ThreatConnect Risk Quantifier User Roles and Permissions
- 11 Apr 2024
- 5 Minutes to read
-
Print
-
DarkLight
ThreatConnect Risk Quantifier User Roles and Permissions
- Updated on 11 Apr 2024
- 5 Minutes to read
-
Print
-
DarkLight
Article Summary
Share feedback
Thanks for sharing your feedback!
Overview
The ThreatConnect® Risk Quantifier (RQ) platform requires assignment of role-based access to users when creating user accounts so that least-necessary privilege can be provided to each user. A user’s role determines the capabilities and permissions that the user has in the RQ platform at the Enterprise level or within a Legal Entity, which is an organization or business unit of a company for which risk data are being quantified. The Enterprise level of an RQ instance provides access to multiple Legal Entities belonging to a company.
Before You Start
| Minimum Role(s) |
|
|---|---|
| Prerequisites | None |
User Roles
Table 1 defines the seven user roles from which administrators can select when creating user accounts. These roles may not be customized, and new user roles may not be created.
Note
RQ Enterprise Administrators may create users of any type. RQ Pro Administrators may create only user types within their Legal Entity (i.e., any non-Enterprise user type).
| User Role | Definition |
|---|---|
RQ Enterprise Administrator | An RQ Enterprise Administrator has full administrative and editorial access over the Enterprise and within all Legal Entities in the Enterprise. |
RQ Enterprise Read Only | An RQ Enterprise Read Only user has read-only access over the Enterprise. This role has no Legal Entity–level access. |
RQ Pro Administrator | An RQ Pro Administrator has full administrative and editorial access within one or more Legal Entities. This role has no Enterprise-level access. |
RQ Pro Editor | An RQ Pro Editor has full editorial, but no administrative, access within one or more Legal Entities. This role has no Enterprise-level access. |
RQ Pro Read Only | An RQ Pro Read Only user has read-only access within one or more Legal Entities. This role has no Enterprise-level access. |
RQ Fair Only | An RQ Fair Only user has read-only access within one or more Legal Entities, as well as the ability to run Factor Analysis of Information Risk (FAIR™) and semi-automated FAIR What If scenarios within those Legal Entities. This role has no Enterprise-level access. |
RQ Export API | An RQ Export API user can only use API calls to retrieve information on one or more Legal Entities from the RQ platform. This role has no user interface (UI) access or Enterprise-level access. |
Enterprise Level
The only user roles with Enterprise-level access are RQ Enterprise Administrator and RQ Enterprise Read Only. Table 2 defines the specific capabilities that users with the RQ Enterprise Administrator or RQ Enterprise Read Only role have on the Portfolio Analysis screen.
| User Role | View Portfolio Analysis | Edit Implementation Cost |
|---|---|---|
RQ Enterprise Administrator | ✔ | ✔ |
RQ Enterprise Read Only | ✔ |
Note
Implementation Cost is displayed in the table on the Controls detailed list card on the Portfolio Analysis screen.
Table 3 defines the specific capabilities that users with the RQ Enterprise Administrator or RQ Enterprise Read Only role have on the Legal Entities screen.
| User Role | Create Legal Entity | Archive Legal Entity | Edit Legal Entity | Access Legal Entity |
|---|---|---|---|---|
RQ Enterprise Administrator | ✔ | ✔ | ✔ | ✔ |
RQ Enterprise Read Only |
Note
RQ Enterprise Read Only users may view the Legal Entities screen, but cannot make any changes to the Legal Entities in the Enterprise or access any of the Legal Entities from the screen.
Table 4 defines the specific capabilities that users with the RQ Enterprise Administrator or RQ Enterprise Read Only role have on the Data Export screen.
| User Role | Export Data to CSV |
|---|---|
RQ Enterprise Administrator | ✔ |
RQ Enterprise Read Only | ✔ |
Table 5 defines the specific capabilities that users with the RQ Enterprise Administrator or RQ Enterprise Read Only role have on the Settings screen. Depending on the size of the device on which you are viewing this article, you may need to scroll horizontally to view all table columns.
| User Role | User Management | Preferences | Activity Log | Single Sign On | |||||
|---|---|---|---|---|---|---|---|---|---|
Create User | Edit Account | Reset Password | Deactivate/ | View | Edit | View | View | Edit | |
RQ Enterprise Administrator | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ |
RQ Enterprise Read Only | ✔ | ✔ | |||||||
Important
RQ Enterprise Administrators may not edit the RQ Instance Administrator account (rq@threatconnect.com), reset the RQ Instance Administrator account’s password, or deactivate the RQ Instance Administrator account.
Note
RQ Enterprise Read Only users will not be able to view other users on the User Management screen. They will see only their own account listed in the table. They may edit their own user name (by clicking Edit Account) and reset their own password.
Legal Entity Level
Table 6 defines the specific capabilities that all user roles have in the following areas of the RQ platform:
- Risk Analysis: screens for all options under the Risk Analysis menu
- Third Party: screens for all options under the Third Party menu
- Configuration: screens for all Setup options on the Configuration screen
- Reports: screen for the Reports menu
- What If: screen for the What If menu
- Data Export: screen for the Data Export menu
Depending on the size of the device on which you are viewing this article, you may need to scroll horizontally to view all table columns.
Note
The RQ Export API user role is not covered because it has no UI access.
| User Role | Run Risk Analysis | View Third Party Analyses | Scan a Third Party With SecurityScorecard™ | All Configuration Setup Options | Generate Report | Build What If Analysis | Data Export to CSV |
|---|---|---|---|---|---|---|---|
RQ Enterprise Administrator | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ | |
RQ Enterprise Read Only | |||||||
RQ Pro Administrator | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ |
RQ Pro Editor | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ |
RQ Pro Read Only | ✔ | ✔ | ✔ | ||||
RQ Fair Only | ✔ | ✔ |
Table 7 defines the specific capabilities that all user roles have on the Settings screen. Depending on the size of the device on which you are viewing this article, you may need to scroll horizontally to view all table columns.
Note
The RQ Export API user role is not covered because it has no UI access.
| User Role | User Management | Model Tuning | Activity Log | Preferences | Model Insights | Application Settings | |||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Create User | Edit Account | Reset Password | Deactivate/ ReactivateUser | View | Edit | Revert to Default | View | View | Edit | View | View | Edit | |
| RQ Enterprise Administrator | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ |
| RQ Enterprise Read Only | |||||||||||||
| RQ Pro Administrator | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ |
| RQ Pro Editor | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ | ||||
| RQ Pro Read Only | ✔ | ✔ | ✔ | ||||||||||
| RQ Fair Only | ✔ | ✔ | |||||||||||
Note
All user types may view License Details information from the Settings screen.
Note
The RQ Pro Administrator is the only RQ Pro account that may view other users on the User Management screen. All other RQ Pro users will see only their own account listed in the table. They may edit their own user name (by clicking Edit Account) and reset their own password. RQ Fair Only users will see only their own account listed in the table and may edit their own user name, but may not reset their own password.
ThreatConnect® is a registered trademark of ThreatConnect, Inc.
FAIR™ is a trademark of The Fair Institute.
SecurityScorecard™ is a trademark of SecurityScorecard, Inc.
20130-01 v.01.B
Was this article helpful?
