Vanta allows three different permission sets to be assigned to users, and each user type holds a specific set of permissions for the assigned person within the Vanta Platform. To learn more about how to add Editor and Admin privileges in Vanta, visit here.
Employees are the default state in Vanta for users without the Admin or Editor role. This role allows employees to accept policies, complete required training, and register the Vanta Agent. These users have a limited view of the app that shows tasks needed for onboarding and a point of contact.
- This role cannot access the dashboard to see tests, documents, policies, and other settings. There are a few exceptions where the user might see a limited view of the dashboard if they are assigned as an owner on a particular task, such as in a risk assessment or access review
- This permission is automatically given to individuals added to the People page manually or through an identity provider integration.
Users with this role assignment have access to all Vanta capabilities except the following:
- Employee’s sensitive data (such as background checks)
- Documents marked with the Sensitive tag
- Adding auditors
- Changing user permission levels in Settings
- Snoozing/uploading frameworks
Examples of restricted documents include:
- Board of Directors meeting
- Background checks
- Exit interview
- Org chart
- Performance evaluations
- Contractor Agreement
- Employee agreement
- The Administrator permissions grant users access to all Vanta capabilities with no restrictions
Auditors will need access to certain information during a compliance audit to verify your security practices. Learn how to manage your audit and add audit firms, here.
- View data in Vanta
Auditors can not:
- Add or modify users