--- title: "ThreatConnect Risk Quantifier User Roles and Permissions" slug: "threatconnect-risk-quantifier-user-roles-and-permissions" description: "This article defines the user roles in ThreatConnect Risk Quantifier (RQ) and the permissions associated with each role." tags: ["Account Roles and Permissions"] updated: 2024-04-11T14:25:40Z published: 2024-04-11T14:25:40Z --- > ## Documentation Index > Fetch the complete documentation index at: https://knowledge.threatconnect.com/llms.txt > Use this file to discover all available pages before exploring further. # ThreatConnect Risk Quantifier User Roles and Permissions ## Overview The ThreatConnect® Risk Quantifier (RQ) platform requires assignment of role-based access to users when creating user accounts so that least-necessary privilege can be provided to each user. A user’s role determines the capabilities and permissions that the user has in the RQ platform at the Enterprise level or within a Legal Entity, which is an organization or business unit of a company for which risk data are being quantified. The Enterprise level of an RQ instance provides access to multiple Legal Entities belonging to a company. ## Before You Start | Minimum Role(s) | - RQ Pro Administrator for viewing all users on the **User Management**screen within a Legal Entity and creating and managing users within a Legal Entity - RQ Enterprise Administrator for viewing all users on the **User Management**screen for a Portfolio, viewing all users on the **User Management** screen within a Legal Entity, and creating and managing users within a Portfolio or Legal Entity | | --- | --- | | Prerequisites | None | ## User Roles Table 1 defines the seven user roles from which administrators can select when creating user accounts. These roles may not be customized, and new user roles may not be created. NoteRQ Enterprise Administrators may create users of any type. RQ Pro Administrators may create only user types within their Legal Entity (i.e., any non-Enterprise user type). | User Role | Definition | | --- | --- | | RQ Enterprise Administrator | An **RQ Enterprise Administrator** has full administrative and editorial access over the Enterprise and within all Legal Entities in the Enterprise. | | RQ Enterprise Read Only | An **RQ Enterprise Read Only**user has read-only access over the Enterprise. This role has no Legal Entity–level access. | | RQ Pro Administrator | An **RQ Pro Administrator** has full administrative and editorial access within one or more Legal Entities. This role has no Enterprise-level access. | | RQ Pro Editor | An **RQ Pro Editor** has full editorial, but no administrative, access within one or more Legal Entities. This role has no Enterprise-level access. | | RQ Pro Read Only | An **RQ Pro Read Only**user has read-only access within one or more Legal Entities. This role has no Enterprise-level access. | | RQ Fair Only | An **RQ Fair Only** user has read-only access within one or more Legal Entities, as well as the ability to run Factor Analysis of Information Risk ([FAIR™](https://www.fairinstitute.org/learn-fair)) and semi-automated FAIR What If scenarios within those Legal Entities. This role has no Enterprise-level access. | | RQ Export API | An **RQ Export API**user can only use API calls to retrieve information on one or more Legal Entities from the RQ platform. This role has no user interface (UI) access or Enterprise-level access. | ### Enterprise Level The only user roles with Enterprise-level access are RQ Enterprise Administrator and RQ Enterprise Read Only. Table 2 defines the specific capabilities that users with the RQ Enterprise Administrator or RQ Enterprise Read Only role have on the **Portfolio Analysis** screen. | User Role | View Portfolio Analysis | Edit Implementation Cost | | --- | --- | --- | | RQ Enterprise Administrator | ✔ | ✔ | | RQ Enterprise Read Only | ✔ | | Note**Implementation Cost** is displayed in the table on the **Controls detailed list** card on the **Portfolio Analysis** screen. Table 3 defines the specific capabilities that users with the RQ Enterprise Administrator or RQ Enterprise Read Only role have on the **Legal Entities** screen. | User Role | Create Legal Entity | Archive Legal Entity | Edit Legal Entity | Access Legal Entity | | --- | --- | --- | --- | --- | | RQ Enterprise Administrator | ✔ | ✔ | ✔ | ✔ | | RQ Enterprise Read Only | | | | | NoteRQ Enterprise Read Only users may view the **Legal Entities** screen, but cannot make any changes to the Legal Entities in the Enterprise or access any of the Legal Entities from the screen. Table 4 defines the specific capabilities that