System Capabilities

The capabilities below are system capabilities, shipped with the default configuration of File Access Manager. You can create custom capabilities to fit your needs.

Warning: The system capabilities described below should not be removed or modified.

Auditor

The auditor capability is designed for users who perform internal audits and assist in external audits of user access information within the organization.

Rights

• See and manage all reports.

• See and run the forensic screens.

• Delete report templates.

Scope

The Auditor capability is assigned Full Scope by default. This allows users in this capability to see and run reports on all resources. It does not allow the auditor users actions that require specific resources assigned to them. See Scope

This capability does not have permission to delete query results from the Activity Forensics screen.

Data Owner

This is a capability automatically associated with anyone assigned as an owner of any business resource. Users who are assigned this role are the data owners of all the resources in their scope.

Rights

See and manage user access information around business resources in their scope

Compliance Manager

Rights

• Configure and manage certification templates and campaigns.

• Configure data classification policies, rules, and policy objects.

• View data classification forensics – this does not include Activities.

• See and run most reports. This role does not have the right Report Template Administrator. See Special Rights.

Scope

The Compliance Manager capability is assigned Full Scope by default. This allows users in this capability to see and run reports on all resources. It does not allow the compliance manager users actions that require specific resources assigned to them. See Scope.

Administrator

The administrator has all the rights in File Access Manager enabled, except for Reviewer. See Special Rights.

Rights

• View the administrator dashboard and statistics.

• See and manage user access information for all business resources.

• Configure and run data owner election processes.

• Configure settings for the File Access Manager website.

• Access rights granted to anyone with Administrator capability in the File Access Manager website or File Access Manager Administrative Client.

• The Report Templates Administrator right. See Special Rights.

Scope

The Administrator capability is assigned Full Scope by default. This allows users in this capability to see and run reports on all resources. It does not allow the administrator users actions that require specific resources assigned to them. See Scope.

The table below shows a high-level description of default capabilities, which are set with rights to access the indicated screens.

Screens	Administrator Capability	Compliance Manager Capability	Data Owner Capability	Auditor Capability
Dashboard	ü		ü1 Data Owners see a limited version of the dashboards that is relevant to the capability.
Resource	ü		ü
My Tasks	ü	ü	ü	ü
Reports	ü	ü	ü	ü
Compliance	ü	ü2 The Compliance Manager cannot access the Alert Rules under the Compliance menu.
Forensics	ü	ü3 Compliance Managers have access to the Data Classification Forensics page only.	ü	ü
Goals	ü
Settings	ü	ü4 Compliance Manager access to the Settings screen is limited to the Access Certification Message Template.

For a full description of the rights set per capability, see the web_permission table in the File Access Manager database.

The capabilities in your system can be modified and new capabilities added by the administrators and implementation teams, so your implementation may differ from the table above.