Roles installed with Audit Management

GRC: Audit Management adds the following roles.

Role title [name] Description Contains roles
Audit User

[sn_audit.user]

Contains the reader role in sn_grc scopes, and the reader role in the Audit Management application. In addition to the inherited permissions, the audit user can be assigned audit tasks and create test templates and test plans. The audit user has read-only access to the Risk Management application and modules and the Policy and Compliance Management application and modules.
  • sn_grc.reader
  • sn_grc.user
Audit Manager

[sn_audit.manager]

Contains the reader, user, and manager roles in sn_grc scopes, and the reader and user roles in theAudit Management application. In addition to the inherited permissions, the audit manager can create authority documents, citations, policies, policy statements, and controls.
  • sn_grc.reader
  • sn_grc.user
  • sn_grc.manager
  • sn_audit.user
Audit Admin

[sn_audit.admin]

Contains the reader, user, manager, and admin roles in sn_grc scopes, and the reader, user, and manager roles in theAudit Management application. In addition to the inherited permissions, the audit admin can delete engagements, audit tasks, test templates, and test plans.
  • sn_grc.reader
  • sn_grc.user
  • sn_grc.manager
  • sn_grc.admin
  • sn_audit.user
  • sn_audit.manager
Audit Developer

[sn_audit.developer]

Contains the reader, user, manager, and admin roles in sn_grc scopes, and the reader, user, manager, and admin roles in theAudit Management application. In addition to the inherited permissions, the audit developer can add and delete audit report templates.
  • sn_grc.reader
  • sn_grc.user
  • sn_grc.manager
  • sn_grc.admin
  • sn_audit.user
  • sn_audit.manager
  • sn_audit.admin
External Auditor

[sn_audit.external_auditor]

External auditors can be assigned as auditors for an engagement and can be assigned to audit tasks. They can view closed engagements, audit tasks that are assigned to them, and closed audit tasks. If the Policy and Compliance Management plugin or Risk Management plugins are installed, they can also view published policies and controls and risks in the Monitor state.