Case studyFortune 100: 80% less compliance workRead the Story
RiskWatch
Risk support · documentation

Users Module for Risk Application

Welcome to the Users Module! This section of the application allows Risk Administrators to manage users who have access to the system. The Users Module ensures that individuals can perform their tasks while adhering to the specific access controls set by Risk Administrators. This guide will provide a step-by-step walkthrough of how to manage users within the application.

Updated 2026-05-14DocumentationRiskWatch platform

What is the Users Module for Risk Application module in RiskWatch?

Welcome to the Users Module! This section of the application allows Risk Administrators to manage users who have access to the system. The Users Module ensures that individuals can perform their tasks while adhering to the specific access controls set by Risk Administrators. This guide will provide a step-by-step walkthrough of how to manage users within the application. It sits inside the RiskWatch risk workspace and shares its data with assessments, the evidence vault, and the audit-pack export so a single change updates every downstream view.

How do I use the Users Module for Risk Application screen?

Open the RiskWatch app, navigate to the Users Module for Risk Application module from the main menu, and apply the filters or actions described in the guide below. Permissions follow your role profile, so admins see configuration, assessors see workflow actions, and viewers see read-only data. Saved views and filters persist per user across sessions.

Key concepts in this module
Accessing the Users ModuleAdding UsersEditing UsersDeleting UsersUser Eventscreated

User Guide: Users Module for Risk Application

Welcome to the Users Module! This section of the application allows Risk Administrators to manage users who have access to the system. The Users Module ensures that individuals can perform their tasks while adhering to the specific access controls set by Risk Administrators. This guide will provide a step-by-step walkthrough of how to manage users within the application.

  1. Overview of the Users Module

The Users Module is where all user management activities take place. Users can be added to the application, their access controls can be configured, and bulk user management is made simple for Risk Administrators. Access to this module is restricted based on roles and permissions.

Key features include:

  • Adding users individually or via bulk upload.
  • Configuring access controls for users.
  • Managing user permissions and roles.
  1. Accessing the Users Module

To access the Users Module, follow these steps:

  • Navigate to the Main Menu.
  • Click on Users to open the module.
  1. Adding Users

1. Dual Product Setup (Compliance + Risk Applications)

Risk Administrators can add users in a dual-product environment, where both Compliance and Risk roles are applicable.

Steps to add a User:

  1. Navigate to the Users Module.
  2. Click on the Add Risk User icon.
  3. Fill in the following fields:
    • First Name – User's first name
    • Last Name – User's last name
    • Email Address – Used for login and communication
    • User Role – Select from:
      • Administrator
      • Manager
      • Site Contact
      • Limited Site Contact
      • View Only
    • Risk Role – Select from:
      • Risk Administrator
      • Risk Manager
      • Risk Assessor
      • Risk Owner
      • Risk User
      • Risk Viewer
    • Phone Number
    • Job Title
    • Policy – Assign relevant compliance policies
    • Regions – Geographic or organizational regions
    • Tags – For custom user categorization
    • Account Status – Lock or Unlock
  4. User roles mapping
  • User Role – Risk Administrator primarily mapped to Risk Role – Risk Administrator but other roles also mapped such as Risk Manager, Risk Assessor, Risk Owner, Risk User and Risk Viewer.
  • User Role – Risk Manager primarily mapped to Risk Role – Risk Manager but other roles also mapped such as Risk Assessor, Risk Owner, Risk User and Risk Viewer.
  • User Role – Site Contact primarily mapped to Risk Role – Risk Assessor but other roles also mapped such as Risk Owner, Risk User and Risk Viewer.
  • User Role – Limited Site Contact primarily mapped to Risk Role – Risk Assessor but other roles also mapped such as Risk Owner, Risk User and Risk Viewer.
  • User Role – View only primarily mapped to Risk Role – Risk Viewer.

2. Single Product Setup (Risk Application Only)

For systems using only the Risk Assessment product, the process is slightly simplified.

