Role configuration

Overview

VerifyWise uses role-based access control (RBAC) to manage what users can see and do within the platform. Each user is assigned a role that determines their permissions across all features.

Understanding roles helps you ensure that team members have appropriate access levels for their responsibilities while maintaining security and governance controls.

Available roles

VerifyWise provides three predefined roles to cover common organizational needs:

Admin role

Administrators have complete control over the VerifyWise platform. This role should be assigned to users responsible for platform governance and user management.

Admin capabilities include:

• Full access to all platform features
• Create, edit, and delete use cases and assessments
• Manage models, vendors, policies, and training records
• Invite new users and change user roles
• Configure organization settings and branding
• Set up and manage integrations (Slack, MLflow)
• Create and manage API keys
• Generate all report types
• Access all settings tabs

Editor role

Editors can work with most platform content but have restricted access to administrative functions. This role is appropriate for team members who need to contribute to governance activities without full system control.

Editor capabilities include:

• Create, edit, and delete use cases and assessments
• Manage models, vendors, policies, and training records
• Invite new team members
• Update organization settings (name and logo)
• Generate reports
• Access most settings tabs

Editors cannot:

• Manage integrations (Slack, MLflow)
• Create or delete API keys
• Change their own role

Viewer role

Viewers have read-only access to the platform. This role is appropriate for stakeholders who need to review governance information without making changes, such as auditors or executives.

Viewer capabilities include:

• View use cases, assessments, and compliance status
• View models, vendors, policies, and training records
• View reports (cannot generate new reports)
• Access dashboard and analytics
• Update personal profile and preferences

Viewers cannot:

• Create, edit, or delete any content
• Invite users or manage team members
• Access organization settings
• Generate reports
• Access integrations or API keys

Assigning roles

Roles are assigned in two ways:

During invitation

When inviting a new team member, select the appropriate role in the invitation modal. The user will have this role when they create their account.

Changing an existing user's role

To change a user's role after they have joined:

1. Navigate to Settings > Team
2. Find the user in the team table
3. Click on the role dropdown in their row
4. Select the new role
5. The change takes effect immediately

Permission reference

The following table summarizes key permissions by role:

Best practices

• Limit admin accounts: Assign the Admin role only to users who need full platform control. Most users should be Editors or Viewers.
• Review roles regularly: Periodically review user roles to ensure they match current responsibilities.
• Use Viewer for external access: For auditors or external stakeholders who need to review your governance, use the Viewer role.
• Document role decisions: Keep a record of why users were assigned specific roles for audit purposes.

Frequently asked questions

Can I create custom roles with specific permissions?

Currently, VerifyWise provides three predefined roles (Admin, Editor, Viewer). Custom role configuration is not available in this version. The predefined roles cover most organizational needs.

Can I change my own role?

No, users cannot change their own role. Another administrator must update your role if a change is needed. This prevents accidental loss of admin access.

How many administrators should we have?

We recommend having at least two administrators to ensure continuity. If one admin is unavailable, another can manage the platform. However, limit the number of admins to those who truly need full access.