This article provides a summary of each access permission available within Spoke environments in 6clicks
| Permission | Description |
| Administration | Allows access to the Administration module |
| Custom Data - all (ensure Custom Data - Tag Management permission is ON) | Allows access to configure all custom fields and options. Must have the below permission activated to work |
| Custom Data - Tag Management | Allows access to the Custom Data section to configure custom fields and options. By default, this setting only provides access to the tag management functionality and control set types. Use the above setting to provide access to all custom data fields. |
| Single Sign-On | Allows access to the Single Sign-On section to set up and manage SSO with an external identity provider |
| Integrations | Allows access to the Integrations section to manage integration between 6clicks and other applications |
| Users | View-only access to users in the Administration module |
| Create new user | Allows the user to create and define new users |
| Edit user | Allows the user to redefine existing users |
| Delete user | Allows the user to delete existing users |
| Change permissions | Allows access to amend permissions for specific users. This will overwrite role permissions that are granted by assigned roles. |
| Login as a user | Allows the user to impersonate other users and log into their account |
| Roles | View-only access to roles in the Administration module |
| Create new role | Allows the user to create and define new roles |
| Edit role | Allows the user to redefine existing roles |
| Delete role | Allows the user to delete existing roles. Deleting roles that are being used will trigger a confirmation warning. |
| Groups | View-only access to groups and group members in the Administration module |
| Create, edit, and delete Groups | Allows the user to create, edit, and delete groups within the Administration module |
| Manage group members | Allows the user to add and remove users to existing groups as group members. This will give them access to any records assigned to that group. |
| Settings | Allows access to configure settings within the Administration module. Excludes the ability to customize and brand 6clicks - this requires the below permission. |
| Custom Branding | Allows access to define custom branding (including colors and logos for 6clicks) |
| Subscription management | Allows users with permission to the Administration module to upgrade the spoke license using the upgrade dialog within the application |
| Content Library | Allows access to the Content Library to view available content. For Spokes within the Hub & Spoke, this will only provide access to the Exclusive Content Library administered in the Hub. |
| Download content library item | Allows the user the ability to download content from the Content Library. For Hubs within the Hub & Spoke, this includes the ability to manage the Exclusive Content Library for Spokes. |
| General | A group for all General permissions. Does not grant any permissions by itself. |
| Dashboard | Allows users to access the 6clicks homepage dashboard. Not recommended for users who do not have access to all modules within 6clicks. |
| Tags - create on records | Allows users to create tags |
| Analytics | Allows access to the Analytics module. This needs to be paired with child permissions to grant access to reports. |
| Audits & Assessments (Analytics) | Allows access to standard and custom reports within the Audits & Assessments module report folders |
| Risks (Analytics) | Allows access to standard and custom reports within the Risks report folders |
| Issues (Analytics) | Allows access to standard and custom reports within the Issues & Incidents report folders |
| Control sets (Analytics) | Allows access to standard and custom reports within the control sets report folders |
| Authorities (Analytics) | Allows access to standard and custom reports within the authorities report folders |
| Third-parties (Analytics) | Allows access to standard and custom reports within the Third-Parties report folders |
| Risk reviews (Analytics) | Allows access to standard and custom reports within the Risk Reviews report folders |
| Assets (Analytics) | Allows access to standard and custom reports within the assets report folders |
| Registers (Analytics) | Allows access to standard and custom reports within the Registers report folders |
| Administration (Analytics) | Allows access to standard and custom reports within the Administration report folders |
| Assessment | Allows access to view Question-Based Assessments (including templates) that are assigned to the user within the Audits & Assessments module |
| Create assessment | Allows the user to create new Question-Based Assessments or templates |
| Edit assessment | Allows the user edit access to all Question-Based Assessments they have view access to. If paired with "View all assessments" permission, the user will have view and edit access to all audits and assessments. |
| Approve assessment | Allows the user to approve Question-Based Assessments |
| Publish assessment | Allows the user to publish Question-Based Assessments |
| Export assessment | Allows the user to export existing Question-Based Assessments or templates |
| Import assessment | Allows the user to import data into existing Question-Based Assessments or templates |
| Save as assessment | Allows the user to take a copy of existing Question-Based Assessments and templates |
| Add question to assessment | Allows users to add questions to Question-Based Assessments |
| Link control to assessment | Allows users to link a control to a Question-Based Aassessment that is already linked to or created from a control set |
| Remove question from assessment | Allows users to delete questions from Question-Based Assessments |
