Support - Proper rights for auditee

mvp · March 29, 2017, 10:54am

We are trying to create a Group for auditees and have been experimenting with the correct rights (Access List) in order for the Auditee to be able fill the Audit. Generally the Role Management contains a lot of different rights which can be assigned to a Group and it is not always easy to understand what each Means. Can anyone provide some insights into this?

What we are trying to accomplish is to create a Group which will have the rights to fill in an Audit and nothing else.
We would also like that the Auditee are not able to see other Audits than the one he is assigned to, this I guess can not be done with rights, but can it be done with Workflows?
When someone with full rights are assigned to an Audit and goes to fill it, he can also see what other Auditees have filled, this we would also like to prevent.

eramba · March 30, 2017, 1:09pm

Hello There!

This is the list of access lists:

Users/Login
Users/Logout
Users/Profile
Users/Resetpassword
Users/Useticket

Ajax/CancelAction
Ajax/DownloadAttachment
Ajax/IsAuthorized
Ajax/ModalSidebarWidget

Attachments/Add
Attachments/AddAjax
Attachments/CancelAction
Attachments/Download

Comments/AddAjax
Comments/CancelAction
Comments/Index
Comments/ListComments

ComplianceAudits/Analyze
ComplianceAudits/AnalyzeAuditee
ComplianceAudits/AuditeeExportFindings -> Download PDF findings
ComplianceAudits/AuditeeFeedback -> provide a feedback (the select dropdown with answers)

We’ll include this in the documentation later today. Thanks for bringing this up mvp !

Seb

byas.mohesowa · February 11, 2021, 9:53am

Hello,
Is there updated documentation on this?
Some of the ACLs given here are no longer available in the latest enterprise edition.

Want to achieve same objective.

Individuals who are assigned to execute Audits, should be able to login and execute the audit and load comments and evidences.
They should also have some sort of dashboard giving a summary of their tasks

Same concept for Policy reviews and other applicable modules

Thanks!

eramba · February 11, 2021, 11:23am

hello!

ACLs dont need descriptions , the reason why is long but is explained on the 5th Basic Training session which covers in detail how to work with groups, user accounts, ldap sync, ACLs etc

Most default groups that come in eramba are enough for what you mention, but you still need to understand in detail how access management works , i strongly advice completing the video above.

If you need a specific ACL that is not defined on the default groups you can of course do it yourself, the trainnig above explains how that works, also the following video on the access management documentation:

Go trough all that, if something does work let us know we’ll do a zoom call and try to help!

regards!
esteban