SurgeONE.ai - Settings - Roles Online Help

1. Navigating to the Roles page

Click on the left panel Settings menu and then click on the expanded Roles menu option.

Fig: 1 - Roles sub-menu option under the Settings menu option

Clicking on this menu option loads the Roles page showing the list of all questionnaire templates from all modules existing in SurgeONE.ai. Here is the view of the loaded page.

Roles page

Fig: 2 - Roles page

NOTE: The menu label can be updated from the Settings > Customize Menu page by the permitted user.

Fig: 3 - Renamed Roles sub-menu option under the Settings menu option

1.1. Basic Functionalities of the Roles page

SurgeONE.ai Roles module has the following basic functionalities:

View pre-defined system Roles
Create custom Role
View existing system and custom Roles
Rename a custom Role name and modify its description
Delete an existing Custom Role
Clone an existing Role from a system or custom Role
Assign or remove users from system and custom Roles
Assign / edit / revoke permissions / access to a custom Role

1.2. System Defined Roles

In SurgeONE.ai, when a company or a sub-company is created, a set of default system Roles gets automatically created for that company for each of the modules existing in SurgeONE.ai. All those default Roles are listed below, grouped by modules:

Company
- Company / Branch Admin
Audit Module
- Audit Super Admin
- Audit Admin
- Audit Access
Attestation Module
- Attestation Admin
- Attestation Access
Code of Ethics Module
- Code of Ethics Admin
- Code of Ethics Access
Vendor Management Module
- Vendor Admin
Cyber Compliance Module
- Cyber Admin
- Registered Representative
  - (The Registered Representative role user can do all operations related to Cyber Dashboard in terms of viewing as well as widget and dashboard configurations and can do partial operations in Audit, Attestation and Code of Ethics modules)
- Incident Manager
- Incident Resolution Team
Marketing Review
- Marketing Review Super Admin
- Marketing Review Content Approver
- Marketing Review Content Provider
E-Comms Surveillance
- E-Comms Surveillance Super Admin
- E-Comms Surveillance Admin
- E-Comms Surveillance Access

NOTE:

Accesses to any of the system roles are pre-defined and cannot be changed
The name of a system defined role will not be allowed to be modified
The description of a system defined role will not be allowed to be modified
A system role cannot be deleted
Users can be assigned or revoked from any of the system roles
Users who are permitted to access the Settings > Roles page can view the details of a system role in terms of:
- Role Name
- Description
- Accesses granted
- Users assigned
Vendor Access system role visibility:
- Vendor Access role will be hidden from the frontend application UI
- Any Vendor Contacts created against any vendor will be automatically assigned to the Vendor Access role by the system
- The reason for keeping it hidden is to restrict other users from being assigned to this role apart from the Vendor Contacts

2. Understanding the various elements of the Roles page

Refer to the following screenshot which is marked with numerical values that correspond to the below stated points.

Understanding the various elements of the Roles page

Fig: 4 - Understanding the various elements of the Roles page

Search options to filter out results
+ Add Role button to create a new custom role
Grid view populates the loaded or filtered roles
ACTION column contains the row-context menu options
Pagination options are provided at the bottom to control the page items limit and to navigate to other page entries

NOTE: The following sub-sections elaborate further to the above-stated points.

2.1. Searching for Roles

Here is the view of filters section:

Fig: 5 - Search bar and role type selection filter along with the reset icon

You can use the search bar to enter text and find matching results.
You can also filter out listed items using the Select Role Type dropdown. All, System, and Custom are provided as the dropdown options.

Fig: 6 - Select Role Type filter dropdown options

Based on the selection made here, or the filter set, matching results are listed out.

Fig: 7 - Filtered results

NOTE:

Click on reset icon to remove any search query or dropdown filter set.

Fig: 8 - Option to reset any filters set

The search operation can be executed on the Description value also instead of the Role Name.

Fig: 9 - Search operation by role description

2.2. Creating a new Role

NOTE: A user belonging to the Company / Branch Admin role can create custom roles. One can create a custom role from scratch or by cloning an existing role. Provide a role name, a brief description, and grant all or selected accesses from the list of available accesses. All accesses are listed in the respective tabs.

Create custom role flow

Click on the + Add Role button at the top right, to proceed to create a new custom role for your organization.

Fig: 10 - + Add Role button

The following page loads for the Add Role feature, where you need to provide the name of the custom role first in the Role Name field.