| Unlink control from assessment | Allows users to unlink a control to a Question-Based Assessment that is already linked to or created from a control set |
| Edit question | Allows users to edit existing questions in Question-Based Assessments |
| Add domain to assessment | Allows users to add domains to Question-Based Assessments |
| Edit an assessment domain | Allows users to edit existing domains in Question-Based Assessments |
| Remove domain from assessment | Allows users to delete domains from Question-Based Assessments |
| View all assessments | Allows the user view access to all Question-Based Assessments and templates |
| Access inbound assessments | Allows users to access Question-Based Assessments that have been sent to them. By default, users will only have access to questions assigned to them. |
| View all questions | Allows users view-only access to questions in Question-Based Assessments not assigned to them |
| QBA automation follow-up | Allows users to set conditions for assessments that, when satisfied, automatically initiate a follow-up assessment. |
| Create or edit automation | Allows users to create or edit an assessment automation |
| Delete automation | Allows users to delete an assessment automation |
| Assessment access members | Allows users to view access members linked to both Question-Based and Requirement-Based Assessments |
| Manage access members for assessment | Allows users to add and remove access members to both Question-Based and Requirement-Based Assessments |
| Assessments - send to third-party | Ability to send an assessment to a third-party respondent |
| Requirement-Based Assessment | Allows access to view all Requirement-Based Assessments within the Audits & Assessments module |
| Create assessment (RBA) | Allows users to create Requirement-Based Assessments |
| Edit assessment (RBA) | Allows users to edit Requirement-Based Assessments |
| Publish assessment (RBA) | Allows users to publish Requirement-Based Assessments |
| Export assessment (RBA) | Allows users to export data from existing Requirement-Based Assessments |
| Import assessment (RBA) | Allows users to import data into existing Requirement-Based Assessments |
| Save as assessment (RBA) | Allows users to copy existing Requirement-Based Assessments to create a new assessment |
| Add respondent | Allows users to add respondents within the environment |
| Asset | A group for all unique Asset permissions. Does not grant any permissions by itself. Requires "Register" permission and for the user to either be an access member for the Assets Register or to have view all access |
| Create asset | Allows users to create new assets in the Assets Register |
| Edit asset | Allows users to edit new or existing assets in the Assets Register |
| Delete asset | Allows users to delete existing assets in the Assets Register |
| View all assets | Allows users view-only access to all assets |
| Manage access members (asset) | Allows users to view and edit the access members of individual assets within the assets register |
| Attestations | Allows access to the Attestations module. This permission must be paired with child permissions to provide view and edit permissions. |
| View attestations | Allows users view-only access to attestations assigned to the user |
| Add attestations | Allows users to add attestations |
| Edit attestations | Allows users to edit existing attestations |
| Delete attestations | Allows users to delete existing attestations |
| Attest attestations | Allows users to complete attestations |
| View all attestations | Allows users view-only access to all attestations |
| Attestation access member | Allows users to view access members assigned to attestations. Must have access to the Attestations module. |
| Manage access members for attestations | Allows users to add and remove access members to attestations they have edit permissions to. Must have access to the Attestations module. |
| Authorities | Allows access to the Compliance module. Includes view access to all authority documents. |
| Add authority | Allows users to add new authority documents to the Compliance module. Must be paired with "Edit authority document" permissions to enable editing of new records. |
| Edit reference | Allows users to edit existing authority documents. Includes the ability to archive and restore authority documents. |
| Delete reference | Allows users to delete authority documents that have been archived |
| Manual authority mapping | Allows users to manually map authority documents to one another |
| Authority mapping powered by Hailey | Allows users to map authority documents to one another using the Hailey AI engine |
| My Tasks | Allows users to view and access the "My Tasks" menu. Access and view of the actual tasks are dependent on other permissions. |
| Risk treatment plan | Allows users to view and manage all assigned risk treatment plan tasks. Linked data visibility i.e. risks & controls are dependent on other permissions. |
| Control sets | Allows users to access the Controls module. Includes view access to all control sets. |
| Create control set | Allows users to create control sets and underlying controls Includes all types of control sets |
| Edit control set | Allows users to edit control sets and underlying controls Includes all types of control sets |
| Delete control set | Allows users to delete control sets and underlying controls. Includes all types of control sets |
| Manage custom fields (Controls) | Allows users to access the Manage fields functionality in Controls. Enable specific permissions to Create, Delete and Edit |
| Test | Allows users to view all the details related to Tests. Enable specific permissions to Create, Edit and Delete Tests |
| Test Result | Allows users to view all the details related to Test Results. Enable specific permissions to Create, Edit and Delete Test results |
