I would like directors to be able to see all risks but only edit their own risks. This way they get an overview of risks across the company without directly editing risks assigned to other users.
I have created a group called “eramba - view all risks” in AD and associated it with a group in eramba called “system - view all risks” and in visualisations added the “system - view all risks” group to “Risk Management / Asset Risks”
I was expecting my test user to be able to edit their assigned risks and view the risks of others but it appears that they can edit all, maybe the visualisation gives then access to view all then their membership of “System Group - Edit Asset Risks” gives them access to edit the risks they can see which, because of the visualisations, means all of them.
Is there a better way to give certain people view only access to all objects of a particular type (Control, policy, asset, risk) and edit access only to those they are assigned to?