Fig: 11 - Role Name field

NOTE:

The module selection tabs and its permission categories are disabled by default. Only after you enter text in the Role Name field, the module selection tabs, and its permission categories get enabled below the Description field.
The Assign User button at the bottom is disabled on page load. You cannot assign users unless you specify a role name.
The Submit button at the bottom is also disabled on page load. You cannot save the custom role unless you specify a role name.

Fig: 12 - Disabled permission setting tabs and buttons

Next, you can enter a brief description or one-liner about this new custom role in the Description field. You can also skip this field, as it is optional.

Fig: 13 - Entering role description

Now you can proceed to make appropriate module selections from the provided tabs and assign permissions by enabling / disabling / partially disabling its operational sliders. There are three tabs which contain various modular group(s) and sliders related to associated permissions. They are as follows:

Company - It is selected by default
System Objects - It contains modular tab elements as follows - Audit, Attestation, Code Of Ethics, Vendor Management, Cyber, Marketing_Review and E_Comms
Custom Objects - It is populated when custom objects are created in the system

Let us illustrate this example of creating a new custom role by first understanding the Company tab. A slider is present against a permission grouping labeled as Can do all operations in all the modules in SurgeONE. Click on the right arrow icon at the left of the Can do all operations in all the modules in SurgeONE label. The permission category labeled as Can Access Settings expands below it. Its slider is enabled by default.

Fig: 14 - View of the expanding permission category after clicking on the left arrow icon against Can do all operations in all the modules in SurgeONE

When you expand the Can Access Settings category from within the Company tab, then the following permissions are revealed:

Can Access Roles

Can Access Mail Templates

Can Access Manage Objects

Fig: 15 - View of the expanding permission category after clicking on the left arrow icon against Can Access Settings

When you expand the Can Access Roles sub-category of the Can Access Settings category from within the Company tab, then the following permissions are revealed:

Can View Roles

Can Add / Edit / Clone / Delete Roles

Fig: 16 - View of the expanding permission category after clicking on the left arrow icon against Can Access Roles

When you expand the Can Access Mail Templates sub-category of the Can Access Settings category from within the Company tab, then the following permissions are revealed:

Can View Mail Templates

Can Edit Mail Templates

Fig: 17 - View of the expanding permission category after clicking on the left arrow icon against Can Access Mail Templates

When you expand the Can Access Manage Objects sub-category of the Can Access Settings category from within the Company tab, then the following permissions are revealed:

Can View Manage Objects

Can Add / Edit / Delete Manage Objects

Fig: 18 - View of the expanding permission category after clicking on the left arrow icon against Can Access Manage Objects

By default, all of the sliders are enabled in the Company tab. You can also drill down the permission categories.

You can change the slider states of these granular permissions. Disabling any slider state prompts a confirmation modal window.

Fig: 19 - Prompted confirmation window to disable an auto-enabled slider

Clicking on the Yes button provides the confirmation and changes the slider color from violet to grey to indicate its disabled state. The parent category sliders update to sky blue color to indicate its partially enabled state.

Fig: 20 - Updated slider state

NOTE: This confirmation prompt is not triggered again if you disable another slider when you have already provided confirmation.

Next, click on the System Objects tab. The Audit tab is displayed after you click on it. Click on the right arrow icon at the left of the Can do all operation in Audit module label. The permission categories expand below it. All the sliders are enabled by default.

Fig: 21 - Audit module permission categories

NOTE:

By default, each slider of all System Objects tabs are enabled
Add Role page lists the top-level accesses for the Company module in collapsed mode as the default tab view
The first access of the Company tab is Can do all operations in all the modules in SurgeONE
The first access of the System Objects tab is Can do all operations in Audit module of the Audit tab under it. If this is checked then by default all underlying accesses are checked. If this option is unchecked, then you can move to the next level of accesses which are grouped under three logical groupings - View Accesses, Add / Edit Accesses and Delete Accesses.
All view related accesses are under View Accesses group
All add and edit related accesses are under Add / Edit Accesses group
All delete related accesses are under Delete Accesses group
If you expand each of these groups then further underlying accesses specific to that group will be displayed. If the slider is enabled against each of these groups, then all underlying accesses are checked or granted by default. If the slider against the group is disabled you can move down to the next level to grant or check selected accesses specific to this group.
This same design for granting accesses is followed for all the associated modules of SurgeONE.ai

You can change the slider states. You can also drill down the permission categories. click on the right arrow icon at the left of the View Accesses category. The associated granular permissions expand below it. All the sliders are enabled by default.