| Control set mapping powered by Hailey | Allows users to map control sets to one another or to authority documents using the Hailey AI engine |
| Responsibility | Allows users to view and update control responsibilities within the My Tasks section. Also includes access to view control responsibilities within the Controls module. The latter requires access to the Controls module. |
| Create, edit, delete responsibilities | Allows users to create, edit, and delete responsibilities within the Controls module. Requires access to the Controls module. |
| Issues | Allows users to access the Issues & Incidents module Includes view access to any issues and incidents assigned to the user |
| Create issues | Allows users to create new issues and incidents within the Issues & Incidents module |
| Edit issues | Allows users to edit existing issues and incidents within the Issues & Incidents module |
| Delete issues | Allows users to delete existing issues and incidents within the Issues & Incidents module |
| View all issues | Allows users to view all issues and incidents within the Issues & Incidents module |
| Access issues | Allows users to access issues and issue actions that have been assigned to them. Superseded if all issue permissions from below are activated but must be used if not. |
| Issue libraries | Allows users to access the Libraries section of the Issues & Incidents module and view all issue libraries. Requires access to the Issues & Incidents module. |
| Create, edit, and delete issue libraries | Allows users to create, edit, and delete issue libraries and issues within them |
| Issue actions (abstract) - create, edit, and delete | Allows users to define abstract issue actions against issues within issue libraries. Requires access to both the Issues & Incidents module and the Issue Libraries within it. |
| Issue access members | Allows users to view access members assigned to issues and incidents. Must have access to the Issues & Incidents module. |
| Manage access members for issues | Allows users to add and remove access members to issues and incidents to which they have edit permissions. Must have access to the Issues & Incidents module. |
| Issue submission forms | Allows users to access the Forms section of the Issues & Incidents module and view all submission forms. Requires access to the Issues & Incidents module. |
| Create issue submission forms | Allows users to create new submission forms |
| Edit issue submission forms | Allows users to edit existing submission forms |
| Delete issue submission forms | Allows users to delete existing submission forms |
| Issue workflow stages | Allows users to access the Issue Workflow section within the Issues & Incidents module and view all workflow stages. Requires access to the Issues & Incidents module. For Spokes within the Hub & Spoke, the ability to manage issue workflows must be enabled in the Hub for each Spoke. |
| Edit issue workflow stage | Allows users to edit existing workflow stages |
| Delete issue workflow stage | Allows users to delete existing workflow stages |
| Create issue workflow stage | Allows users to create new workflow stages |
| Metrics 2.0 | Allows access to the Metrics module Includes view access to all metrics |
| Create, edit, delete metric | Allows users to create, edit, and delete metrics within the Metrics module |
| Notifications | Allows users to receive in-app notifications. Includes a notification alert icon and a notification home page. |
| Projects & Playbooks | Full access to the Projects & Playbooks module |
| Register | Access to the Registers module and any Custom Registers for which the user has view permissions. Access to the Assets Register is handled separately but requires this permission to work. |
| Create register | Allows users to create new custom registers within the Registers module |
| Edit register | Allows users to edit new and existing custom registers and custom register items within Custom Registers to which they have view access. Asset Register permissions are handled separately. |
| Delete register | Allows users to delete existing custom registers and custom register items within Custom Registers for which they have view access. Assets Register permissions are handled separately. |
| Create register item | Allows users to create new items within Custom Registers to which they have view access. Assets Register permissions are handled separately. |
| Registers (inc. asset register) access members | Allows users to view access members in registers |
| Manage access members for registers | Allows users to add and remove access members in any registers to which they have access in the Registers module. Requires "Edit custom register and custom register item" and "Edit asset" permissions to work with Custom Registers and Asset Registers respectively. |
| View all registers | Allows users to view all registers and register items regardless if they are access members. Affects both Asset and Custom Registers. |
| Risk | Allows users to access the Risks module. Includes view access to any risks assigned to the user. |
| View all risks | Allows users to view all risks within the Risks module |
| Create risk | Allows users to create new risks within the Risks module |
| Edit risks | Allows users to edit existing risks within the Risks module |
| Delete risks | Allows users to delete existing risks within the Risks module |
| Risk reporting | Allows users to access risk reports within the Reports module |
| Import risks, assessments, and treatments | Allows users to import risks, risk assessments, and risk treatment plans into the Risks Registers |
| Risk reviews (obsolete) | A group for all risk review and risk library permissions. Does not grant any permissions by itself. |
| Create, edit, delete risk reviews | Allows users to create, edit, and delete risk reviews within the Risks module. Requires access to Risk Reviews and the Risks module. |
