for an assessment.

Questionnaire Respondent

Questionnaire Respondents are responsible for taking action on questions or requests assigned to them from the Vendor Portal. Users with this role are able to access the Vendor Portal, but cannot create new requests or run the Auto Complete tool.

Site Admin

Site Admins are responsible for managing the OneTrust application for the organization. Users with this role at the root organization level have complete access to the application with all permissions enabled by default. Site Admins within lower organizations in the hierarchy will have access to most permissions at their organizational group and below.

Supplier Manager

Supplier Managers are responsible for providing metric data. Users with this role have access to the OneTrust application and can respond to metric data collection requests, configure users and roles, and generate reports.

Sustainability Manager

Sustainability Managers are responsible for providing metric data. Users with this role have access to the OneTrust application and can respond to metric data collection requests, configure users and roles, and generate reports.

TPDD Compliance Manager

Compliance Managers are responsible for the daily management of third party due diligence, including review of assessment responses and screening results.

TPDD Enhanced Due Diligence Requester

Enhanced Due Diligence Requesters are allowed to view and order enhanced due diligence reports in TPDD.

Third-Party Due Diligence Admin

Third-Party Due Diligence Admins have access to the global setup menu and the setup options within the TPDD module. This role is designed for designated individuals responsible for user and system setups specific to Third-Party Due Diligence.

Training Learner

Training Learners are responsible for completing courses. Users with this role are able to access the Training module and can complete courses to which they are assigned.

Training Manager

Training Managers are responsible for assigning courses and managing course enrollment within their organization. Users with this role are able to access the Training module and can assign courses, generate enrollment reports, and download SCORM packages.

Trust Profile Viewer

Trust Profile Viewers are responsible for viewing Trust Profiles in the Vendor Portal. Users with this role are able to access the Vendor Portal and view Trust Profiles without the ability to modify the profiles in any way.

Vendor Manager

Vendor Managers are responsible for managing all aspects of third-party risk management. Users with this role are fully authorized in the Third-Party Risk Management module and can create, edit, and manage vendors, engagements, and contracts, as well as configure vendor settings.

Vendorpedia Assessment Coordinator

Vendorpedia Assessment Coordinators are responsible for working with vendors to complete assessment requests. Users with this role are able to access the assessments in the Third-Party Risk Exchange and Third-Party Risk Management modules to assist with the assignment and completion of the assessments.

Permission Group

Module or feature set that the permission levels support.

Viewer

Permission level that allows users to view records and submit their own records through the Self-Service Portal.

Collaborator

Permission level that allows users to contribute to the programs and data by editing records and collaborating through comments and tasks.

Manager

Permission level that allows users access to full functionality, including the ability to create new records, delete records, and update settings or configurations.

The blank box indicates that no permissions within that permission level for the permission group are enabled for the role.

For example, the Audit Management permission group in the image above does not contain any Viewer, Collaborator, or Manager-level permissions enabled for the role.

The checked box indicates that all permissions within that permission level for the permission group are enabled for the role.

For example, the Assessments permission group in the image above has checked boxes for the Viewer and Manager permission levels. This means that every Viewer and Manager-level permission within the Assessments permission group is enabled for the role.

The minus box indicates that some permissions within that permission level for the permission group are enabled for the role.

For example, the Data Mapping Automation permission group in the image above has minus boxes for the Viewer and Manager permission levels. This means that some but not all Viewer and Manager-level permissions within the Data Mapping Automation permission group are enabled for the role.

Permission Group

Module or feature set that the permission supports.

Object

Object to which the permission is associated.

Action

Type of action available when a user has the permission.

Permission Name

Name of the permission.

Description

Brief description that details what the permission allows.

Permission Level

Level of access or persona of the permission.