All user functions in S2Vendor are controlled by the permissions the user is granted. Each permission is standalone and grants access to very specific functionality.
Permissions By Role
Permissions can be stacked in custom combinations but within S2Vendor they tend to fall into 4 categories as defined by the user's role.
Administers the S2Vendor program usually in addition to playing the role of Risk Manager. Defined by the ability to adjust system settings and configurations.
The following permissions are typical of the administrator role.
Adds/manages vendors in S2Vendor. Responsible for making risk decisions such as approving impact ratings and making the final determination for each vendor.
The following permissions are typical of the risk manager role.
Provides classification criteria for assigned vendor(s). Has an extremely limited view into S2Vendor.
The following permissions are typical of the relationship owner role.
Gives visibility into incoming assessment requests from other organizations even if not explicitly listed by this organization. Able to respond to assessment requests and invite other team members to help.
The following permissions are typical of the vendor contact role.
Full Access is usually set by the vendor organization when they create a Response Team for ALL incoming assessment requests.
Configure Permissions (S2Org)
Configure Permissions (S2Team)