Steps to Add a User:

  1. Navigate to the Users Module.
  2. Click on the Add Risk User icon.
  3. Fill in the following fields:
    • First Name
    • Last Name
    • Email Address
    • Risk Role – Choose from:
      • Risk Administrator
      • Risk Manager
      • Risk Assessor
      • Risk Owner
      • Risk User
      • Risk Viewer
    • Phone Number
    • Job Title
    • Session Time – Define user session timeout duration
    • Account Status – Lock or Unlock
  4. Click Save to add the user
  5. Editing Users

Risk Administrators have permissions to edit user details via the Users Module.

Steps to Edit a User:

  1. Access Users Module
    • Navigate to the Users Module from the main menu.
    • Click on any existing user that needs editing.
  2. Edit Available Fields
    You can modify the following fields:
    • First Name
    • Last Name
    • Email Address
    • Status (Active/Inactive)
    • User Role
    • Risk Role
    • DMS Role
    • Phone Number
    • Job Title
    • Session Timeout
    • Policy
    • Regions
    • Tags
  3. Save Changes
    • Click Save to update the edited fields.
    • Verify that all changes are reflected correctly in the user’s profile.
  4. Risk Role License Handling
    • License will not be debited when changing the Risk Role for an existing user.
    • A license is only debited when assigning a Risk Role to a new user.
  5. License Consumption for Dual Product Environments
    • If Dual Product is enabled, license debits apply as follows:
      • 1 license for Administrator or Risk Administrator
      • 1 license for Manager or Risk Manager
      • 1 license for Site Contact or Risk Assessor or Risk Owner or Risk User
      • 1 license for Limited Site Contact or Risk Assessor or Risk Owner or Risk User
      • 0 license for View only or Risk Viewer
  6. Deleting Users
  • Navigate to the Users Module from the main menu.
  • Click on the Delete icon next to the user you want to remove from the grid.
  • Confirm deletion in the prompt that appears.
  • Alternatively, open the user in Edit mode, and use the Delete button.
  • Verify that the selected user has been successfully deleted and is no longer listed in the Users grid.
  • Check that a Risk Administrator can: Delete any user regardless of:
    • Their Risk Role:
      • Risk Administrator
      • Risk Manager
      • Risk Assessor
      • Risk Owner
      • Risk User
      • Risk Viewer
    • Or who created the user:
      • Risk Administrator can delete users created by any other user or themselves.
  • Check that a Risk Manager can: Delete users with the following Risk Roles, only if they were created by the same Risk Manager:
    • Risk Manager
    • Risk Assessor
    • Risk Owner
    • Risk User
    • Risk Viewer

Cannot delete:

    • Any user with Risk Administrator role
    • Any user (even lower-level) not created by them
    • Any user created by another Risk Manager
  • Risk Assessor - Deletion Permission as below
  • Can Delete Specific Roles:
    • Risk Assessor
    • Risk Owner
    • Risk User
    • Risk Viewer
    • Cannot delete Risk Manager
    • Cannot delete Risk Administrator
  • Creator-Based Deletion Restriction:
    • Can delete lower-level users created by themselves
    • Cannot delete lower-level users created by other users
    • Other Risk Assessors cannot delete lower-level users created by another Risk Assessor
  • Risk Owner – Deletion Permission Checklist

Allowed Deletions (Only If User Created by Self):

  • Risk Assessor
  • Risk Owner
  • Risk User
  • Risk Viewer

Restricted Deletions:

  • Cannot delete Risk Administrator
  • Cannot delete Risk Manager
  • Cannot delete users not created by the same Risk Owner
  • Other Risk Owners cannot delete users created by this Risk Owner
  • Check that Risk user cannot have permission to delete any risk role user
  • Check that Risk viewer cannot have permission to delete any risk role.
  1. Types of Risk User roles

Risk Administrators can add following user roles

  • Risk Administrator.
  • Risk Manager
  • Risk Assessor
  • Risk Owner
  • Risk User
  • Risk Viewer
  1. Language Options for User module

To cater to diverse user needs, the user module supports multiple languages. You can select your preferred language from the dropdown menu located at the top of the screen. This ensures that your reports are accessible and understandable across global teams.

