User guideSettings & configurationRole configuration
Settings & configuration

Role configuration

Understand Admin, Editor, and Viewer roles.

Overview

VerifyWise uses role-based access control (RBAC) to manage what users can see and do. Each user gets a role that sets their permissions across all features.

Understanding roles helps you make sure team members have the right access level for their responsibilities while keeping security tight.

Available roles

VerifyWise has four predefined roles:

Admin

Full access to all features including user management, organization settings and integrations.

Reviewer

Read access plus the ability to approve or reject items. Can't create or edit content.

Editor

Can create, edit and manage most content but has limited access to admin functions.

Auditor

Read-only access for audit and review purposes.

Admin role

Admins have full control over the platform. This role is for users responsible for platform governance and user management.

Admin capabilities:

  • Full access to all platform features
  • Create, edit and delete use cases and assessments
  • Manage models, vendors, policies and training records
  • Invite new users and change user roles
  • Configure organization settings and branding
  • Set up and manage integrations (Slack, MLflow)
  • Create and manage API keys
  • Generate all report types
  • Access all settings tabs
Admins can't delete their own account if they're the only administrator. Make sure at least one other admin exists before removing an admin user.

Reviewer role

Reviewers can view content and approve or reject items, but they can't create or edit content. This role works well for people who need to sign off on governance activities without authoring them.

Reviewer capabilities:

  • View use cases, assessments and compliance status
  • Approve or reject items in approval workflows
  • View models, vendors, policies and training records
  • View reports
  • Access dashboard
  • Update personal profile and preferences

Reviewers can't:

  • Create, edit or delete content
  • Invite users or manage team members
  • Access organization settings
  • Generate reports
  • Access integrations or API keys

Editor role

Editors can work with most platform content but have limited access to admin functions. This role fits team members who contribute to governance activities without needing full system control.

Editor capabilities:

  • Create, edit and delete use cases and assessments
  • Manage models, vendors, policies and training records
  • Invite new team members
  • Update organization settings (name and logo)
  • Generate reports
  • Access most settings tabs

Editors can't:

  • Manage integrations (Slack, MLflow)
  • Create or delete API keys
  • Change their own role

Auditor role

Auditors have read-only access to the platform. This role is meant for people who need to review governance information without changing anything, like external auditors or compliance reviewers.

Auditor capabilities:

  • View use cases, assessments and compliance status
  • View models, vendors, policies and training records
  • View reports (can't generate new ones)
  • Access dashboard
  • Update personal profile and preferences

Auditors can't:

  • Create, edit or delete any content
  • Invite users or manage team members
  • Access organization settings
  • Generate reports
  • Access integrations or API keys

Assigning roles

Roles are assigned in two ways:

During invitation

When inviting a new team member, select the appropriate role in the invitation modal. The user will have this role when they create their account.

Changing an existing user's role

To change a user's role after they've joined:

  1. Go to Settings > Team
  2. Find the user in the team table
  3. Click on the role dropdown in their row
  4. Select the new role
  5. The change takes effect right away

Permission reference

Here's a summary of key permissions by role:

FeatureAdminReviewerEditorAuditor
Use casesFull accessView + approveFull accessView only
ModelsFull accessView + approveFull accessView only
VendorsFull accessView + approveFull accessView only
PoliciesFull accessView + approveFull accessView only
TrainingFull accessView onlyFull accessView only
ReportsGenerateView onlyGenerateView only
Team managementFull accessNoneInvite onlyNone
Organization settingsFull accessView onlyEditView only
IntegrationsFull accessNoneNoneNone
API keysFull accessNoneNoneNone

Best practices

  • Limit admin accounts: Only give the Admin role to users who need full platform control. Most users should be Editors, Reviewers or Auditors.
  • Review roles regularly: Check user roles from time to time to make sure they still match current responsibilities.
  • Use Auditor for external access: For external auditors or stakeholders who need to review your governance, use the Auditor role.
  • Document role decisions: Keep a record of why users were assigned specific roles for audit purposes.

Frequently asked questions

Can I create custom roles with specific permissions?

Not right now. VerifyWise has four predefined roles (Admin, Reviewer, Editor, Auditor). Custom role configuration isn't available in this version.

Can I change my own role?

No. Another administrator has to update your role. This prevents accidental loss of admin access.

How many administrators should we have?

At least two is a good idea, so there's always a backup if one admin is unavailable. But keep the total number low and limited to people who truly need full access.

Related articles

User management

Manage team members and access

API access

Manage API keys for integrations

PreviousUser management
NextNotification settings
Role configuration - Settings & configuration - VerifyWise User Guide