What module will the user need access to?
Check out Administration roles.
S2ORG
Owner
Typically given to users that will be engaging fully with S2Org
Contributor
Less commonly given to users. This role is very useful for users that should only have limited engagement with S2Org
Reader
Most common role given to users. It's free and enables the user to see all content inside S2Org. This is ideal for delivery
S2Vendor
Supervisor
Rarely given to any user. This role is intended for users managing a large team of Risk Managers
Risk Manager
This role should be given to the user that will actively manage the vendor risk management program
Settings Manager
Typically paired with the Risk Manager role. This role enables the user to change the default configurations
Relationship Owner
Does not need to be assigned here. This role will be automatically applied to users when they are assigned to classify a vendor
Reader
Assigned to users who do not actively participate in the administration of the vendor risk management program but who have a vested interest in the results
S2Team
Manager
This role should be given to the user that will actively manage the program
Reader
This roles enables the user to see all team content
S2PCI
Site Manager
This role should be given to the user that will actively manage the PCI program
Reader
Assigned to users who do not actively participate in the administration of the PCI program but who have a vested interest in the results. For example, it might be given to a QSA or an auditor
Administration
Administrator
Typically given to a select few. This role enables the user to configure all account settings (Organization Profile, Sub Entities, Partner Management, Users, Roles, Billing, SAML Settings, SMTP Settings, Message Center, Domain Management)
Client Administrator
This role is specific to partner users inside client accounts. It's a limited version of the Administrator role (Organization Profile, Sub Entities, SAML Settings, SMTP Settings, Message Center, Domain Management)