This article provides a summary of each access permission available within Spoke environments in 6clicks.
This article details all Spoke permissions available within 6clicks. Refer to this article for how to manage user permissions, and this article for how to manage role permissions.
| Permission | Description |
| Admin | Group for all Administration permissions. Does not grant any permissions by itself. |
| Administration | Allows access to the administration module. |
| Custom Data - All (ensure Custom Data - Tag Management permission is ON) | Allows access to configure all custom fields and options. Must have the below permission activated to work. |
| Custom Data - Tag Management |
Allows access to the Custom Data area to configure custom fields and options. By default this setting only provides access to Tag Management and Control Set Types. Use the above setting to provide access to all custom data fields. |
| Groups | View only access to Groups and Group Members in the administration module. |
| Create, edit and delete Groups | Allows the user to create, edit and delete Groups within the administration module. |
| Manage Group Members | Allows the user to add and remove users to existing Groups as Group Members. This will give them access to any records assigned to that Group. |
| Integrations | Allows access to the Integrations area to manage integration between 6clicks and other applications. |
| Roles | View only access to Roles in the administration module. |
| Create new role | Allows the user to create and define new roles. |
| Delete role | Allows the user to delete existing roles. Deleting roles that are being used will trigger a confirmation warning. |
| Edit role | Allows the user to re-define existing roles. |
| Settings | Allows access to configure settings within the administration. Excludes the ability to customise and brand 6clicks - this requires the below permission. |
| Custom Branding | Allows access to define custom branding (including colours and logos for 6clicks). |
| Single Sign-on | Allows access to the Single Sign-On area to set up and manage SSO with an external identity provider. |
| Subscription | Allows access to the Subscription area to start and manage the current subscription to 6clicks. |
| Users | View only access to Users in the administration module. |
| Change permissions | Allows access to amend permissions for specific users. This will overwrite role permissions that are granted by assigned roles. |
| Create new user | Allows the user to create and define new users. |
| Delete user | Allows the user to delete existing users. |
| Edit user | Allows the user to re-define existing users. |
| Login as a user | Allows the user to impersonate other users and log into their account. |
| Content Library | Group for all Content Library permissions. Does not grant any permissions by itself. |
| Access content library | Allows access to the Content Library to view available content. For Spokes within Hub & Spoke, this will only provide access to the exclusive Content Library administered in the Hub. |
| Buy content library item | Allows user the ability to purchase and download content from the Content Library. For Hubs within Hub & Spoke, this includes the ability to manage the exclusive Content Library for Spokes. |
| General | Group for all General permissions. Does not grant any permissions by itself. |
| Access inbound assessments | Allows users to access Question Based Assessments that have been sent to them. By default, users will only have access to questions assigned to them. |
| View all questions | Allows users view-only access to questions not assigned to them. |
| Access Issues | Allows users to access issues and issue actions that have been assigned to them. Superseded if all issue permissions from below are activated but must be used if not. |
| Add Respondent | Allows users to add Respondents to Third-Parties. |
| Add User | Deprecated. |
| Analytics | Allows access to the Analytics module. This needs to be paired with child permissions to grant access to reports. |
| Administration | Allows access to standard and custom reports within the Administration report folders. |
| Assets | Allows access to standard and custom reports within the Assets report folders. |
| Audits & Assessments | Allows access to standard and custom reports within the Audits & Assessment report folders. |
| Authorities | Allows access to standard and custom reports within the Authorities report folders. |
| Control Sets | Allows access to standard and custom reports within the Control Sets report folders. |
| Issues | Allows access to standard and custom reports within the Issues report folders. |
| Registers | Allows access to standard and custom reports within the Registers report folders. |
| Risk Reviews | Allows access to standard and custom reports within the Risk Reviews report folders. |
| Risks | Allows access to standard and custom reports within the Risks report folders. |
| Third-Parties | Allows access to standard and custom reports within the Third-Parties report folders. |
| Assessment | Allows access to view Question Based Assessments (including Templates) that are assigned to the user within the Audits & Assessments module. |
| Add control assessment | Deprecated. |
