💡 Still using the classic Drata experience? Refer to Role Administration & RBAC for the original UI.
Admins can assign one or more roles to a user. Each role grants access to specific areas of the workspace.
Note: Admins have full read and write access across all areas of the workspace.
How roles work
Roles are predefined access bundles
Users can have multiple roles
Access is additive
Some roles provide read-only or restrictive access/view
Roles and descriptions
Use this section to decide which Drata role best fits a user’s responsibilities.
Roles and descriptions table
Role | Description |
Admin | Full access to all areas. Can manage users and roles. |
Access Reviewer | Reviews and validates user access to ensure appropriate permissions and least-privilege access. |
Control Manager | Maintains controls, supporting evidence, and control-related tasks. |
DevOps Engineer | Manages technical integrations, monitoring, and infrastructure-related evidence and findings. |
Information Security Lead | Manages security posture, controls, evidence, and security reporting across the workspace. |
Knowledge Base | Manages and maintains internal knowledge base content and documentation. |
Personnel Compliance Manager | Manages personnel-related compliance tasks, employee status, and onboarding and offboarding workflows. |
Policy Manager | Creates, updates, publishes, and manages company policies. |
Risk Manager | Manages risk assessments, risk treatment, and ongoing risk management activities. |
Risk Register Owner | Owns and maintains the risk register, including creating, updating, and tracking risks. |
Trust Center Manager | Manages Trust Center configuration, access requests, and shared security content. |
Trust Center Reviewer | Reviews Trust Center access requests and shared security information. |
Workspace Manager | Manages day-to-day workspace configuration, including assets, vendors, integrations, and operational setup. |
Internal Auditor | Reviews audit evidence, controls, and compliance status for internal audit purposes. |
Role access summary (high-level)
All users can access My Drata and manage their own personal settings, regardless of role.
🔒 Admin-only actions Only Admins can grant remote access to Drata Support.
Anything under organization settings, only admins can access and manage exepct for the following cases
All roles expect risk register owner can access the My Drata page to view their own information and activity.
All users, regardless of role, can access and manage their personal settings, such as notifications and language preferences.
Only Admins can grant remote access to the Drata Support team.
You must be an Admin in your Drata account to enable or revoke remote support access.
In general, Organization settings are Admin-only.
However, some settings under the Organization section are accessible to specific roles based on responsibility. These exceptions are intentional:
Workflows: Accessible to Workspace Managers
Personnel Compliance (Human Resources): Accessible to Personnel Compliance Managers
Ticket Automation: Accessible to DevOps Engineers