Skip to main content
Role Administration & RBAC

Find your assigned roles and learn the available roles.

Updated over 4 months ago

Role-based access control (RBAC) allows admin roles to assign personnel to roles that fit their specific needs. Each role has access to different features within the Drata application, so it's important to know which role you have. Find your role at Drata.

Find your assigned role

To find your assigned role, check your email that has your login credentials or an email with the subject line 'You have been added as'. The email subject line indicates your role and the content provides additional details about your role.

Available roles

Roles and Permissions

The sections below specify the permissions for each of Drata’s predefined roles. The ✅ under each role indicates the role has access to the permission.

If a person is assigned a role with Read-only access, they can view the data but not modify it.

For those using Drata prior to September 2023, the 'Tech Governance Team' has been renamed to 'Information security leads'. The permissions for the role remain the same.

Permission

Description

Admin

Information Security Leads

DevOps Engineer

Risk Managers

Workspace Managers

Control Managers

Personnel Compliance Managers

Policy Managers

Assets: Assets page

Read lets people view the list of assets and their details. Write lets them edit vendor details and complete report reviews.


Admin

Information Security Leads

Workspace Managers

Audit Hub: Audit Hub page

Read lets people view the page, which shows all active and completed audits, and download pre-audit packages. There’s no write access.


Admin

Workspace Managers

Audit Hub: Auditor List page

Read lets people view the Auditor List, which shows auditors your organization has worked with in Drata. Write lets them add or delete auditor profiles from the auditor list.


Admin

Workspace Managers

Audit Hub: Audit pages

Read lets people view individual audit pages, including requests, assigned auditors, and audit resources. Write lets them assign auditors, work on auditor requests, change request status, and create audits in Audit Hub. Other write permissions are usually required to complete requests.


Admin

Workspace Managers

Company Settings: Company Info page

Read lets people view the Company Info page. Write lets them edit details.


Admin

Company Settings: Key Personnel Info page

Read lets people view the Key Personnel Info page. Write lets them edit details.


Admin

Company Settings: Language page

Read lets people view the Language (default) page. Write lets them change it. People can always change their own language setting.


Admin

Company Settings: Role Administration page

Read lets people view the Role Administration page. Write lets them assign people to roles.


Admin

Company Settings: Human Resources page

Read lets people view the Human Resources page. Write lets them edit details.


Admin


Personnel Compliance Managers

Company Settings: Internal Security page

Read lets people view the Internal Security page. Write lets them edit settings.


Admin

Company Settings: Notifications page

Read lets people view the Notifications page. Write lets them create, edit, and delete automated notifications for the organization.


Admin

Company Settings: Ticket Automation page

Read lets people view the Ticket Automation page. Write lets them create edit, and delete ticket rules.


Admin

Company Settings: Vendor Questionnaire page

Read lets people view the Vendor Questionnaire page and individual questionnaires. Write lets them create, edit, and delete questionnaires.


Admin

Company Settings: API Keys page

Read lets people view the API Keys page and API documentation. Write lets them create new API keys.


Admin

Connections: Connections page

Read lets people view the page, which shows active and available connections. Write lets them add, edit and delete connections.


Admin

Workspace Managers

Connections: Manage Accounts

Read lets people view the connected infrastructure, observability, and version control accounts. Write lets them manage the accounts.


Admin

Information Security Leads

Workspace Managers

Connections: View Findings

Read lets people view results from the connected vulnerability scanning. Write lets them resync the connected vulnerability scanning.


Admin

Information Security Leads

Workspace Managers

Controls: Controls page

Read lets people view the Controls page, including all controls and their details. Write lets them edit details, change the scope of controls, create controls, and be assigned as a control owner.


Admin

Information Security Leads

Workspace Managers


Control Managers

Dashboard: Dashboard page

Provides the most essential alerts, trends, and tasks needed to give a holistic view of your organization’s risk and compliance posture. There’s no write access.


Admin

Information Security Leads

Workspace Managers

Event Tracking: Event Tracking page

Read lets people view all events, their details, and download raw evidence. There’s no write access.


Admin

Information Security Leads

DevOps Engineer

Workspace Managers


Control Managers

Evidence Library: Evidence Library page

Read lets people view all evidence uploaded and their details. Write lets them edit details and add evidence to the Evidence Library.