When you expand the View Accesses category of the Audit tab, then the following permissions are revealed:

Can View All Audits

Can View Audits assign to me

Can Download an Audit Report

Can View Past / Completed Audit Reports

Fig: 22 - Loaded granular permissions when View Access category is expanded in Audit tab

You can change the slider states of these granular permissions. Disabling any slider state prompts a confirmation modal window.

Fig: 23 - Prompted confirmation window to disable an auto-enabled slider

Clicking on the Yes button provides the confirmation and changes the slider color from violet to grey to indicate its disabled state. The parent category sliders update to sky blue color to indicate its partially enabled state.

Fig: 24 - Updated slider state

NOTE: This confirmation prompt is not triggered again if you disable another slider when you have already provided confirmation.

You can click on the right arrow icon at the left of the Add / Edit Accesses category. The associated granular permissions expand below it. All the sliders are enabled by default. You can make the necessary slider selections.

When you expand the Add / Edit Accesses category of the Audit tab, then the following permissions are revealed:

Can Add / Edit an Audit

Can Attest an Audit

Can Remediate an Audit

Can Resolve Red Flagged Questions

Can Add / Edit Questionnaire Template

Fig: 25 - Loaded granular permissions when Add / Edit Access category is expanded in Audit tab

You can click on the right arrow icon at the left of the Delete Accesses category. It has one associated granular permission which expands below it. The slider is enabled by default. You can make the necessary slider selections.

When you expand the Delete Accesses category of the Audit tab, then the following permission is revealed:

Can Delete a (Not Started) Audit

Fig: 26 - Loaded granular permission when Delete Access category is expanded in Audit tab

Proceed to make necessary permission changes or selections in the other tabs. Since the process is the same as described above, it has not been repeated here. More details on system defined role-wise permissions settings and its elaboration has been provided in the following sub-section.

When you expand the View Accesses category of the Attestation tab, then the following permissions are revealed:

Can View All Attestations

Can View Attestations assign to me

Can View Past Attestation Reports (All)

Can View Past Attestation Reports (Self)

When you expand the Add / Edit Accesses category of the Attestation tab, then the following permissions are revealed:

Can Add / Edit an Attestation

Can Attest an Attestation

Can Remediate an Attestation

Can Resolve Red Flagged Questions

Can Add / Edit Questionnaire Template

Can Send Reminder

When you expand the Delete Accesses category of the Attestation tab, then the following permission is revealed:

Can Delete a (Not Started) Attestation

When you expand the View Accesses category of the Code of Ethics tab, then the following permissions are revealed:

Can View All Requests

Can View Requests Submitted by Me or my subordinates

Can View Rules

Can View all Completed Requests

Can View Completed Code of Ethics Requests submitted by me and my subordinates

When you expand the Add / Edit Accesses category of the Code of Ethics tab, then the following permissions are revealed:

Can Add Requests

Can Approve or Reject all Requests

Can Approve / Reject Requests Submitted by my subordinates

Can Add / Edit Rules

When you expand the View Accesses category of the Vendor Management tab, then the following permissions are revealed:

Can View All VDD

Can View My VDD

Can Download a VDD Report

Can View Past / Completed Vendor Assessment Reports

When you expand the Add / Edit Accesses category of the Vendor Management tab, then the following permissions are revealed:

Can Add / Edit a Vendor

Can Add / Edit an Assessment for all Vendors

Can Conduct All Assessments

Can Remediate Assessments

Can Resolve Red Flagged Questions

Can Add / Edit Questionnaire Template

When you navigate to the Cyber tab, then the following permission category is revealed:

Can do all operations related to Cyber Dashboard in terms of viewing as well as widget and dashboard configurations

When you expand the Can do all operations related to Cyber Dashboard in terms of viewing as well as widget and dashboard configurations category of the Cyber tab, then the following granular permissions are revealed:

Can do all operations related to Incident

Can resolve Incident

When you navigate to the Marketing_Review tab, then the following permission category is revealed:

Can do all operations in the Marketing Review module

When you expand the Can do all operations in the Marketing Review module category of the Marketing_Review tab, then the following granular permissions are revealed:

Can View Marketing Review

Can View Marketing Review Assign to me

Add / Edit Marketing Review

Delete Marketing Review

Upload Marketing Review

Approve Marketing Review

When you navigate to the E_Comms tab, then the following permission category is revealed:

Can do all operations in the E-Comms Surveillance module

When you expand the Can do all operations in the E-Comms Surveillance module category of the E_Comms tab, then the following granular permissions are revealed:

Can View E-Comms Surveillance

Can View E-Comms Surveillance Assign to me

Add / Edit E-Comms Surveillance

Delete E-Comms Surveillance

NOTE: You can also assign permissions to custom modules if custom objects are created in the system.

Fig: 27 - Custom Objects permissions

Click on the Assign User button once appropriate permissions are set in the respective modular tabs. You must assign at least one user to this new custom role.

Fig: 28 - Button to assign user(s) to new custom role

A modal window loads where you can assign user. There you can find two panels, one on the left and one on the right, labeled as Available Users and Assigned Users, respectively. The former lists out the existing users of your organization, while the latter lists out the users who are currently assigned to this role. Since here a custom role is being created, there are no users assigned to it yet.

Fig: 29 - Modal window to assign user(s) to new custom role

A search facility is also provided in both the panels. The following screenshot displays a search operation executed in the Available Users panel.

Fig: 30 - Search facility in the modal window to assign user(s) to new custom role

Ensure that at least one listed user is moved from the Available Users panel to the Assigned Users panel. To move listed users, you can use the buttons provided in the middle of the modal window. Refer to the following four points stated below to understand how to move users between the panels.
- Right arrow (>) button - Click on it after making checkbox selection(s) of the listed users of the Available Users panel to move the selected users to the Assigned Users panel.
- Left arrow (<) button - Click on it after making checkbox selection(s) of the listed users of the Assigned Users panel to move the selected users to the Available Users panel.
- Double right arrow (>>) button - Click on it to move the displayed users of the Available Users panel to the Assigned Users panel. If you have performed a search operation and then click on this button, then only the filtered users will be moved, while the other users who were not fetched by the search operation, will not be moved.
- Double left arrow (<<) button - Click on it to move the displayed users of the Assigned Users panel to the Available Users panel. If you have performed a search operation and then click on this button, then only the filtered users will be moved, while the other users who were not fetched by the search operation, will not be moved.

NOTE:

You cannot proceed to assign users to the role, unless there are existing users listed in the modal window.
The system will prompt a validation tooltip when you do not move any listed user to the Assigned Users panel and click on the Done button.

Fig: 31 - Validation to select user(s) to assign to new custom role

Click on the Done button to confirm user(s) assignment based on the selection(s) made.

Fig: 32 - Button to confirm user(s) assignment to the custom role

The modal window closes. Click on the Submit button after appropriate permissions are set and at least one user is assigned to this custom role.

Fig: 33 - Button to save new custom role

The custom role gets created. The new role gets listed in the Roles grid view. A No label can be seen against the System column.

Fig: 34 - New custom role getting listed in grid view and success notification getting displayed

NOTE:

Validation is employed on the granted permissions. The system will prompt the following tooltip if you proceed to create a custom role without assigning any granted permissions.

Fig: 35 - Validation on granted permissions while creating a custom role

Validation is employed on the assigned users. The system will prompt the following tooltip if you proceed to create a custom role without assigning any existing user.

