Assigning User Roles and Permissions

Roles Page

Roles are set permissions related to managing your security and compliance program that can be assigned to users within the Vanta platform. They ensure that users have access to only what they need to complete their work.

Screenshot 2025-02-27 at 3.49.59 PM.png

Roles within Vanta

Employee (Default role)

The default role assigned to users brought in manually or through an IDP. This role can only complete their assigned onboarding tasks, and has no other access or insight into the Vanta platform.

Collaborator

Access to assigned items only

Admin

Full access to everything in Vanta

Editor

Full access to everything in Vanta except for sensitive employee data and API tokens

Integrations Manager

View and manage your organization's integrations 

Auditor

View-only access to everything except for evidence management. Auditors can accept or reject evidence.

View-only Admin

View-only access to everything in Vanta.

Trust Admin

  • Full access to the Trust Center
  • Full access to Questionnaires
  • Can manage settings and integrations related to the Trust Center and Questionnaires

Trust Collaborator (previously Sales Admin)

  • Can view basic information and manage external access to your organization's Trust Center.
  • Can complete questionnaires using information from the knowledge base.
  • Cannot approve answers in questionnaires or edit the knowledge base.

Custom Roles

Custom Roles can be created to assign specific permissions to a role.

For a more in-depth look into the functionality of role within Vanta, view our Users and Permissions Guide.

User Permissions Page

The User permissions page in Vanta allows you to assign or edit a user's role within the platform. The role assigned dictates the user's permissions within the platform.

Assign Roles

  • From the top right-hand corner, select Settings (gear icon)
  • Choose the User Permissions Tab
  • Select the Your Organization Tab
  • To assign a user a role within Vanta, click the + Add User button (if you don't see these options, you do not have Admin permissions within Vanta)

Screenshot 2025-02-27 at 3.47.18 PM.png

  • You can choose the appropriate person from user profiles created by the connected identity provider, or manually invite them using a company email address.
  • Select the role you want to assign to this user.

Screenshot 2023-09-28 at 12.51.13 pm.png

  • If you need to edit a user's role, you can search for their name and adjust the role using the drop-down menu.

Screenshot 2025-04-10 at 2.35.28 PM.png

  • To revoke a user's permissions, click the three-dot menu button and select Revoke Role.
    • This will downgrade the user to an Employee user. Employee users appear on the People page.

Assigning Access to Objects

  • Once users have been given the appropriate roles, you can start assigning ownership of specific objects within Vanta. 

Please note: To be assigned to a specific object, a user must have collaborator or higher permissions.

  • You can manage access through the Manage Access modal on any object’s detail page (look for a “Manage Access”) where object-level roles are enabled. From there:

Screenshot 2025-04-11 at 12.38.32 PM.png

  • View current owner
  • Change owner—If you have sufficient permissions (e.g., Admin or existing Owner), you can unassign the current owner or give another user the Owner role on the object.Screenshot 2025-04-11 at 12.39.38 PM.png
  • Owners will also be visible and editable from the owner column (Tests, Risks, Access).

Screenshot 2025-04-11 at 12.41.00 PM.png

 

Please note: Currently, the manage access modal does not appear on Risks, Risk Tasks, and Systems within Access Reviews.

Updated