| Add domain assessment | Allows users to add Domains to Question Based Assessments |
| Add question assessment | Allows users to add Questions to Question Based Assessments |
| Approve assessment | Allows the user to approve Question Based Assessments. |
| Create assessment | Allows the user to create new Question Based Assessments or Templates. |
| Delete control assessment | Deprecated. |
| Delete domain assessment | Allows users to delete Domains from Question Based Assessments |
| Delete question assessment | Allows users to delete Questions from Question Based Assessments |
| Edit Assessment | Allows the user edit access to all Question Based Assessments they have view access to. If paired with 'View All Assessments' permission, user will have view and edit access to all Audits & Assessments. |
| Edit domain assessment | Allows users to edit existing Domains in Question Based Assessments |
| Edit question assessment | Allows users to edit existing Questions in Question Based Assessments |
| Export assessment | Allows the user to export existing Question Based Assessments or Templates. |
| Import assessment | Allows the user to import data into existing Question Based Assessments or Templates. |
| Publish assessment | Allows the user to publish Question Based Assessments. |
| Save as assessment | Allows the user to take a copy of an existing Question Based Assessments and Templates. |
| View all Assessment | Allows the user view access to all Question Based Assessments and Templates. |
| Assessment access members | Allows users to view access members linked to both Question and Requirement Based Assessments. |
| Manage access members for assessment | Allows users to add and remove Access Members to both Question and Requirement Based Assessments. |
| Asset | Group for all unique Asset Register permissions. Does not grant any permissions by itself. Requires 'Register Module' permission and for the user to either be an Access Member for the Asset Register or have view all access. |
| Create Asset | Allows users to create new Assets in the Assets Register. |
| Delete Asset | Allows users to delete existing Assets in the Assets Register. |
| Edit Asset | Allows users to edit new or existing Assets in the Assets Register. |
| View all Assets | Deprecated. |
| Asset access members | Deprecated. |
| Associate entities to risks | Deprecated. |
| Attestation access member | Allows users to view Access Members assigned to Attestations. Must have access to the Attestations module. |
| Manage access member for attestation | Allows users to add and remove Access Members to Attestations they have edit permissions to. Must have access to the Attestations module. |
| Attestations | Allows access to the Attestation module. This permission must be paried with child permissions to provide view and edit permission. |
| Add attestations | Allows users to add Attestations. |
| Attest attestations | Allows users to complete Attestations. |
| Delete attestations | Allows users to delete existing Attestations. |
| Edit attestations | Allows users to edit existing Attestations. |
| View all Attestations | View access to all Attestations. |
| View attestations | View access only to Attestations assigned to the user. |
| Authorities | Allows access to the Compliance module. Included view access to all Authority Documents. |
| Add Authority | Allows users to add new Authority Documents to the Compliance module. Must be paired with 'Edit Authority Document' to enable editing of new records. |
| Delete Reference | Allows users to delete Authority Documents that have been archived. |
| Edit Reference | Allows users to edit existing Authority Documents. Includes ability to archive and restore Authority Documents. |
| Authority mapping powered by Hailey | Allows users to map Authority Documents to one another using the Hailey AI engine. |
| Calendar | Allows view access to the My Tasks area for users. This does not provide access to access and update tasks - this is provided by permissions specific to each module. |
| Control set mapping powered by Hailey | Allows users to map Control Sets to one another or to Authority Documents using the Hailey AI engine. |
| Create, edit and delete risk libraries | Allows users to create, edit and delete Risk Libraries. |
| Create, edit, delete Abstract Issue Actions | Allows users to define abstract Issue Actions against Issues within Issue Libraries. Requires access to both the Issue & Incident module and the Issue Libraries within it. |
| Dashboard | Allows users to access the 6clicks homepage dashboard. Not recommended for users that do not have access to all modules within 6clicks. |
| Issues | Allows users to access the Issues & Incidents module. Includes view access to any Issues & Incidents assigned to the user. |
| Create Issues | Allows users to create new Issues & Incidents within the Issues & Incidents module. |
| Delete Issues | Allows users to delete existing Issues & Incidents within the Issues & Incidents module. |
| Edit Issues | Allows users to edit existing Issues & Incidents within the Issues & Incidents module. |
| View all Issues | Allows users to view all Issues & Incidents within the Issues & Incidents module. |