| View risk reviews | Allows users to access the Reviews section of the Risks module. Includes the ability to view all risk reviews. Requires access to the Risks module. |
| Risk libraries | Allows users to access the Libraries section of the Risks module. Includes the ability to view all risks within the libraries. Requires access to the Risks module. |
| Create, edit, delete risk libraries | Allows users to create, edit, and delete risk libraries within the Risks module. Requires access to Risk Libraries and the Risks module. |
| Risk treatments | Allows users to view treatment plans for risks they have view access to and create, edit, and delete treatment plans for risks they have edit access to. Also includes the ability for users to update treatment plans within the My Tasks section. The latter requires permission to access and update My Tasks. |
| Risk documents - upload and manage | Ability to upload documents to Risks and then delete them if required |
| Associate entities to risks | Ability to link data (e.g., Issues, Controls, etc.) to Risks |
| Risk access members | Allows users to view access members assigned to risks. Must have access to the Risks module. |
| Manage access members for risks | Allows users to add and remove access members to risks for which they have edit permissions. Must have access to the Risks module. |
| Risk workflow stages | Allows users to access the Risk Workflow section within the Risk module and view all workflow stages. Requires access to the Risk module. For Spokes within the Hub & Spoke, the ability to manage risk workflows must be enabled in the Hub for each Spoke. |
| Edit risk workflow stage | Allows users to edit existing workflow stages |
| Delete risk workflow stage | Allows users to delete existing workflow stages |
| Create risk workflow stage | Allows users to create new workflow stages |
| View field access (Risk Workflow) | Allows users view permission on ‘Risk workflow > stage access’ on all workflow stages |
| Manage field access (Risk Workflow) | Allows users edit permission on ‘Risk workflow > stage access’ on all workflow stages |
| View stage requirements (Risk Workflow) | Allows users to view Risk workflow > stage requirements on all workflow stages |
| Manage stage requirements (Risk Workflow) | Allows users to edit Risk workflow > stage requirements on all workflow stages |
| Third-Party | Allows users to access the Third-Party module. Includes view access to all third-parties |
| Create third-party | Allows users to create new third-parties within the Third-Party module |
| Edit third-party | Allows users to edit existing third-parties within the Third-Party module |
| Delete third-party | Allows users to delete existing third-parties within the Third-Party module |
| Import third-party | Allows users to bulk import new third-parties within the Third-Party module |
| Products (shown on assessments) | A group for all service/product permissions. Does not grant any permissions by itself. |
| Create service/product | Allows users to link audits and assessments to new and existing services/products for grouping |
| Edit service/product | Allows users to create and edit services/products linked to third-parties from within the Third-Party module. Requires permission to the Third-Party module. |
| Delete service/product | Allows users to delete services/products linked to third-parties from within the Third-Parties module. Requires permission to the Third-Parties Module. |
| Third-party onboarding forms | Allows users to create and manage third-party onboarding forms |
| Users - add | Allows a non-admin user to create a new user |
| Actions (tasks) | Allows users to open and update tasks within the My Tasks section (excluding Task Status). This is only relevant for action-type tasks such as risk treatment plans, issue actions, and control responsibilities. Assessment and attestation responses are handled separately. |
| Change action statuses | Allows users to update the status for action-type tasks within the My Tasks section |
| Trust portal profiles - view | Allows users to view profiles that they are assigned to in the Trust Portal |
| Trust portal profiles - manage | Allows users to create new profiles and edit and delete ones they can view in the Trust Portal |
| Trust portal profiles - view all | Allows users to view all profiles in the Trust Portal |
| Trust portal access members | Allows users to view assigned access members to the profiles they can view in the Trust Portal |
| Manage access members (trust portal) | Allows users to add and remove access members to the profiles they can edit in the Trust Portal |
| Trust portal terms & condition | Allows users to view terms and conditions for profiles they can view in the Trust Portal |
| Manage terms & conditions for trust portal profile | Allows users to manage terms and conditions for profiles they can view in the Trust Portal |
| Vulnerabilities | Allows users to access the Vulnerabilities module. Requires child permissions for view and edit access to vulnerabilities and scans. |
| View vulnerabilities | Allows users to view vulnerabilities within the Vulnerabilities module |
| Manage vulnerabilities | Allows users to create, edit, and delete vulnerabilities |
| View imported scans and mappings | Allows users to view scans and how these map to vulnerabilities |
| Import and delete scans and create, edit, and delete mappings | Allows users to import and delete scans. Includes the ability to manage how scans map to vulnerabilities. |
| Hailey AI | Central permission for users to access Hailey AI features |
| Search and query powered by Hailey AI | Allows users to engage with Hailey AI through interactive questioning |
See Hub-level permission list here.
Learn how to manage user permissions and roles.