Fig: 36 - Validation on assigned user while creating a custom role

2.2.1. Tabular View of Summary of Role-wise Permitted Operations

Module	Role	Accesses
Company	Company / Branch Admin	Can do all operations in all the modules in SurgeONE.ai. Can View Audits assigned to self and others Can Download an Audit Report Can View Past / Completed Audit Reports Can Add / Edit an Audit or an Attestation Can Conduct an Audit Can Remediate an Audit or Attestation or Vendor Assessments Can Resolve Red Flagged Questions of Audits or Attestations or Vendor Assessments Can Add / Edit Questionnaire Template of Audits or Attestations or Vendor Assessments Can Delete a (Not Started) Audit or Attestation Can View Attestations assigned to self and others Can View Past / Completed Attestation Reports of self and others Can Attest an Attestation Can Send Attestation Reminder Can View Requests submitted by self, my subordinates, as well as others, in Code of Ethics module Can View Rules in Code of Ethics module Can View all Completed Requests submitted by self, my subordinates, as well as others, in Code of Ethics module Can Add Requests in Code of Ethics module Can Approve / Reject all Requests in Code of Ethics module submitted by self, my subordinates, as well as others Can Add / Edit Rules Can View all VDD in the Vendor Management module Can View Past / Completed Vendor Assessment Reports Can Download a VDD Report Can Add / Edit a Vendor Can Add / Edit an Assessment for all Vendors Can Conduct All Vendor Assessments Can Remediate Assessments Can Access Roles under Settings Can View Roles under Settings Can Add / Edit / Clone / Delete Roles under Settings Can View Mail Templates under Settings Can Edit Mail Templates under Settings Can View Manage Objects under Settings Can Add / Edit / Delete Manage Objects under Settings Can do all operations related to Cyber Dashboard in terms of viewing as well as widget and dashboard configurations Can do all operations related to Incident Can resolve Incident Can View Marketing Review Can View Marketing Review Assign to me Can Add / Edit Marketing Review Can Delete Marketing Review Can Upload Marketing Review Can Approve Marketing Review Can View E-Comms Surveillance Can View E-Comms Surveillance Assign to me Can Add / Edit E-Comms Surveillance Can Delete E-Comms Surveillance Can do all operations in Custom Objects and Custom Attributes, if those are created in the system Can access all system defined reports Can access entire Settings module
Audit	Audit Super Admin	Can do all operations in the Audit module. Can View All Audits Can View Audits assign to me Can Add an Audit Can Edit a (Not Started) Audit Can Delete a (Not Started) Audit Can Conduct an Audit Can Remediate an Audit Can Resolve Red Flagged Questions Can Add Questionnaire Template Can Edit Questionnaire Template Can Download an Audit Report Can View Past / Completed Audit Reports Users belonging to this role will appear in the Auditor* field and the Recipient field for selection.*
	Audit Admin	Can do partial operations in the Audit module. Can View All Audits Can View Audits assign to me Can Add an Audit Can Edit a (Not Started) Audit Can Delete a (Not Started) Audit Can Conduct an Audit Can Remediate an Audit Can Resolve Red Flagged Questions Can Add Questionnaire Template Can Edit Questionnaire Template Can Download an Audit Report Can View Past / Completed Audit Reports Users belonging to this role will appear in the Auditor* field for selection.*
	Audit Access	Can be selected as a Recipient to participate in an Audit. Can View All Audits Can View Audits assign to me Can Add an Audit Can Edit a (Not Started) Audit Can Delete a (Not Started) Audit Can Conduct an Audit Can Remediate an Audit Can Resolve Red Flagged Questions Can Add Questionnaire Template Can Edit Questionnaire Template Can Download an Audit Report Can View Past / Completed Audit Reports Users belonging to this role will appear in the Recipient* field for selection.*
Attestation	Attestation Admin	Can do all operations in Attestation module only. Can View All Attestations Can View Attestations assign to me Can Add an Attestation Can Edit a (Not Started) Attestation Can Delete a (Not Started) Attestation Can Remediate an Attestation Can Resolve Red Flagged Questions Can Add Questionnaire Template Can Edit Questionnaire Template Can View Past / Completed Attestation Reports
Attestation	Attestation Access	Can be invited to participate in Attestations. Can do partial operations in the Attestation module. Can be invited to participate in Attestations. Can View All Attestations Can View Attestations assign to me Can Add an Attestation Can Edit a (Not Started) Attestation Can Delete a (Not Started) Attestation Can Remediate an Attestation Can Resolve Red Flagged Questions Can Add Questionnaire Template Can Edit Questionnaire Template Can View Past / Completed Attestation Reports
