Restricted Auditor

Estimated reading: 7 minutes 188 views

This user has same privilege as the auditor except that his access is limited to a single application.

The permission allows auditing applications for which the user is a member of the ‘Membership Manager’ role.

The Restricted Auditor will be assigned, the following permission set by default:

Description	Remarks
Restricted Auditor permissions	This permission gives you the right to audit applications for which you have the role “Membership Manager”.

The Restricted Auditor will be assigned, the following permissions by default:

Description	Remarks
Applications\Can Read Application	This permission gives you the right to read applications for which you have the role “Membership Manager”.
Audit and Reporting\Can Generate Documentation	This permission gives you the right to generate the documentation.
Audit and Reporting\Can Read Event Log	This permission gives you the right to read an Event Log.
Groups\Can Read Group	This permission gives you the right to read a group.
Groups\Can Read Permission	This permission gives you the right to read a permission.
Permission Sets\Can Read Permission Set	This permission gives you the right to read a permission set.
Roles\Can Read Application Role	This permission gives you the right to read an application role.
Roles\Can Read Shared Role	This permission gives you the right to read a shared role.
Roles\Can Read System Role	This permission gives you the right to read a system role.
Users\Can Read Use	This permission gives you the right to read a user.

Impact of Restricted Auditor Role on Applications

This module explains the impact on the applications if the user has been granted the Restricted Auditor Role.

The User will be assigned following permissions:

Description	Remarks
Can Read Application	This permission gives you the right to read applications for which you have the role “Membership Manager”.

Once the user logs in using the assigned mode of authentication, the following screen will be displayed:

Since the user has permissions to Can Read Application, the user will be able to view the application details in read only format.
Once the user clicks on the Application name the application details will be displayed as below:

Other application related options will be disabled as shown below:

Impact of Restricted Auditor Role on Audit and Reporting

This module explains the impact on the audit and reporting if the user has been granted the Restricted Auditor Role.

The User will be assigned following permissions:

Description	Remarks
CanGenerateDocumentation	This permission gives you the right to generate documentation.
Can Read Event Log	This permission gives you the right to read an Event Log.

Once the user logs in using the assigned mode of authentication, the following screen will be displayed:
The Restricted Auditor Role, do not have permission to view the application list, hence as soon as they Login, they can view the below screen.

Since the user has permissions to Can Generate Documentation he can use the Generate Documentation option to generate the documentation.

Can Read Event Log permission allows access to viewing the event log as shown below:

Impact of Restricted Auditor Role on Groups

This module explains the impact on the groups if the user has been granted a Restricted Auditor Role.

The User will be assigned following permissions:

Description	Remarks
\Groups\CanReadGroup	This permission gives access to read a group for which you have the role “Membership Manager”.

Once the user logs in using the assigned mode of authentication, the following screen will be displayed:
The user will be able to view list of all the applications (A).

Since the user has permissions to Can Read Groups he will be able to view the list of groups that are assigned to him.
In case a child group is assigned to the user, automatically the parent group will also be displayed.
The user will be able to view list of all the groups. (B)

Depending on the roles assigned to the user and the group the role with maximum privileges will take effect.
For example if the user has role of Restricted Auditor and assigned group has Master Administrator role, the user will be granted Master Administrator role.

Impact of Restricted Auditor Role on Permissions

This module explains the impact on the permissions if the user has been granted a Restricted Auditor Role.

The User will be assigned the following permissions:

Description	Remarks
Can Read Permission	This permission gives you the right to read a permission.

Once the user logs in using the assigned mode of authentication, the following screen will be displayed:
The user will be able to view list of all the applications (A) for which he has the Membership Manager role.

Since the user has permissions to Read permissions all permission details will be displayed in read only mode. (A)
Additionally the options to rename, remove or add a new permission will also be disabled as shown below:

Impact of Restricted Auditor Role on Permission Sets

This module explains the impact on the permissions if the user has been granted a Restricted Auditor Role.

The User will be assigned the following permissions:

Description	Remarks
Can Read Permission Sets	This permission gives you the right to read a permission set.

Once the user logs in using the assigned mode of authentication, the following screen will be displayed.
The user will be able to view a list of all the applications (A) for which he has the Membership Manager role.

Since the user has permissions to Read permission sets all permission set details will be displayed in read only mode. (A)
Additionally the options to rename, remove or add a new permission set will also be disabled as shown below:

Impact of Restricted Auditor Role on Roles

This module explains the impact on the roles if the user has been granted a Restricted Auditor Role.

The User will be assigned the following permissions:

Description	Remarks
Can Read Application Role	This permission gives you the right to read an application role.
Can Read Shared Role	This permission gives you the right to read a shared role.
Can Read System Role	This permission gives you the right to read a system role.

Once the user logs in using the assigned mode of authentication, the following screen will be displayed:
The user will be able to view list of all the applications (A) for which he has the Membership Manager role.

Since the user has Can Read Application Role privilege the user can view only the role details of the application for which the user has Membership Manager role.
Additional options such as rename, remove or add a new role will be disabled as shown below:

Similarly the Can Read Shared Role privilege will allow the user to view the shared role information in read only mode.
Additional options such as rename, remove or add a new role will be disabled as shown below:

Similarly the Can Read Special Role privilege will allow the user to view the special role information in read only mode.
Additional options such as rename, remove or add a new role will be disabled as shown below:

Impact of Restricted Auditor Role on Users

This module explains the impact on the users if the user has been granted a Restricted Auditor Role.

The User will be assigned following permissions:

Description	Remarks
Can Read User	This permission gives you the right to read user

Once the user logs in using the assigned mode of authentication, the following screen will be displayed.
The user will be able to view list of all the applications (A) for which he has the Membership Manager role.

Since the user has the Can Read User permission the option will allow the user to view list of all users that belong to the same group as the user.
Additionally depending on the group permissions list of users that are listed might vary.
For example the current user has restricted auditor permission but if the user group has the Master Administrator role then the list of all the users will be displayed.
The user can view the user details by clicking on the username.

See Also:

Special Roles
Impact of granting multiple roles
Special Roles & Permission Matrix