Access Control

Start defining roles and access within Exos.


Roles are used by various concepts in Exos to organize and manage a company's compliance program.

Default roles

There are four (4) default roles in Exos.

  1. Admin—can manage everything within Exos. Often this role is seen as an IT administrator, or account access provisioner.
  2. Security Officer—can manage everything within Exos, but with a clear officer designation for easier policy and procedure assignment. Generally the person with this role is the one managing your security and privacy program. We'll often refer to this person as your Security and Privacy Officer.
  3. Contributor—helps you operationalize your security and privacy program as a third-party contributor (can be a MedStack advisor, or other third-party contractor), and shows up on the Contributors tab.
  4. Employee—participates in your security and privacy program.

Roles are arbitrary assignments to users. The context of a role is delegated based on how the different concepts of Exos reference roles as groups of employees. Policies, Procedures, and Tasks can relate to roles, defining employee engagement in the compliance program based on their role assignment.

Custom roles

Custom roles can be created from the Roles page by clicking Add New Role button.

You may also create a custom role when adding a new employee by clicking the + Add Role button on the Add New Employee form.

Change employee roles

An employee's role can be changed by clicking the ellipsis icon on their row in the "Employees" table and clicking "Set roles"

Delete a custom role

To delete a custom role, you must remove any employee, procedure, policy, or service that is currently assigned to the role.

Delete a default role

You cannot delete any of the default roles in Exos.

Role-based Access Control (RBAC)

Exos default roles have similar admin-level based permissions.

AdminSecurity OfficerContributorEmployee / All Custom Roles
View organization activityNo
Shows up on contributor tabNoNoNo
Add custom rolesNo
Manage policiesNo
Acknowledge assigned policies
Manage proceduresNo
Start an assigned procedure
Manage tasksNo
Complete assigned tasks
Manage software inventoryNo
View assigned software
Manage physical assetsNo
Manage incidentsNo
Report an incident
Manage evidenceNo
Manage risksNo

Custom role permissions

Custom roles come with a default permission set that allow the user to interact with Exos depending upon which employees, procedures, policies, or services the role has been assigned.