Question - Only edit specific items

We have a large organization with multiple separate business units. Each business unit has its own ‘Risk Manager’ who has access to Eramba. We want to achieve the following:

a) Provide every Risk Manager with insight into organization-wide risks.
b) Allow every Risk Manager to register and view risks specific to their own business unit.
c) Restrict editing capabilities so that Risk Managers can only edit risks specific to their own business unit and not organization-wide risks.

We have successfully implemented points (a) and (b). However, it appears to be impossible to implement point (c). When we create a specific group for a business unit and grant that group the ability to edit risks, it also allows them to edit other visible risks (including organization-wide risks that are managed by a dedicated team).

Is there a smart way to resolve this issue?

1 Like

Hello,

just an idea: use reports to “a” (run as admin) so you can put risk managers to different groups so they see/edit only their risks.

Gábor

Hi Gábor,

Could you please elaborate? I’m not sure I fully understand. We’ve already assigned risk managers to different groups, allowing them to only view and edit their risks. However, we also want these risk managers to see organization-wide risks that affect them but are managed by others. We don’t want them to have the option to edit these specific risks, but it would be fine if they could create a report on them.

sure :slight_smile:

Risk manager1 member of Rgroup1
Risk manger2 member of Rgroup2

Risk1.x (risks connected to Risk manager 1) for all risk you set “Risk Originator Contact”: Rgroup1
Risk2.x (risks connected to Risk manager 1) for all risk you set “Risk Originator Contact” is Rgroup2

Now B and C is done, but they don’t see the whole picture, so we have to deal with A You can create a report which contains all risks and send it every week/month (as you want) to Rgroup1 and Rgroup2. I think in this way A is done (if I have not misunderstood you)

Sorry I haven’t used “Risk1.x” to explain at the end, so just ignore them :wink:

I am not sure this is what we are looking for, but you did give me an idea. The reports generated by Eramba unfortunately don’t fully meet our needs and creating a weekly report manually would be too labor-intensive. We might experiment in a next phase with the APIs to export data to a different dashboard, giving us more control over the presentation.

whatever they “see” they will be able to edit or not (depending on your choice), therefore the way around is to make sure they only see the items they own.

in eramba visualisations ensures you see what you own: Access Management | Eramba learning portal

this will let whoever is member of the group to edit, but you also need to make sure they “see” the risks.

if your you company purchased implementation workshops, then simply book a session by writing to support@eramba.org

mitchell@securemetrics.io

this guy is very good at that sort of stuff

Thanks for sharing, these are great!