Skip to main content

Overview

BRM uses a Role-Based Access Control (RBAC) model to manage permissions within the platform. This model assigns users to specific roles, each with its own set of permissions, ensuring that users have access only to the features and data necessary for their role. Permissions in BRM are categorized into three main roles: core user roles, data roles, and request roles.

Core role & permission chart

Role1 Pn

👥 Core roles

User roles define the basic level of access a user has within BRM. These roles are hierarchical, with each level granting more privileges.

Super Admin

Super Admins have unrestricted access across BRM. They can view all data, edit and approve requests, add or remove integrations, change user roles, and perform any other administrative tasks. Super Admins have the authority to designate other users as Super Admins.

Admin

Admins can add integrations, manage organizational settings, and invite other users as admins. However, viewing sensitive data is not automatically included and requires additional data roles. Admins need to be explicitly granted data roles to access sensitive financial or legal information.

User

Users can create requests and view vendors and softwares within BRM. This role is designed for general users without administrative responsibilities. Access to financial or legal data is restricted unless the user is designated as the owner of a specific software or vendor.

📊Permission roles

Permission roles are specialized permissions that grant access to sensitive information within BRM. These roles are typically assigned in addition to a user’s core role.

Compliance

Users with the Compliance role can view and edit compliance data across BRM.

Finance

Users with the Finance role can view and edit financial data across BRM, including budgets, expenses, and financial reports. The Legal role allows users to access and modify legal agreements and their associated financial details within BRM.

IT

The IT role allows user to access and modify IT data across BRM.

📟 Request roles

Request roles are specific to the management and approval of requests within BRM.

Approver

Approvers can be assigned within the request configuration to approve or reject requests. They also have the ability to edit steps in a request when they are not the assigned champion, ensuring flexibility in the request management process.