  1. User Events
  • Events shows the information all the logs of the user roles created, updated and deleted. When user is created, Events Action Performed is displayed as ‘Create’. When user is edited, events action performed displayed as ‘Updated’ and when user is deleted, events Action Performed displayed as ‘Delete’.

Following functionality available in user events screen

  • Column Sorting is available for Sort By option by selecting the columns names Action Performed, Performed By, Module, Action Date and Action Info.
  • Search option available by searching any word or text, if search text is available, it will display the search content.
  • Using Search fields you can search text, it shows the selected text in the event grid.
  • Downloading data of user event in pdf format.
  • Column display options available using hide/seek columns, if columns are not selected columns will not displayed in user events.
  • When a user is created, the audit log should correctly capture and display the following details:
  • Events Action Performed – Created,
  • Performed By - The logged-in user who performed the user creation Module – User,
  • Action Date - The exact date and time when the user was created
  • Action Info - The email ID of the user who was created
  • View Details A structured summary showing
  • Action Performed: Created,
  • Performed By: [Username of the creator], Action Date: [Creation date and time] - - Module: User
  • When a user is edited, the audit log should capture and display the following details accurately.
  • Events Action Performed - Updated
  • Performed By - Username or identifier of the logged-in user who performed the edit
  • Module –User.
  • Action Date-Exact date and time when the edit was performed
  • Action Info - Email ID of the user who was edited
  • View Details- A summary containing - Action Performed: Updated, Performed By: [Logged-in user], Action Date: [Date and Time of edit] and Module: User.
  • When a user is deleted, the audit log must correctly capture and display the following information:
    • Performed By - Username or identifier of the logged-in user who performed the edit
    • Module –User.
    • Action Date-Exact date and time when the edit was performed
    • Action Info - Email ID of the user who was edited
    • View Details- A summary containing - Action Performed: Updated, Performed By: [Logged-in user], Action Date: [Date and Time of edit] and Module: User.
  1. Emails in User module

The Emails Section provides a transparent log of all system-generated email notifications related to each user. It helps track communication status for critical actions such as account creation and password resets.

Key Features:

  1. Purpose:
    • The Emails section logs email notifications sent during user-related operations such as:
      • New user creation
      • Forgot password requests
      • Admin-initiated password resets
  2. Displayed Fields in the Grid:
    • Email Type: Type of notification sent
      (e.g., New User Creation, Forgot Password, Reset Password)
    • Date: Date and time the email was triggered
    • Delivered: Shows whether the email was successfully delivered (Yes/No)
    • From Email: The sender’s email address (usually system default)
    • To Email: The recipient's (user’s) registered email address
    • Subject: Subject line of the sent email
  3. Functionality:
    • As soon as an email is triggered (e.g., after user creation), it appears in the Emails grid.
    • Helps administrators verify whether important emails were sent and received.
  4. User module questionnaires
  5. How to create a new user in Risk Assessment product?

Ensure sufficient user licenses are available before adding a new user.

Steps to Add a New User from the Users Module

  • Navigate to the Users Module from the main menu.
  • Click on the “Add User” button available on the Users Module homepage.
  • Fill in the required details in the form:
    • First Name
    • Last Name
    • Email Address
    • User Role
    • Risk Role
    • Phone Number
    • Job Title
    • Session Timeout
    • Account Status – Lock / Unlock
  • Click the “Save” button to create the user.
  • On saving, a user license will be debited automatically.

Alternate Method: Add User from Facility Screen

  • Users can also be added directly from the “Add Facility” screen.
  • The same user fields will be required.
  • On creation, the license will also be debited.

