Security

Risk Management is available at a read only access level for most users with edit access given via specific responsibilities and/or security roles as indicated below.

Risk Area	Project (Action) Risk	Operational Risk	Operational Risk Linking	Strategic Risk	Strategic Risk Linking	Risk Settings
Operational User	R	R	NO	R	NO	R
Action Owner	R	R	NO	R	NO	R
Risk Manager	C,U,D	C,U,D	YES	C,U,D	YES	C,U,D
Business Planner		C,U	NO	U**	YES	R
Strategic planner	C,U	C#,U*	NO	C,U,D	YES	R
Business Unit Manager	C#,U*	C#,U*	YES	U**	NO	R
Director	C#,U*	C#,U*	NO	U**	NO	R
Administrator	C,U,D	C,U,D	YES	C,U,D	YES	C,U,D
Service Coordinator	R	C#,U*	NO	R	NO	NO
Strategic Risk Viewer	NO	NO	NO	R	NO	NO
Operational Risk Viewer	NO	R	NO	NO	NO	NO
Project Risk Viewer	R	NO	NO	NO	NO	NO
Strategic Risk Editor	NO	NO	NO	C,U,D	YES	NO
Operational Risk Editor	NO	C,U,D	YES	NO	NO	NO
Project Risk Editor	C,U,D	NO	NO	NO	NO	NO

*Update his own business unit risks only

# Can create his/her own business unit risks only

**Update his own risks only

Legend

C	Create risks
R	Read
U	Update (can update other user risk and own risk)
D	Delete
NO	User cannot link risk solution
YES	Can link risk solution

Important Note: When the "Security to view risks" setting is switched ON, only the users with create and/or edit permissions for risks can view the relevant risk details. create/edit privileges for the risk areas are based on the existing user permissions. This setting will be activated only upon request. If you wish to activate this setting, please contact CAMMS helpdesk.

Operational Users can only update his/her own risks (project, and operational and strategic risk) if the operational user is a responsible officer for that particular risk.
Action Owners can only update the risk actions which are assigned to them.
If the ‘Service Coordinator’ is an action responsible person then the user is authorised to update the project risk.
Users who have permission to edit a risk can edit the risk solutions as well (applicable to all the user permissions)

The following additional rules apply within the Risk Management area:

Risk Settings area

The Risk Settings areas is only accessible by the System Administrator and Risk Manager roles

Strategic Risk area

Strategic Risk areas will be entirely editable by the Administrator, Strategic Planner, Risk Manager and Strategic Risk Editor roles
Responsible Officers for risk issues will be able to undertake risk assessments in the Strategic Risk area

Operational Risk Area

Operational Risk areas will be entirely editable by the Administrator, Risk Manager and Operational Risk Editor roles
Risk Issues and assessments will be editable by relevant Director and Business Unit Manager roles
Responsible Officers for risk issues will be able to undertake risk assessments in the Business Risk area

Project Risk Area

Project Risk areas will be entirely editable by the Administrator, Risk Manager and Project Risk Editor roles
Risk Issues and assessments will be editable by relevant Director and Business Unit Manager, and Action owner roles
Responsible Officers for risk issues will be able to undertake risk assessments in the Project Risk area

Remember, the Secondary Risk Responsible Officer has the same rights as the Primary Risk Responsible Officer. However the Secondary Risk Responsible Officer will not be allowed to modify the Primary Risk Responsible Officer or the status of the risk assessment.

Click here for information on Audit Management Security.

Last revised: November 26, 2017