Good evening community members. This is my first question ever on this platform. I am using Zen for around a year or so. I have a user based for which I need to give read permissions to EVERYTHING (that I can achieve by using the Reader role), additionally I also need to give them permissions to update some of the objects ( I can do this by using the Contributor role). Unfortunately I haven’t found a way to give permissions to read everything plus modify permissions if one is owner of the object. Any suggestions?Â
One of the things that can be difficult for ZenGRC users is RBAC. We have this exact same issue here at our shop. For example, we want someone on the management team to be able to see everything, but also to be able to modify certain things. The only way we’ve been able to skin that cat is to either add them as an owner to every record, or give them admin rights. Neither is what we really want to do, but it’s the only way we can do it.
Â
ROAR should provide a more robust RBAC framework, so I’m crossing my fingers that this will get resolved once we transition everything over to ROAR.
Sean
Â
Thanks so much for answering this,
However, Sean is right - the user roles are limited in ZenGRC, but our product team is currently working on functionality to make the user role options much more robust in ROAR.
Â
I gave ReadOnly global permission to the user-base. Then I created a program and gave Editor permissions to the user-base. Then mapped specific objects to this program. I found that all the objects that I have mapped to this program are accessible to the person who is Editor of the program.  This is similar to what
Â
So now we have read-only permissions to everything in additional all the objects that you specifically need to provide access to (by the virtue of being mapped object to the program)Â
Â
Please provide your feedback on this workaround.Â
Interesting! I hadn’t considered that method, but I’ll give it a try. It certainly seems like it should work. Let us know how it works for you!
Sean
Â
Reply
Login to the community
No account yet? Create an account
Log in with ROAR
Log in with ROAR credentialsEnter your E-mail address. We'll send you an e-mail with instructions to reset your password.