Skip to main content

Roles and Permissions

The Roles and Permissions page provides full visibility into existing roles and their permissions. ASCERA includes a set of predefined roles aligned with common organizational responsibilities and compliance best practices.

Administrator

Manages ASCERA tenant configuration, user access, integrations, and system settings. Oversees platform activity and governance.

Typical permissions:

  • Full tenant and system configuration (Tenant, Tenant Config, System)
  • User and role management
  • API configuration and key management
  • Connectors and automation setup (for the Advanced Smart Lists and ConMon)
  • Billing and subscription management
  • All compliance/security content (Documents, Evidence, ODPs, POA&Ms, Tasks, Feedback)
  • Audit log access and review

Security Analyst

Configures and monitors the organization’s technical security posture and continuous monitoring integrations.

Typical permissions:

  • Configure and manage connectors and automation (for the Advanced tier Smart Lists, and the ConMon tier)
  • Create/update Evidence, ODPs, POA&Ms, Tasks
  • View and contribute to Assessor/Internal Feedback
  • Maintain lookup lists and system metadata needed for monitoring
  • Tenant-level operational actions (non-admin)

Compliance Analyst

Manages compliance controls, documentation, and assessment readiness for the organization.

Typical permissions:

  • Create/update Evidence, ODPs, POA&Ms, Tasks
  • Manage compliance documentation and artifacts
  • Contribute to Assessor/Internal Feedback
  • Maintain lookup lists and compliance metadata
  • Use automation related to compliance workflows
  • Tenant-level operational actions (non-admin)
  • No connectors, API, billing, or tenant configuration

Read-Only Compliance Analyst

Provides visibility into compliance posture without making changes.

Typical permissions:

  • View Evidence, ODPs, POA&Ms, Tasks, Feedback, System status
  • View automation results and compliance dashboards
  • No create/update/delete actions

Read-Only Security Analyst

Monitors security/ConMon status and integrations without configuration rights.

Typical permissions:

  • View connectors, automation status (for the Advanced tier Smart Lists, and the ConMon tier)
  • View Evidence, ODPs, POA&Ms
  • View Tasks, Feedback, System status
  • No configuration or content modification

Assessor

Performs independent gap or formal assessments using ASCERA assessment workspaces.

Typical permissions:

  • Review Evidence, ODPs, POA&Ms, Tasks, System posture
  • Provide Assessor Feedback
  • Access audit logs relevant to assessment
  • Limited tenant context and configuration visibility needed for assessment
  • No operational configuration (connectors, automation, billing, API)

Role Design and Permission Alignment

  • Security vs Compliance Analyst: only the Security Analyst has Connector permissions → matches ConMon ownership.
  • Assessor: unique Audit Log + Tenant Configuration view → appropriate for assessment traceability.
  • Read-only roles: currently show the same module list as contributors → likely enforced as read-only in the action layer.