Code of Ethics	Code of Ethics Admin	Can do all operations in Code of Ethics module only. Can View Code of Ethics Dashboard Can View All Code of Ethics Types (Securities Trading - Pre-Trade, Post Trade. Gifts & Entertainment, Political Contributions, Outside Business Activities, Complaints and Outside Accounts Requests) Can View Requests Submitted by me Can Submit Requests of All Code of Ethics Types (Securities Trading - Pre-Trade, Post Trade. Gifts & Entertainment, Political Contributions, Outside Business Activities, Complaints and Outside Accounts Requests) Can Approve or Reject all Code of Ethics Requests (Securities Trading - Pre-Trade, Post Trade. Gifts & Entertainment, Political Contributions, Outside Business Activities, Complaints and Outside Accounts Requests) Can Define All Rules (Gifts & Entertainment, Political Contributions and Outside Business Activities Rules) Can View all Completed Code of Ethics Requests
Code of Ethics	Code of Ethics Access	Can do partial operations in the Code of Ethics module. Can View Code of Ethics Dashboard Can View All Code of Ethics Types (Securities Trading - Pre-Trade, Post Trade. Gifts & Entertainment, Political Contributions, Outside Business Activities, Complaints and Outside Accounts Requests) Can View Requests Submitted by me Can Submit Requests of All Code of Ethics Types (Securities Trading - Pre-Trade, Post Trade. Gifts & Entertainment, Political Contributions, Outside Business Activities, Complaints and Outside Accounts Requests) Can Approve or Reject all Code of Ethics Requests (Securities Trading - Pre-Trade, Post Trade. Gifts & Entertainment, Political Contributions, Outside Business Activities, Complaints and Outside Accounts Requests) Can Define All Rules (Gifts & Entertainment, Political Contributions and Outside Business Activities Rules) Can View all Completed Code of Ethics Requests
Vendor Management	Vendor Admin	Can do all operations in Vendor Management module only. Can View Vendor Management Dashboard Can View All Vendors Can View My (Created by me) Vendors Can Add an Assessment for all Vendors Can Add an Assessment for Vendors Can Edit a (Not Started) Assessment Can Delete a (Not Started) Assessment Can Conduct All Assessments Can Conduct My Vendors Assessments Can Remediate Assessments Can Resolve Red Flagged Questions Can Add Questionnaire Template Can Edit Questionnaire Template Can Download an Audit Report Can View Past / Completed Audit Reports
Cyber	Cyber Admin	Can do all operations related to Cyber Dashboard in terms of viewing as well as widget and dashboard configurations. Can resolve Incident
	Registered Representative	Can do all operations related to Cyber Dashboard in terms of viewing as well as widget and dashboard configurations. Can do partial operations in Audit, Attestation and Code of Ethics. Can View Audits assign to me Can Download an Audit Report Can View Past / Completed Audit Reports of self Can Conduct an Audit Can Remediate an Audit Can View Attestations assign to me Can View Past / Completed Attestation Reports of self Can Attest an Attestation Can Remediate an Attestation Can Send Attestation Reminder Can View Requests Submitted by Me or my subordinates in Code of Ethics module Can View Rules in Code of Ethics module Can View all Completed Requests in Code of Ethics module Can Add Requests in Code of Ethics module Can Approve or Reject all Requests in Code of Ethics module Can Approve / Reject Requests Submitted by my subordinates in Code of Ethics module
	Incident Manager	Can do all operations related to Cyber Compliance > Incident Management page only. Cannot access any other module except for Set Password and MFA pages. Can do all operations related to Incident Can resolve Incident
	Incident Resolution Team	Can resolve any incidents which are assigned to the user. Cannot perform any other actions in any module except for Set Password and MFA pages. Can resolve Incident
Marketing Review	Marketing Review Super Admin	Can do all operation for the Marketing Review module only. Can View Marketing Review Can View Marketing Review Assign to me Can Add / Edit Marketing Review Can Delete Marketing Review Can Upload Marketing Review Can Approve Marketing Review
	Marketing Review Content Approver	Can do partial operations in the Marketing Review module. Can View Marketing Review Can Add / Edit Marketing Review Can Delete Marketing Review Can Upload Marketing Review Can Approve Marketing Review
	Marketing Review Content Provider	Can view the Marketing Review entries which are assigned to self. Can View Marketing Review Assign to me Can Upload Marketing Review
E-Comms Surveillance	E-Comms Surveillance Super Admin	Can do all operation for the E-Comms Surveillance module. Can View E-Comms Surveillance Can View E-Comms Surveillance Assign to me Can Add / Edit E-Comms Surveillance Can Delete E-Comms Surveillance
	E-Comms Surveillance Admin	Can do partial operations in the E-Comms Surveillance module. Can View E-Comms Surveillance Can Add / Edit E-Comms Surveillance Can Delete E-Comms Surveillance
	E-Comms Surveillance Access	Can view the E-Comms Surveillance entries which are assigned to self. Can View E-Comms Surveillance Assign to me

