User Roles & Permissions

Roles Overview

Imara uses a role-based access control (RBAC) model. Each user is assigned a role that determines what actions they can perform within the platform. There are three main roles available to organization members.

Owner

The Owner has full access to the platform. This role is ideal for the primary person responsible for the organization's compliance program. Permissions include:

• Manage all frameworks, controls, evidence, and documents
• Invite and remove users
• Change roles of other users
• Configure integrations and SSO
• Manage the Trust Center
• Access and export all organizational data
• Manage subscription and billing
  
  

Admin

The Admin can manage most compliance resources, with some restrictions on sensitive account settings. Permissions include:

• Manage frameworks, controls, evidence, and documents
• Invite new users (with Member role)
• Create and edit risk assessments
• Approve documents and evidence
• Configure the Trust Center
• Connect and disconnect integrations
  
  

Member

The Member can contribute to the compliance program without access to administrative settings. Permissions include:

• View assigned frameworks and controls
• Upload and link evidence
• Create and edit documents in draft mode
• Accept documents requiring acceptance
• View overall compliance status
  
  

Managing Users

To invite a new user, go to Settings → Users and click Invite User. Enter the email address and select the desired role. The user will receive an invitation email with instructions to create their account.

To change an existing user's role, go to the user list, click the three-dot menu next to the user's name, and select Edit Role. Only Owners can change the roles of other users.