Admin

Information Security Leads

Workspace Managers


Control Managers

Frameworks: Frameworks page

Read lets people view the Frameworks page, individual framework pages, requirements, and details. Write lets them modify requirements, change scopes, and create custom frameworks.


Admin

Information Security Leads

Workspace Managers

Help: Remote access permission

Write lets people grant or revoke remote support access for all personnel in the Help menu.


Admin

Information Security Leads

Workspace Managers

Monitoring: Monitoring page

Read lets people view the Monitoring page, including all tests, their details, and raw test evidence. Write lets them run tests, manage test notification preferences, and map controls to tests. Mapping controls requires Controls page write permission.


Admin

Information Security Leads

DevOps Engineer

Workspace Managers


Control Managers

My Settings: Notifications page

Read lets people view their notifications. Write lets them turn on/off their notifications.


Admin

Information Security Leads

DevOps Engineer


Risk Managers

Workspace Managers


Control Managers


Personnel Compliance Managers


Policy Managers

My Settings: Language page

Read lets people view their language preference. Write lets them set their language preference.


Admin

Information Security Leads


Risk Managers

Workspace Managers


Control Managers


Personnel Compliance Managers


Policy Managers

Personnel: Personnel page

Read lets people view the Personnel page, the personnel list, status, and details. Write lets them edit personnel details and take actions related to personnel.


Admin

Information Security Leads

Workspace Managers


Personnel Compliance Managers

Policy Center: Policy Center page

Read lets people view all policies and download them. Write lets them create policies, edit policies details, take actions based on responsibility, and adjust related notifications in personal settings.


Admin

Information Security Leads

Workspace Managers


Policy Managers

Quick Start: Quick Start page

At the start of your Drata journey, you will work through each step within the Quick Start Guide in order to prepare to onboard your employees and configure the system for your compliance journey.


Admin

Risk Assessment: Risk Assessment page

Read lets people view status for all assessment sections. Write lets them complete assessments and assign others who also have Risk Assessment page write permission.


Admin

Information Security Leads


Risk Managers

Workspace Managers

Risk Management: Risk Management page

Read lets people view risks, insights, and the details of both. Write lets them edit risks, add and treat risks, create tickets, assign risk owners, and map controls to risks. Mapping controls requires Controls page write permission.


Admin


Risk Managers

Workspace Managers

Security Report: Security Report page

Read lets people view and download the security report to share with potential customers, auditors or board members. Write lets them edit the security report settings and turn on/off sharing of the report.


Admin

Information Security Leads

Tasks: General

Read lets people view general tasks. Write lets people edit details about the task and mark the task complete.


Admin

Information Security Leads

Workspace Managers


Control Managers

Tasks: Controls

Read lets people view control tasks. Write lets people edit details about the task and mark the task complete.


Admin

Information Security Leads

Workspace Managers


Control Managers

Tasks: Evidence renewals

Read lets people view evidence renewal tasks based on the evidence renewal date. Write lets people manage the evidence itself.


Admin

Information Security Leads

Workspace Managers


Control Managers

Tasks: Policy renewals

Read lets people view policy renewal tasks based on the policy renewal date. Write lets people manage the policy itself.


Admin

Information Security Leads

Workspace Managers


Policy Managers

Tasks: Vendor reminders

Read lets people view vendor reminder tasks based on the reminder date. Write lets people manage the vendor itself.


Admin

Information Security Leads

Workspace Managers

Trust Center: Trust Center page

Read lets people view the Trust Center page, incoming access requests, and domains that have access. Write lets them manage access requests and domain.


Admin

Information Security Leads

Workspace Managers

Trust Center: Trust page editor

Write lets people customize the Trust page.


Admin

Information Security Leads

Workspace Managers

Trust Center: Trust page settings

Read lets people access and view Trust Center settings. Write lets them edit Trust Center settings.


Admin

Information Security Leads

Workspace Managers

Vendors: Vendors page

Read lets people view the list of vendors and their details. Write lets them edit vendor details, complete report reviews, and add vendors.


Admin

Information Security Leads


Risk Managers

Workspace Managers

Want to know more about the Workspace Manager role? Learn more here.

Want to know more about the Guest Administrator role? Learn more here.

Did this answer your question?