users with the RQ Enterprise Administrator or RQ Enterprise Read Only role have on the **Data Export** screen. | User Role | Export Data to CSV | | --- | --- | | RQ Enterprise Administrator | ✔ | | RQ Enterprise Read Only | ✔ | Table 5 defines the specific capabilities that users with the RQ Enterprise Administrator or RQ Enterprise Read Only role have on the **Settings** screen. Depending on the size of the device on which you are viewing this article, you may need to scroll horizontally to view all table columns. | User Role | User Management | Preferences | Activity Log | Single Sign On | | --- | --- | --- | --- | --- | | | **Create User** | **Edit Account** | **Reset Password** | **Deactivate/ Reactivate User** | **View** | **Edit** | **View** | **View** | **Edit** | | RQ Enterprise Administrator | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ | | RQ Enterprise Read Only | | ✔ | ✔ | | | | | | | ImportantRQ Enterprise Administrators may not edit the RQ Instance Administrator account (rq@threatconnect.com), reset the RQ Instance Administrator account’s password, or deactivate the RQ Instance Administrator account.NoteRQ Enterprise Read Only users will not be able to view other users on the **User Management** screen. They will see only their own account listed in the table. They may edit their own user name (by clicking **Edit Account**) and reset their own password. ### Legal Entity Level Table 6 defines the specific capabilities that all user roles have in the following areas of the RQ platform: - **Risk Analysis**: screens for all options under the **Risk Analysis** menu - **Third Party**: screens for all options under the **Third Party**menu - **Configuration**: screens for all **Setup** options on the **Configuration**screen - **Reports**: screen for the **Reports**menu - **What If**: screen for the **What If**menu - **Data Export**: screen for the **Data Export** menu Depending on the size of the device on which you are viewing this article, you may need to scroll horizontally to view all table columns. NoteThe RQ Export API user role is not covered because it has no UI access. | User Role | Run Risk Analysis | View Third Party Analyses | Scan a Third Party With SecurityScorecard™ | All Configuration Setup Options | Generate Report | Build What If Analysis | Data Export to CSV | | --- | --- | --- | --- | --- | --- | --- | --- | | RQ Enterprise Administrator | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ | | | RQ Enterprise Read Only | | | | | | | | | RQ Pro Administrator | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ | | RQ Pro Editor | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ | | RQ Pro Read Only | | ✔ | | ✔ (view only) | ✔ | | | | RQ Fair Only | | | | ✔ (view and edit **Legal Entity** and **Control Profiles** sections, including **Create Profile**) | | ✔ | | Table 7 defines the specific capabilities that all user roles have on the **Settings**screen. Depending on the size of the device on which you are viewing this article, you may need to scroll horizontally to view all table columns. NoteThe RQ Export API user role is not covered because it has no UI access. | User Role | User Management | Model Tuning | Activity Log | Preferences | Model Insights | Application Settings | | --- | --- | --- | --- | --- | --- | --- | | | **Create User** | **Edit Account** | **Reset Password** | **Deactivate/** **ReactivateUser** | **View** | **Edit** | **Revert to Default** | **View** | **View** | **Edit** | **View** | **View** | **Edit** | | RQ Enterprise Administrator | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ | | RQ Enterprise Read Only | | | | | | | | | | | | | | | RQ Pro Administrator | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ | | RQ Pro Editor | | | | | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ | | RQ Pro Read Only | | | | | ✔ | | | | | | ✔ | ✔ | | | RQ Fair Only | | | | | | | | | ✔ | ✔ | | | | NoteAll user types may view **License Details** information from the **Settings**screen.NoteThe RQ Pro Administrator is the only RQ Pro account that may view other users on the **User Management** screen. All other RQ Pro users will see only their own account listed in the table. They may edit their own user name (by clicking **Edit Account**) and reset their own password. RQ Fair Only users will see only their own account listed in the table and may edit their own user name, but may not reset their own password. --- *ThreatConnect® is a registered trademark of ThreatConnect, Inc. FAIR™ is a trademark of The Fair Institute. SecurityScorecard™ is a trademark of SecurityScorecard, Inc.* 20130-01 v.01.B