| Issue access members | Allows users to view Access Members assigned to Issues & Incidents. Must have access to the Issues & Incidents module. |
| Manage access members for issues | Allows users to add and remove Access Members to Issues & Incidents they have edit permissions to. Must have access to the Issues & Incidents module. |
| Manual Authority Mapping | Allows users to manually map Authority Documents to one another. |
| Metrics 2.0 | Allows access to the Metrics module. Include view access to all Metrics. |
| Create, edit, delete metric | Allows users to create, edit and delete Metrics within the Metrics module. |
| Mobile app risk reviews | Deprecated. |
| Manage risk reviews in mobile app | Deprecated. |
| View risk libraries in mobile app | Deprecated. |
| View risk reviews in mobile app | Deprecated. |
| Notifications | Allows users to receive in-app Notifications. Includes a Notification alert icon and a Notification home page. |
| Projects & Playbooks | Full access to the Projects & Playbooks module. |
| Register | Access to the Registers Module and any Custom Registers the user has view permissions to. Access to the Asset Register is handled separately but requires this permission to work. |
| Create Register | Allows users to create new Custom Register within the Registers Module. |
| Create Register item | Allows users to create new Items within Custom Registers that they have view access to. Asset Register permissions are handled separately. |
| Delete Register | Allows users to delete existing Custom Registers and Custom Register Items within Custom Registers that they have view access to. Asset Register permissions are handled separately. |
| Edit Register | Allows users to edit new and existing Custom Registers and Custom Register Items within Custom Registers that they have view access to. Asset Register permissions are handled separately. |
| Register/Asset access members | Group for all unique Register Module Access Member permissions. Does not grant any permissions by itself. |
| Manage access members for register/asset | Allows users to view and edit Access Members against any Registers they have view access to in the Registers module. Requires 'Edit Custom Register and Custom Register Item' and 'Edit Asset' to work with Custom Registers and the Asset Register respectively. |
| View all registers | Allows users to view all Registers and Register Items regardless if they are an Access Member. Affects both Asset and Custom Registers. |
| Regulation & Compliance | Allows users to access the Controls module. Includes view access to all Control Sets. |
| Create {0} | Allows users to create Control Sets and underlying Controls. Includes all types of Control Sets. |
| Delete control set | Allows users to delete Control Sets and underlying Controls. Includes all types of Control Sets. |
| Edit control set | Allows users to edit Control Sets and underlying Controls. Includes all types of Control Sets. |
| Reports | Allows users access to the Reports module. Does not grant access to reports within the Report module as this is handled by permissions to each module. |
| Requirement based assessment | Allows access to view all Requirement Based Assessments within the Audits & Assessments module. |
| Create assessment | Allows users to create Requirement Based Assessments. |
| Edit Assessment | Allows users to edit Requirement Based Assessments. |
| Export assessment | Allows users to export data from existing Requirement Based Assessments. |
| Import assessment | Allows users to import data into existing Requirement Based Assessments. |
| Publish assessment | Allows users to publish Requirement Based Assessments. |
| Save as assessment | Allows users to copy existing Requirement Based Assessments to create a new one. |
| Responsibility | Allows users to view and update Control Responsibilities within the My Tasks area. Also includes access to view Control Responsibilities within the Controls module. The latter requires access to the Controls module. |
| Create, edit, delete Responsibilities | Allows users to create, edit and delete Responsibilities within the Controls module. Requires access to the Controls module. |
| Risk | Allows users to access the Risk module. Includes view access to any Risks assigned to the user. |
| Create Risk | Allows users to create new Risks within the Risk module. |
| Delete Risks | Allows users to delete existing Risks within the Risk module. |
| Edit Risks | Allows users to edit existing Risks within the Risk module. |
| Risk Reporting | Allows users to access Risk reports within the Reports module. |
| View all Risks | Allows users to view all Risks within the Risk module. |
| Risk access members | Allows users to view Access Members assigned to Risks. Must have access to the Risks module. |
| Manage access members for risks | Allows users to add and remove Access Members to Risks they have edit permissions to. Must have access to the Risks module. |
| Risk Reviews | Group for all Risk Review and Risk Library permissions. Does not grant any permissions by itself. |
| Create, edit, delete Risks Libraries in Web App | Allows users to create, edit and delete Risk Libraries within the Risk module. Requires access to Risk Libraries and the Risk module. |
