Introduction
User Roles in SAFE define data access, operational permissions, and the scope of control across the platform. SAFE supports three distinct role types to address varying levels of access control and flexibility:
Default Roles (Admin, Viewer): Out-of-the-box roles with predefined permissions
Static Custom Roles: Custom roles with fixed permissions mapped to Groups/Organizations
Smart Custom Roles: Advanced roles with granular, action-level permissions
Default Roles (Admin & Viewer)
These are system-defined roles available by default in SAFE and cannot be modified.
Admin
Viewer
Role Type | Description | Access Level |
|---|---|---|
Admin | Full access to all modules, configurations, and user management | Read + Write across all entities |
Viewer | Read-only access across SAFE modules | Read-only access |
Key Characteristics
Predefined by SAFE
No configuration or customization allowed
Ideal for standardized access control
Default Roles User Access
SAFE Modules | Features | Default Roles | |
|---|---|---|---|
Admin | Viewer | ||
Dashboards | View all Dashboards | Yes | Yes |
Add Dashboard | Yes | Yes | |
Duplicate Dashboard | Yes | Yes | |
Delete Dashboard | Yes | Yes | |
Risk Scenarios | Create Risk Scenarios | Yes | No |
View Risk Scenarios | Yes | Yes | |
Edit Risk Scenario | Yes | No | |
Duplicate Risk Scenario | Yes | No | |
Delete Risk Scenario | Yes | No | |
Edit Control Parameters | Yes | No | |
View Scoring Factors | Yes | Yes | |
Edit Scoring Factors | Yes | No | |
Groups | Create Group | Yes | No |
View Groups List | Yes | Yes | |
Edit Group | Yes | No | |
Duplicate Group | Yes | No | |
Delete Group | Yes | No | |
View Questionnaire | Yes | Yes | |
Submit Questionnaire Assessment | Yes | No | |
Reuse Existing Questionnaire Assessment | Yes | No | |
Controls - What If Analysis | Yes | No | |
Edit Control Parameter | Yes | No | |
People | View Users List | Yes | Yes |
Edit Users | Yes | No | |
Delete Users | Yes | No | |
Technology | View Asset List | Yes | Yes |
Delete Assets | Yes | No | |
Edit Assets | Yes | No | |
Bulk Delete Assets | Yes | No | |
Bulk Edit Assets | Yes | No | |
Third Party | Add Third Party (Individual & Bulk Upload) | Yes | No |
View Third Parties | Yes | Yes | |
Edit Third Party | Yes | No | |
Delete Third Party | Yes | No | |
Edit Third Party Status | Yes | No | |
View Third Party Details | Yes | Yes | |
Submit Questionnaire Assessment | Yes | No | |
Edit Control Parameter | Yes | No | |
Upload Documents | Yes | No | |
Integrations | View List of Supported & Configured Integrations | Yes | No |
Configure Integrations | Yes | No | |
Control Centre | View Controls List & Details | Yes | Yes |
Edit Control Parameter | Yes | No | |
What If Analysis | Yes | Yes | |
Reuse Control Maturity Assessment | Yes | No | |
Reset Control Maturity Assessment | Yes | No | |
Questionnaire | View Questionnaires | Yes | Yes |
Submit Questionnaire Assessment | Yes | No | |
Settings | My Profile | Yes | Yes |
Security | Yes | Yes | |
API Credentials | Yes | No | |
User Management | Yes | No | |
Role Management | Yes | No | |
Invitations | Yes | No | |
Custom Fields | Yes | No | |
Attack Surface | Yes | No | |
Company Settings | Yes | No | |
Third-party Tiering | Yes | No | |
Advanced | Yes | No | |
About | Yes | Yes | |
Static Custom Roles
Static Custom Roles allow administrators to define fixed read/write permissions and assign them to specific Groups or Organizations.
Assign permissions at the Group or Organization level
Control access using Read / Write checkboxes
Create multiple roles aligned to the organizational structure
Maximum limit: 20 Custom Roles. If there is a requirement for additional Custom Roles beyond this limit, kindly reach out to SAFE Support or submit a Service Request for further assistance.
Feature | Description |
|---|---|
Permission Model | Read / Write access |
Scope Control | Group-level or Organization-level |
Flexibility | Fixed (does not change dynamically) |
Use Case | Department-based or business-unit-based access control |
Creating a Static Custom Role
Follow these steps to create a Custom Role in SAFE:
Navigate to Settings > Role Management.
Click on the Add Role button.
Select the Static option.
Enter a name and description for the Role.
Specify read and write permissions for each group/organization by selecting the checkboxes.
