Forio
Docs

Roles Explained

Viewer

The Viewer role is the entry-level access tier. A Viewer can see everything in the app but cannot create, modify, or delete anything. This role is appropriate for executives, stakeholders, or auditors who need to review the security posture without making changes.

Viewers can:

  • Browse all 7 dashboard tabs (Dashboard, Scanning, Findings, Cases, Access Explorer, Alerts, Audit Log)
  • Read findings, cases, and exposure scores
  • View the audit log
  • See their own in-app notifications
  • View alert rules and triggered alerts

Viewers cannot:

  • Create or update findings
  • Open, assign, or comment on cases
  • Run scans
  • Change any settings

Analyst

The Analyst role is designed for members of a security or GRC team who actively work findings and cases. An Analyst can do everything a Viewer can, plus perform most operational actions.

Analysts can (in addition to Viewer):

  • Create findings manually or via CSV import
  • Update finding status (Open → Triaged → Resolved → Dismissed)
  • Create cases, assign cases, add comments
  • Link findings to cases
  • Run content scans (from the Scanning tab)
  • Expand group memberships in Access Explorer
  • Request risk exceptions (but not approve them)

Approver

The Approver role is designed for a senior security officer or team lead who needs to make governance decisions. An Approver can do everything an Analyst can, plus approve or reject exception requests.

Approvers can (in addition to Analyst):

  • Approve or reject risk exception requests submitted by Analysts

Approvers cannot:

  • Access Admin Settings
  • Assign roles to other users
  • Configure detectors, score weights, or SLA policies

Admin

The Admin role has unrestricted access to the entire application including all settings tabs. This role should be limited to a small number of trusted users.

Admins can (in addition to Approver):

  • Access all 8 Admin Settings tabs
  • Assign, change, or remove roles for any user
  • Create and manage custom roles using the capabilities matrix
  • Configure exposure score weights and SLA policies
  • Enable, disable, or create custom content detectors
  • Configure Jira integration
  • Set data retention periods and trigger manual purges
  • Rebuild the entity count cache
  • View job run history and system health
  • Revoke any exception (not just their own)
Prev
Role Reference
Next
Scan Progress & Stat Cards