Solved

Role in ZenGRC

  • 13 September 2022
  • -
  • -
P
Rank
Userlevel 2
Badge

Good evening community members. This is my first question ever on this platform. I am using Zen for around a year or so. I have a user based for which I need to give read permissions to EVERYTHING (that I can achieve by using the Reader role), additionally I also need to give them permissions to update some of the objects ( I can do this by using the Contributor role). Unfortunately I haven’t found a way to give permissions to read everything plus modify permissions if one is owner of the object. Any suggestions? 

icon

Best answer by pnhole 14 September 2022, 21:35

View original

4 replies

SeanM
Rank
Userlevel 5
Badge +1

One of the things that can be difficult for ZenGRC users is RBAC. We have this exact same issue here at our shop. For example, we want someone on the management team to be able to see everything, but also to be able to modify certain things. The only way we’ve been able to skin that cat is to either add them as an owner to every record, or give them admin rights. Neither is what we really want to do, but it’s the only way we can do it.

 

ROAR should provide a more robust RBAC framework, so I’m crossing my fingers that this will get resolved once we transition everything over to ROAR.


Sean

 

libby.bevin
Rank
Userlevel 7
Badge +4

Thanks so much for answering this, @SeanM@pnhole, there are options for global permissions, program roles and object related roles in ZenGRC. Here’s some information that might help.

However, Sean is right - the user roles are limited in ZenGRC, but our product team is currently working on functionality to make the user role options much more robust in ROAR.

P
Rank
Userlevel 2
Badge

@SeanM 

@libby.bevin I have been playing with some permissions. I tried the following and kind of working for me.

 

I gave ReadOnly global permission to the user-base. Then I created a program and gave Editor permissions to the user-base.  Then mapped specific objects to this program. I found that all the objects that I have mapped to this program are accessible to the person who is Editor of the program.  This is similar to what @SeanM has implemented but in this method you can map as many objects as you need to get specific permissions assigned. 

 

So now we have read-only permissions to everything in additional all the objects that you specifically need to provide access to (by the virtue of being mapped object to the program) 

 

Please provide your feedback on this workaround. 

SeanM
Rank
Userlevel 5
Badge +1

Interesting! I hadn’t considered that method, but I’ll give it a try. It certainly seems like it should work. Let us know how it works for you!


Sean

 

Reply


Terms & ConditionsCookie settings
I'm not ready yet X