Utilize the filter option to streamline the display of relevant groups.
Click the Save button. The system will create the Static Custom Role, making it accessible within the role selection when inviting a user to SAFE.
Assign a custom role to users
Once a custom role is created, you can assign the role to existing users and select this role while inviting a new user. Refer to User Management for more details.
Static Custom User Role Access
Category | Features | Static Custom Roles | |
Write | Read | ||
Dashboards | View all Dashboards | Yes | Yes |
Add Dashboard | Yes | Yes | |
Duplicate Dashboard | Yes | Yes | |
Delete Dashboard | Yes | Yes | |
Risk Scenarios | Create Risk Scenarios | Yes | No |
View Risk Scenarios | Yes | Yes | |
Edit Risk Scenario | Yes | No | |
Duplicate Risk Scenario | Yes | No | |
Delete Risk Scenario | Yes | No | |
Edit Control Parameters | Yes | No | |
View Scoring Factors | Yes | Yes | |
Edit Scoring Factors | Yes | No | |
Groups | Create Group | No | No |
View Groups List | Yes | Yes | |
Edit Group | No | No | |
Duplicate Group | No | No | |
Delete Group | No | No | |
View Questionnaire | Yes | Yes | |
Submit Questionnaire Assessment | Yes | No | |
Reuse Existing Questionnaire Assessment | Yes | No | |
Controls - What If Analysis | Yes | No | |
Edit Control Parameter | Yes | No | |
People | View Users List | No | No |
Edit Users | No | No | |
Delete Users | No | No | |
Technology | View Asset List | No | No |
Delete Assets | No | No | |
Edit Assets | No | No | |
Bulk Delete Assets | No | No | |
Bulk Edit Assets | No | No | |
Third Party | Add Third Party (Individual & Bulk Upload) | No | No |
View Third Parties | No | No | |
Edit Third Party | No | No | |
Delete Third Party | No | No | |
Edit Third Party Status | No | No | |
View Third Party Details | No | No | |
Submit Questionnaire Assessment | No | No | |
Edit Control Parameter | No | No | |
Upload Documents | No | No | |
Integrations | View List of Supported & Configured Integrations | No | No |
Configure Integrations | No | No | |
Control Centre | View Controls List & Details | No | No |
Edit Control Parameter | No | No | |
What If Analysis | No | No | |
Reuse Control Maturity Assessment | No | No | |
Reset Control Maturity Assessment | No | No | |
Questionnaire | View Questionnaires | No | No |
Submit Questionnaire Assessment | No | No | |
Settings | My Profile | Yes | Yes |
Security | Yes | Yes | |
API Credentials | No | No | |
User Management | No | No | |
Role Management | No | No | |
Invitations | No | No | |
Custom Fields | No | No | |
Attack Surface | No | No | |
Company Settings | No | No | |
Third-party Tiering | No | No | |
Advanced | No | No | |
About | No | No | |
Smart Custom Role
Smart Custom Roles provide granular, action-level permissions, enabling fine control over what users can do within specific modules.
Define permissions at action level (e.g., Create Org, Add Questionnaire, Edit Third Party)
Restrict access specifically to the Third-Party module
Enable the least privilege access model
Automatically adapts based on selected actions
Feature | Description |
|---|---|
Permission Model | Action-level (Create, Edit, Delete, Submit, etc.) |
Scope Control | Primarily Organization-level (Third-Party focused) |
Flexibility | Dynamic and granular |
Use Case | TPRM workflows, vendor access control, and least-privilege enforcement |
Creating a Smart Custom Role
Follow these steps to create a Smart Custom Role in SAFE:
Navigate to Settings > Role Management.
Click on the Add Role button.
Select the Smart option.
Enter a name and description for the Role.
Click the Add Permission button.
Expand the permissions section and add the actions by selecting the checkboxes.
Use the filter option to include third parties.
Click the Save button. The system will create the Smart Custom Role, making it accessible within the role selection when inviting a user to SAFE.
Editing or Deleting Custom Roles
In the SAFE application, you can edit or delete custom roles as your organizational needs evolve.
Editing a Custom Role
Navigate to Settings > Role Management.
Click on the three-dot options menu for the custom role you wish to edit.
From the menu, select the Edit option.
Modify the role name or adjust read/write permissions for the associated groups as needed.
Click the Save button.
Deleting a Custom Role
Notes
Before deletion, make sure that the user role is not currently assigned to any user.
Navigate to Settings > Role Management.
Click on the three-dot options menu for the custom role you wish to delete.
From the menu, select the Delete option.
Click the Delete button on the confirmation screen.