Logo Enveedo - horizontal tipo blanca.webp
Back to Enveedo
Welcome to the Enveedo Knowledge Hub
Getting Started
Platform Overview
Initial Setup and Onboarding
Initial Setup
Initial Setup
Complete Business Profile
View Risk Scorecard
Add Security Stack
Connect Critical Systems (Integrations)
Invite Team Members
Setup Your Vulnerability Scan
Program Development
Program Development
Review Findings
Complete Crown Jewel Analysis
Update Risk Register
Complete an Assessment
Module Details
Role Base Management
Asset Management
Asset Management
Systems & Applications
People
Vendor Management
Vendor Management
Training Videos
Self-Assessments Based on Frameworks
Risk Creation and Management
Vendor Management and Documentation
Asset Management and Tracking
Creating and Managing Cybersecurity Incidents
Cybersecurity Stack
Control catalog
Home
Module Details
Role Base Management
Role Base Management
Enveedo introduces a new RBAC model with granular roles, module-level access, and scope-based visibility, ensuring users only access what’s relevant.

What's New: Role-Based Access Control in Enveedo

We're introducing a redesigned Role-Based Access Control (RBAC) system that gives your organization precise control over who can see, edit, and manage information across the Enveedo platform.

This update replaces the previous flat permission model with a structured set of roles, each tailored to specific personas and responsibilities within a security program.


What's Changing

Previously, user access in Enveedo was managed through a limited set of roles with broad permissions. With this update:

  • Every module now has clearly defined access levels — view, read, edit, or no access — per role.
  • Sensitive actions are restricted — delete operations, configuration changes, and approvals are limited to the appropriate roles.
  • Scope-based access is introduced — certain roles can only see and act on resources assigned to them, rather than having visibility across all records.


Roles Available in This Release

This release includes 6 roles ready for immediate use.



Access Summary

The table below uses the following access levels. Full and Edit are both write-access levels — the difference is whether the role can permanently delete records.



  • Full edition: Unrestricted access — create, view, edit, delete, configure.
  • Edit: Full read/write but cannot delete records — create, view, edit only.
  • Read: View only. No changes permitted.
  • Assigned only: Scoped access — user can only see and act on items assigned to them or that they created.
  • No access: Module is not visible.


Scope of This Release

What's included in v1

  • All 6 roles (Admin, Manager, Analyst, System Owner, Auditor, Guest) are fully available and assignable.
  • Scope-based filtering is active in Assessments, Risk Register, and Tasks.
  • All module-level permissions are enforced across the platform.
  • Admins can assign and update roles from Settings > User Management.


Coming in the next release

The following roles are in the roadmap but not yet assignable:


1. Privacy Officer:

DPO or privacy analyst. Full edit access to the Privacy Register. Read access to assets and vendor data.


2. Executive:

Board-level, read-only view of dashboard, risks, incidents, and controls. No write access.


The "assigned only" scope will also be extended to IR Manager, Assets, Vendors, and Findings in the next phase.


Frequently Asked Questions

➡️ Will existing users lose access when this update rolls out?

Existing roles will be mapped to their new equivalents automatically. Admins should review assignments post-update to fine-tune if needed.


➡️ Can a user have multiple roles?

No — each user has exactly one role at a time. If a user needs broader access, their role should be updated to one that covers the required permissions.


➡️ Are custom roles available?

Not in this release. If you have specific requirements not covered, please reach out to your Customer Success representative to discuss.


➡️ What role do users get when they log in for the first time via SSO?

When a user authenticates via SSO for the first time, they are automatically assigned the Analyst role by default. An Admin must then go to Settings > User Management and update the role to the appropriate one. There is no automatic mapping from IdP groups to Enveedo roles.


➡️ Can I see a history of role changes?

Role change audit logging is not available in this release. If you need to track who assigned or changed a role, this should be documented manually for now. Audit trail capability is planned for a future release.

Did this answer your question?