Security

Risk Management is available at a read only access level for most users with edit access given via specific responsibilities and/or security roles as indicated below.

Security Level	Risk Area	Project (Action) Risk	Operational Risk	Operational Risk Linking	Strategic Risk	Strategic Risk Linking	Risk Settings
Operational User	Operational User	R	R	NO	R	NO	R
Operational User	Action Owner	R	R	NO	R	NO	R
Risk Manager	Risk Manager	C,U,D	C,U,D	YES	C,U,D	YES	C,U,D
Business Planner	Business Planner		C,U	NO	U**	YES	R
Strategic planner	Strategic planner	C,U	C#,U*	NO	C,U,D	YES	R
Business Unit Manager	Business Unit Manager	C#,U*	C#,U*	YES	U**	NO	R
Director	Director	C#,U*	C#,U*	NO	U**	NO	R
Administrator	Administrator	C,U,D	C,U,D	YES	C,U,D	YES	C,U,D
Service Coordinator	Service Coordinator	R	C#,U*	NO	R	NO	NO
Strategic Risk Viewer	Strategic Risk Viewer	NO	NO	NO	R	NO	NO
Operational Risk Viewer	Operational Risk Viewer	NO	R	NO	NO	NO	NO
Project Risk Viewer	Project Risk Viewer	R	NO	NO	NO	NO	NO
Strategic Risk Editor	Strategic Risk Editor	NO	NO	NO	C,U,D	YES	NO
Operational Risk Editor	Operational Risk Editor	NO	C,U,D	YES	NO	NO	NO
Project Risk Editor	Project Risk Editor	C,U,D	NO	NO	NO	NO	NO

*Update his/her own Business Unit risks only

# can create his/her own Business Unit risks only

**Update his/her own risks only

Legend

C	Create risks
R	Read
U	Update (can update other user risk and own risk)
D	Delete
NO	User cannot link risk solution
YES	Can link risk solution

Important Note: When the "Security to view risks" setting is switched ON, only the users with create and/or edit permissions for risks can view the relevant risk details. Create/edit privileges for the risk areas are based on the existing user permissions. This setting will be activated only upon request. If you wish to activate this setting, please contact CAMMS helpdesk.

· Operational Users can only update his/her own risks (project, operational and strategic risk) if the operational user is a responsible officer for that particular risk.

· Action Owners can only update the risk actions which are assigned to them.

· If the ‘Service Coordinator’ is an action responsible person then the user is authorised to update the project risk.

· Users who have permission to edit a risk can edit the risk solutions as well (applicable to all the user permissions)

The following additional rules apply within the Risk Management area:

Risk Settings area

· The Risk Settings areas is only accessible by the System Administrator and Risk Manager roles

Strategic Risk area

· Strategic Risk areas will be entirely editable by the Administrator, Strategic Planner, Risk Manager and Strategic Risk Editor roles

· Responsible Officers for risk issues will be able to undertake risk assessments in the Strategic Risk area

Operational Risk Area

· Operational Risk areas will be entirely editable by the Administrator, Risk Manager and Operational Risk Editor roles

· Risk Issues and assessments will be editable by relevant Director and Business Unit Manager roles

· Responsible Officers for risk issues will be able to undertake risk assessments in the Business Risk area

Project Risk Area

· Project Risk areas will be entirely editable by the Administrator, Risk Manager and Project Risk Editor roles

· Risk Issues and assessments will be editable by relevant Director and Business Unit Manager, and Action owner roles

· Responsible Officers for risk issues will be able to undertake risk assessments in the Project Risk area

Note: the Secondary Risk Responsible Officer has the same rights as the Primary Risk Responsible Officer. However the Secondary Risk Responsible Officer will not be allowed to modify the Primary Risk Responsible Officer or the status of the risk assessment.

Last revised: September 23, 2018