Access Control
Start defining roles and access within Exos.
Roles
Roles are used by various concepts in Exos to organize and manage a company's compliance program.
Default roles
There are four (4) default roles in Exos.
- Admin—can manage everything within Exos. Often this role is seen as an IT administrator, or account access provisioner.
- Security Officer—can manage everything within Exos, but with a clear officer designation for easier policy and procedure assignment. Generally the person with this role is the one managing your security and privacy program. We'll often refer to this person as your Security and Privacy Officer.
- Contributor—helps you operationalize your security and privacy program as a third-party contributor (can be a MedStack advisor, or other third-party contractor), and shows up on the
Contributorstab. - Employee—participates in your security and privacy program.
Roles are arbitrary assignments to users. The context of a role is delegated based on how the different concepts of Exos reference roles as groups of employees. Policies, Procedures, and Tasks can relate to roles, defining employee engagement in the compliance program based on their role assignment.
Custom roles
Custom roles can be created from the Roles page by clicking Add New Role button.
You may also create a custom role when adding a new employee by clicking the + Add Role button on the Add New Employee form.
Change employee roles
An employee's role can be changed by clicking the ellipsis icon on their row in the "Employees" table and clicking "Set roles"
Delete a custom role
To delete a custom role, you must remove any employee, procedure, policy, or service that is currently assigned to the role.
Delete a default role
You cannot delete any of the default roles in Exos.
Role-based Access Control (RBAC)
Exos default roles have similar admin-level based permissions.
| Admin | Security Officer | Contributor | Employee / All Custom Roles | |
|---|---|---|---|---|
| View organization activity | ✅ | ✅ | ✅ | No |
| Shows up on contributor tab | No | No | ✅ | No |
| Add custom roles | ✅ | ✅ | ✅ | No |
| Manage policies | ✅ | ✅ | ✅ | No |
| Acknowledge assigned policies | ✅ | ✅ | ✅ | ✅ |
| Manage procedures | ✅ | ✅ | ✅ | No |
| Start an assigned procedure | ✅ | ✅ | ✅ | ✅ |
| Manage tasks | ✅ | ✅ | ✅ | No |
| Complete assigned tasks | ✅ | ✅ | ✅ | ✅ |
| Manage software inventory | ✅ | ✅ | ✅ | No |
| View assigned software | ✅ | ✅ | ✅ | ✅ |
| Manage physical assets | ✅ | ✅ | ✅ | No |
| Manage incidents | ✅ | ✅ | ✅ | No |
| Report an incident | ✅ | ✅ | ✅ | ✅ |
| Manage evidence | ✅ | ✅ | ✅ | No |
| Manage risks | ✅ | ✅ | ✅ | No |
Custom role permissions
Custom roles come with a default permission set that allow the user to interact with Exos depending upon which employees, procedures, policies, or services the role has been assigned.
Updated over 1 year ago