NOTE:

Users belonging to the Registered Representative role will have accesses except the following:
- Cannot edit Business Details
- Cannot Manage Users
- Cannot create / schedule Audit
- Cannot access Template Library
- Cannot access Mail Templates
- Cannot access Roles
- Cannot create / schedule Attestation
- Cannot create Code of Ethics Rules
- Cannot view all requests in Audits, Attestations or Code of Ethics modules
- Cannot access Vendor Management module
- Cannot access Settings module
- Cannot access Marketing Review module
- Cannot access E-Comms Surveillance module
Users belonging to a role(s) who has the following accesses enabled will be populated in the Auditor field:
- Can Add / Edit Audit
- Can Conduct Audit
- Can Remediate an Audit
- Can Resolve Red Flagged Questions
Users belonging to a role(s) who has the following access enabled will be populated in the Recipient field:
- Can Conduct Audit
- Can Remediate an Audit
Users belonging to a role(s) who has the following access enabled will be populated in the Incident Resolution Team modal window - which loads after clicking on any unresolved (Incident Management grid view entry with Needs Review Status) incident's Action column > Assign menu option.
- Can resolve Incident

2.3. Roles Grid View

About the Roles grid view:

The grid view of the Roles page displays the system defined roles by default, as well as any custom roles, if created.
The number of row entries of various roles which populate the grid view depending on the pagination options set by the logged-in user.
Ten entries are display per page view by default.

The layout comprises of the following columns:

ROLE NAME - This column displays the role label. If you create custom roles then those role labels are also displayed here. The listed items change according to search operations executed and filter set.
DESCRIPTION - This column displays the role description. Role descriptions are displayed here if they were provided at the time of the role creation. The listed items change according to search operations executed and the role type dropdown filter set.
SYSTEM - This column displays the role type. There can be two types. The system defined roles are displayed with a Yes label under this column, while any created custom roles are displayed with a No label.
ACTION - This column contains a vertical ellipsis icon for each row entry. This icon can be toggled to reveal the row-context menu options. More information on these menu options have been provided in the following sub-sections.

Fig: 37 - Roles grid view

2.4. Understanding the ACTION Menu Options

There are five menu options as follows:

Edit - Use it to modify any custom role. System roles cannot be edited. This option is greyed-out for system roles.
Delete - Use it to delete any custom role. System roles cannot be deleted. This option is greyed-out for system roles.
View - Use it to view any custom role.
Assign User(s) - Use it to assign user(s) to or remove assigned user(s) from any system or custom role.
Clone - Use it to make a copy of any system or custom role configuration.

Here is the view of the menu options for a system defined role.

Fig: 38 - Expanded view of the system role menu options of the ACTION column

Here is the view of the menu options for a custom role.

Fig: 39 - Expanded view of the custom role menu options of the ACTION column

2.4.1. Editing Roles

Editing System Roles

Click on the vertical ellipsis icon of the ACTION column against a system defined role row entry to load the menu options. The Edit option is disabled. Hence, you cannot edit a system defined role.

Fig: 40 - Disabled Edit menu option

Editing Custom Roles

Click on the vertical ellipsis icon of the ACTION column against a custom role row entry to load the menu options. Click on the Edit option to get navigated to the Role > Edit Role view.

Fig: 41 - Enabled Edit menu option

You can change the role label, the description (if present), and the assigned permissions. You can also assign users or remove any previously assigned ones.

Fig: 42 - Edit Role view

The Company tab is selected by default. When you expand the Can Access Settings category from within the Company tab, then the following permissions are revealed:

Can Access Roles

Can Access Mail Templates

Can Access Manage Objects

When you expand the Can Access Roles sub-category of the Can Access Settings category from within the Company tab, then the following permissions are revealed:

Can View Roles

Can Add / Edit / Clone / Delete Roles

When you expand the Can Access Mail Templates sub-category of the Can Access Settings category from within the Company tab, then the following permissions are revealed:

Can View Mail Templates

Can Edit Mail Templates

When you expand the Can Access Manage Objects sub-category of the Can Access Settings category from within the Company tab, then the following permissions are revealed:

Can View Manage Objects

Can Add / Edit / Delete Manage Objects

Next, click on the System Objects tab. The Audit tab is displayed after you click on it.