| Create, edit, delete Risk Reviews in Web App | Allows users to create, edit and delete Risk Reviews within the Risk module. Requires access to Risk Reviews and the Risk module. |
| View Risk Library in Web App | Allows user to access the Libraries area of the Risks module. Includes the ability to view all Risks within the Libraries. Requires access to the Risks module. |
| View Risk Reviews in Web App | Allows user to access the Reviews area of the Risks module. Includes the ability to view all Risks Reviews. Requires access to the Risks module. |
| Risk Treatments | Allows users to view Treatment Plans for Risks they have view access for and create, edit and delete Treatment Plans for Risks they have edit access for. Also includes the ability for users to update Treatment Plans within the My Tasks page. The latter requires permission to access and update My Tasks. |
| Send assessment | Allows users to define respondents to Question Based Assessments within the Audits & Assessments module. |
| Service / Product | Group for all Service / Product permissions. Does not grant any permissions by itself. |
| Create Service / Product | Allows users to link Audits & Assessments to new and existing Services / Products for grouping. |
| Delete Service / Product | Allows users to delete Services / Products linked to Third-Parties from within the Third-Party module. Requires permission to the Third-Party Module. |
| Edit Service / Product | Allows users to create and edit Services / Products linked to Third-Parties from within the Third-Party module. Requires permission to the Third-Party Module. |
| Third-Party | Allows users to access the Third-Party module. Includes view access to all Third-Parties. |
| Create third-party | Allows users to create new Third-Parties within the Third-Party module. |
| Delete third-party | Allows users to delete existing Third-Parties within the Third-Party module. |
| Edit third-party | Allows users to edit existing Third-Parties within the Third-Party module. |
| Import third-party | Allows users to bulk import new Third-Parties within the Third-Party module. |
| Trust portal access member | Allows users to view assigned Access Members to the Profiles they can view in the Trust Portal. |
| Manage access member for trust portal profile | Allows users to add and remove Access Members to the Profiles they can edit in the Trust Portal. |
| Trust portal profile manage | Allows users to create new Profiles and edit and delete ones they can view in the Trust Portal. |
| Trust portal profile view | Allows users to view Profiles that they are assigned to in the Trust Portal. |
| Trust portal terms and condition | Allows users to view Terms and Conditions for Profiles they can view in the Trust Portal. |
| Manage terms & conditions for trust portal profile | Allows users to manage Terms and Conditions for Profiles they can view in the Trust Portal. |
| Trust portal view all profiles | Allows users to view all Profiles in the Trust Portal. |
| Upload and manage risk documents | Deprecated. |
| View Actions | Allows users to open Tasks within the My Tasks area and update (excluding Task Status). This is only relevant for action-type Tasks - such as Risk Treatment Plans, Issue Actions and Control Responsibilities. Assessment and Attestation responses are handled separately. |
| Change Action statuses | Allows users to update Task Status for Tasks within the My Tasks area. Only for action-type Tasks. |
| View Issue Library | Allows users to access the Libraries area of the Issues and Incidents module and view all Issue Libraries. Requires access to the Issues & Incidents module. |
| Create, edit, delete Issue Libraries | Allows users to create, edit and delete Issue Libraries and Issues within them. |
| View Issue Submission Forms | Allows user to access the Forms area of the Issues and Incidents module and view all Submission Forms. Requires access to the Issues & Incidents module. |
| Create Issue Submission Forms | Allows users to create new Submission Forms. |
| Delete Issue Submission Forms | Allows users to delete existing Submission Forms. |
| Edit Issue Submission Forms | Allows users to edit existing Submission Forms. |
| View risk workflow stages | Allows users to access the Risk Workflow area within the Risk module and view all Workflow Stages. Requires access to the Risk module. For Spokes within Hub & Spoke, ability to manage Risk Workflow must be enabled in the Hub for each Spoke. |
| Create risk workflow stage | Allows users to create new Workflow Stages. |
| Delete risk workflow stage | Allows users to delete existing Workflow Stages. |
| Edit risk workflow stage | Allows users to edit existing Workflow Stages. |
| Vulnerabilities | Allows users to access the Vulnerabilities module. Requires child permissions for view and edit access to Vulnerabilities and Scans. |
| Import, delete scans and create, edit, delete mappings | Allows users to import and delete Scans. Includes the ability to manage how Scans map to Vulnerabilities. |
| Manage Vulnerabilities | Allows users to create, edit and delete Vulnerabilities. |
| View imported scans and mappings | Allows users to view Scans and how these map to Vulnerabilities. |
| View Vulnerabilities | Allows users to view Vulnerabilities within the Vulnerabilities module. |