Skip to main content
All CollectionsRole Administration
Role Administration & RBAC
Role Administration & RBAC

Find your assigned roles and learn the available roles.

Dana Mauger avatar
Written by Dana Mauger
Updated yesterday

Role-based access control (RBAC) allows admin roles to assign personnel to roles that fit their specific needs. Each role has access to different features within the Drata application, so it's important to know which role you have. Find your role at Drata.

Find your assigned role

To find your assigned role, check your email that has your login credentials or an email with the subject line 'You have been added as'. The email subject line indicates your role and the content provides additional details about your role.

Available roles

Roles and Permissions

The sections below specify the permissions for each of Drata’s predefined roles. The ✅ under each role indicates the role has access to the permission.

If a person is assigned a role with Read-only access, they can view the data but not modify it.

For those using Drata prior to September 2023, the 'Tech Governance Team' has been renamed to 'Information security leads'. The permissions for the role remain the same.

Permission

Description

Admin

Information Security Leads

DevOps Engineer

Risk Managers

Workspace Managers

Control Managers

Personnel Compliance Managers

Policy Managers

Assets: Assets page

Read lets people view the list of assets and their details. Write lets them edit vendor details and complete report reviews.

Audit Hub: Audit Hub page

Read lets people view the page, which shows all active and completed audits, and download pre-audit packages. There’s no write access.

Audit Hub: Auditor List page

Read lets people view the Auditor List, which shows auditors your organization has worked with in Drata. Write lets them add or delete auditor profiles from the auditor list.

Audit Hub: Audit pages

Read lets people view individual audit pages, including requests, assigned auditors, and audit resources. Write lets them assign auditors, work on auditor requests, change request status, and create audits in Audit Hub. Other write permissions are usually required to complete requests.

Company Settings: Company Info page

Read lets people view the Company Info page. Write lets them edit details.

Company Settings: Key Personnel Info page

Read lets people view the Key Personnel Info page. Write lets them edit details.

Company Settings: Language page

Read lets people view the Language (default) page. Write lets them change it. People can always change their own language setting.

Company Settings: Role Administration page

Read lets people view the Role Administration page. Write lets them assign people to roles.

Company Settings: Human Resources page

Read lets people view the Human Resources page. Write lets them edit details.

Company Settings: Internal Security page

Read lets people view the Internal Security page. Write lets them edit settings.

Company Settings: Notifications page

Read lets people view the Notifications page. Write lets them create, edit, and delete automated notifications for the organization.

Company Settings: Ticket Automation page

Read lets people view the Ticket Automation page. Write lets them create edit, and delete ticket rules.

Company Settings: Vendor Questionnaire page

Read lets people view the Vendor Questionnaire page and individual questionnaires. Write lets them create, edit, and delete questionnaires.

Company Settings: API Keys page

Read lets people view the API Keys page and API documentation. Write lets them create new API keys.

Connections: Connections page

Read lets people view the page, which shows active and available connections. Write lets them add, edit and delete connections.

Connections: Manage Accounts

Read lets people view the connected infrastructure, observability, and version control accounts. Write lets them manage the accounts.

Connections: View Findings

Read lets people view results from the connected vulnerability scanning. Write lets them resync the connected vulnerability scanning.

Controls: Controls page

Read lets people view the Controls page, including all controls and their details. Write lets them edit details, change the scope of controls, create controls, and be assigned as a control owner.

Dashboard: Dashboard page

Provides the most essential alerts, trends, and tasks needed to give a holistic view of your organization’s risk and compliance posture. There’s no write access.

Event Tracking: Event Tracking page

Read lets people view all events, their details, and download raw evidence. There’s no write access.

Evidence Library: Evidence Library page

Read lets people view all evidence uploaded and their details. Write lets them edit details and add evidence to the Evidence Library.

Frameworks: Frameworks page

Read lets people view the Frameworks page, individual framework pages, requirements, and details. Write lets them modify requirements, change scopes, and create custom frameworks.

Help: Remote access permission

Write lets people grant or revoke remote support access for all personnel in the Help menu.

Monitoring: Monitoring page

Read lets people view the Monitoring page, including all tests, their details, and raw test evidence. Write lets them run tests, manage test notification preferences, and map controls to tests. Mapping controls requires Controls page write permission.

My Settings: Notifications page

Read lets people view their notifications. Write lets them turn on/off their notifications.

My Settings: Language page

Read lets people view their language preference. Write lets them set their language preference.

Personnel: Personnel page

Read lets people view the Personnel page, the personnel list, status, and details. Write lets them edit personnel details and take actions related to personnel.

Policy Center: Policy Center page

Read lets people view all policies and download them. Write lets them create policies, edit policies details, take actions based on responsibility, and adjust related notifications in personal settings.

Quick Start: Quick Start page

At the start of your Drata journey, you will work through each step within the Quick Start Guide in order to prepare to onboard your employees and configure the system for your compliance journey.

Risk Assessment: Risk Assessment page

Read lets people view status for all assessment sections. Write lets them complete assessments and assign others who also have Risk Assessment page write permission.

Risk Management: Risk Management page

Read lets people view risks, insights, and the details of both. Write lets them edit risks, add and treat risks, create tickets, assign risk owners, and map controls to risks. Mapping controls requires Controls page write permission.

Security Report: Security Report page

Read lets people view and download the security report to share with potential customers, auditors or board members. Write lets them edit the security report settings and turn on/off sharing of the report.

Tasks: General

Read lets people view general tasks. Write lets people edit details about the task and mark the task complete.

Tasks: Controls

Read lets people view control tasks. Write lets people edit details about the task and mark the task complete.

Tasks: Evidence renewals

Read lets people view evidence renewal tasks based on the evidence renewal date. Write lets people manage the evidence itself.

Tasks: Policy renewals

Read lets people view policy renewal tasks based on the policy renewal date. Write lets people manage the policy itself.

Tasks: Vendor reminders

Read lets people view vendor reminder tasks based on the reminder date. Write lets people manage the vendor itself.

Trust Center: Trust Center page

Read lets people view the Trust Center page, incoming access requests, and domains that have access. Write lets them manage access requests and domain.

Trust Center: Trust page editor

Write lets people customize the Trust page.

Trust Center: Trust page settings

Read lets people access and view Trust Center settings. Write lets them edit Trust Center settings.

Vendors: Vendors page

Read lets people view the list of vendors and their details. Write lets them edit vendor details, complete report reviews, and add vendors.

Want to know more about the Workspace Manager role? Learn more here.

Want to know more about the Guest Administrator role? Learn more here.

Did this answer your question?