ThreatConnect Risk Quantifier User Roles and Permissions
  • 25 Aug 2023
  • 5 Minutes to read
  • Dark
    Light

ThreatConnect Risk Quantifier User Roles and Permissions

  • Dark
    Light

Article Summary

Minimum Role: RQ Pro Administrator (for viewing all users on the User Management screen within a Legal Entity and creating and managing users within a Legal Entity); RQ Enterprise Administrator (for viewing all users on the User Management screen for a Portfolio, viewing all users on the User Management screen within a Legal Entity, and creating and managing users within a Portfolio or Legal Entity)

Prerequisites: None

Overview

The ThreatConnect® Risk Quantifier (RQ) platform requires assignment of role-based access to users when creating user accounts so that least-necessary privilege can be provided to each user. A user’s role determines the capabilities and permissions that the user has in the RQ platform at the Enterprise level or within a Legal Entity, which is an organization or business unit of a company for which risk data are being quantified. The Enterprise level of an RQ instance provides access to multiple Legal Entities belonging to a company.

User Roles

Table 1 defines the seven user roles from which administrators can select when creating user accounts. These roles may not be customized, and new user roles may not be created.

Note
RQ Enterprise Administrators may create users of any type. RQ Pro Administrators may create only user types within their Legal Entity (i.e., any non-Enterprise user type).

 

User RoleDefinition

RQ Enterprise Administrator

An RQ Enterprise Administrator has full administrative and editorial access over the Enterprise and within all Legal Entities in the Enterprise.

RQ Enterprise Read Only

An RQ Enterprise Read Only user has read-only access over the Enterprise. This role has no Legal Entity–level access.

RQ Pro Administrator

An RQ Pro Administrator has full administrative and editorial access within one or more Legal Entities. This role has no Enterprise-level access.

RQ Pro Editor

An RQ Pro Editor has full editorial, but no administrative, access within one or more Legal Entities. This role has no Enterprise-level access.

RQ Pro Read Only

An RQ Pro Read Only user has read-only access within one or more Legal Entities. This role has no Enterprise-level access.

RQ Fair Only

An RQ Fair Only user has read-only access within one or more Legal Entities, as well as the ability to run Factor Analysis of Information Risk (FAIR™) and semi-automated FAIR What If scenarios within those Legal Entities. This role has no Enterprise-level access.

RQ Export API

An RQ Export API user can only use API calls to retrieve information on one or more Legal Entities from the RQ platform. This role has no user interface (UI) access or Enterprise-level access.

Enterprise Level

The only user roles with Enterprise-level access are RQ Enterprise Administrator and RQ Enterprise Read Only. Table 2 defines the specific capabilities that users with the RQ Enterprise Administrator or RQ Enterprise Read Only role have on the Portfolio Analysis screen.

 

User RoleView Portfolio AnalysisEdit Implementation Cost

RQ Enterprise Administrator

RQ Enterprise Read Only


Note
Implementation Cost is displayed in the table on the Controls detailed list card on the Portfolio Analysis screen.

Table 3 defines the specific capabilities that users with the RQ Enterprise Administrator or RQ Enterprise Read Only role have on the Legal Entities screen.

 

User RoleCreate Legal EntityArchive Legal EntityEdit Legal EntityAccess Legal Entity

RQ Enterprise Administrator

RQ Enterprise Read Only





Note
RQ Enterprise Read Only users may view the Legal Entities screen, but cannot make any changes to the Legal Entities in the Enterprise or access any of the Legal Entities from the screen.

Table 4 defines the specific capabilities that users with the RQ Enterprise Administrator or RQ Enterprise Read Only role have on the Data Export screen.

 

User RoleExport Data to CSV

RQ Enterprise Administrator

RQ Enterprise Read Only

Table 5 defines the specific capabilities that users with the RQ Enterprise Administrator or RQ Enterprise Read Only role have on the Settings screen. Depending on the size of the device on which you are viewing this article, you may need to scroll horizontally to view all table columns.

 

User RoleUser ManagementPreferencesActivity LogSingle Sign On

Create User

Edit Account

Reset Password

Deactivate/
Reactivate
User

View

Edit

View

View

Edit

RQ Enterprise Administrator

RQ Enterprise Read Only








Important
RQ Enterprise Administrators may not edit the RQ Instance Administrator account (rq@threatconnect.com), reset the RQ Instance Administrator account’s password, or deactivate the RQ Instance Administrator account.
Note
RQ Enterprise Read Only users will not be able to view other users on the User Management screen. They will see only their own account listed in the table. They may edit their own user name (by clicking Edit Account) and reset their own password.

Legal Entity Level

Table 6 defines the specific capabilities that all user roles have in the following areas of the RQ platform:

  • Risk Analysis: screens for all options under the Risk Analysis menu
  • Third Party: screens for all options under the Third Party menu
  • Configuration: screens for all Setup options on the Configuration screen
  • Reports: screen for the Reports menu
  • What If: screen for the What If menu
  • Data Export: screen for the Data Export menu

Depending on the size of the device on which you are viewing this article, you may need to scroll horizontally to view all table columns.

Note
The RQ Export API user role is not covered because it has no UI access.

 

User RoleRun Risk AnalysisView Third Party AnalysesScan a Third Party With SecurityScorecard™All Configuration Setup OptionsGenerate ReportBuild What If AnalysisData Export
to CSV

RQ Enterprise Administrator


RQ Enterprise Read Only








RQ Pro Administrator

RQ Pro Editor

RQ Pro Read Only




(view only)



RQ Fair Only





(view and edit Legal Entity and Control Profiles sections, including
Create Profile)



Table 7 defines the specific capabilities that all user roles have on the Settings screen. Depending on the size of the device on which you are viewing this article, you may need to scroll horizontally to view all table columns.

Note
The RQ Export API user role is not covered because it has no UI access.

 

User RoleUser ManagementModel TuningActivity LogPreferencesModel InsightsApplication Settings

Create UserEdit AccountReset PasswordDeactivate/
ReactivateUser
ViewEditRevert to DefaultViewViewEditViewViewEdit
RQ Enterprise Administrator
RQ Enterprise Read Only












RQ Pro Administrator
RQ Pro Editor



RQ Pro Read Only









RQ Fair Only










Note
All user types may view License Details information from the Settings screen.
Note
The RQ Pro Administrator is the only RQ Pro account that may view other users on the User Management screen. All other RQ Pro users will see only their own account listed in the table. They may edit their own user name (by clicking Edit Account) and reset their own password. RQ Fair Only users will see only their own account listed in the table and may edit their own user name, but may not reset their own password.

ThreatConnect® is a registered trademark of ThreatConnect, Inc.
FAIR™ is a trademark of The Fair Institute.
SecurityScorecard™ is a trademark of SecurityScorecard, Inc.

20130-01 v.01.B


Was this article helpful?