Users invited to join the Thoropass platform are assigned an application "Role" which can vary depending on their role within your compliance program, and the actions they will be performing within Thoropass. A summary of Thoropass Roles is outlined below, followed by a matrix of the Permissions associated with each role.

Account Admin

Account Admins have full permissions across Thoropass, including the account and all workspaces. Account Admins typically oversee the entire compliance program across all business units in the organization.

Admins hold full permissions in a Thoropass workspace such as user management, training setup, access review configuration, and publishing policies. Admins are generally the key project manager or owner of a compliance program.

User Access Admins can configure SSO login, invite or deactivate users (apart from Account Admins or Admins), and conduct access reviews. User Access Admins are typically system administrators in your organization.

Note: User Access Admins cannot invite Admins or Account Admins since those roles have more permissions than a User Access Admin.

Contributors can modify core features in workspaces such as controls and action items, integrations setup, and uploading evidence. Contributors generally assist Admins throughout the implementation of your compliance program.

Audit Contributors can manage assigned evidence requests in Thoropass’s Audit module by uploading evidence, submitting it to auditors, as well as modifying assigned controls and action items. This role is for team members who actively contribute to the audit process within your organization.

Auditors have view and comment access to Thoropass’s Audit module. They can review submitted evidence requests, preview/download documents, and unsubmit requests, but cannot modify or upload evidence. This role is primarily for external Auditors who need read-only access to the Audit module in Thoropass.

Risk Owners can manage assigned risks in Thoropass’s Risk module, and modify controls and action items associated with Risks. This role is similar to a risk manager or departmental head in your organization.

Salespersons can create Datarooms to share Policies, Documents, and Evidence, demonstrating compliance posture to external parties.

Viewers have read-only access to complete Trainings or acknowledge Policies. Viewers are typically the employees of the company that do not contribute directly to your compliance program.

Thoropass Roles have various permissions that allow the role to perform specific actions in Thoropass. These permissions fall under various "Tiers" or "Categories" of permissions, which are illustrated in the screen below with a high-level percentage of the amount of permissions the role has in Thoropass.

The table below is a list of core features in Thoropass, and denotes the high-level permission each Role has for the features.

Thoropass Feature Access (High-Level)

To view a granular list of "permissions" (or actions) that each Role can perform within each feature, click below:

Thoropass Spreadsheet Matrix - Roles & Permissions