Risk Roles Supported for New Users

  • Risk Administrator
  • Risk Manager
  • Risk Assessor
  • Risk Owner
  • Risk User
  • Risk Viewer
  1. Fill The Required Details to create a new user?
  • First Name: It accepts characters, numbers and max we can enter 255 characters in first name field. It is mandatory field.
  • Last Name: It accepts characters, numbers and max we can enter 255 characters. It is mandatory field.
  • Email ID: It accepts characters, numbers and max we can enter 255 characters. It is mandatory field.
  • Status: It is a dropdown field it has active & inactive status. While creating new user if user select active then user licenses will be debited from active user licenses and user can create password & login in to the application. If users select inactive status user licenses should not be debited & user should not be login in to the application.
  • Role: This role field is related to compliance product application. It is having 5 roles.
  • Risk Administrator: Admin Role can access all modules & can create all users, assessments and all roles data should be displayed in admin role. When compliance user is Risk Administrator assessment role field, Site contact & Site supervisor field will not be displayed.
  • Risk Manager: Manager Role cannot access settings module & cannot create admin user role but can create other users roles & created data will be displayed in admin & Manager Role, Risk Assessor, Risk User and Risk Viewer.
  • Risk Role: When the instance is having only Risk Assessment product then when user click on add user button in add user page only risk user role should be displayed.
  • Risk role user field is mandatory.
  • Risk User Roles having 6 users:
  1. Risk Administrator: Risk Admin can have access to all modules available in risk assessment product. Risk Admin can perform any action on any data anywhere. Risk Admin user can create any user.
  2. Risk Manager: Risk Manager User role can create Risk Manager User and below risk roles users and can create Risk Assessments, Risk Templates, and Risk Register data. Risk Manager User role except settings module all modules should be visible once he login into the Risk assessment product.
  3. Risk Assessor: Risk Assessor user role can Assess Assessments for Facility (s) assigned, can create tasks and can create risk role assessor user & below risk roles users. Risk Assessor user role can see below modules once he log into the risk assessment Product:
  • My Actions
  • Risk Assessment
  • Risk Treatment
  • Users
  • Tasks
  1. Risk Owner: Risk owner user cannot create any data in risk assessment product. Risk owner user role can see Below modules once he log into the application:
  • My Actions: In My action module we have my scheduler & My Tasks tab.
  • Risk Dashboard
  • Risk Treatment
  • Tasks
  • Risk User: Risk owner user role cannot create any data in risk assessment product. He can just view My Tasks data in my action module & tasks data. Risk user role can see below modules once he log in to the application.
  • My actions: In my action module only my tasks tab data should be displayed.
  • Tasks module
  1. Risk Viewer: Risk viewer user role can only view assigned Facility, tasks, and other items created by other users.
  • Account: Account in add user screen has Lock & unlock radio buttons. When user creating new user and checks lock checkbox no new user will not be accessed the application. When user creating new user and checks unlock checkbox new user will be accessed the application. And Account field is not mandatory. And by default no checkbox is checked when user click on add user page screen.
  • Phone Number: It is not a mandatory field in add user screen page. Phone Number field there is no min & max values. It is accepting special characters, alphabets & numbers.
  • Job Title: It is not a mandatory field in add user screen page. Job Title field there is no min & max values. It is accepting alphabets & numbers. It is not accepting special characters.
  • Session Timeout: Session time out field is not mandatory in add new user page screen. We can create new user with empty session time out field .Session time field should be between15 to 720 only.
  • The Task Status field is not mandatory when adding a new user.
  • It will be visible only if task status levels are enabled in the Settings Module.
  • Task Status values are fetched from the Settings Module.
  • These statuses are defined and maintained under Task Status Levels in settings.

When selecting a User Role (e.g., Administrator) during user creation:

      • The available Task Statuses are shown based on the selected role.
      • If Administrator is selected as the role:
      • You can map specific Task Statuses to the user.
      • The user will then have access only to the mapped statuses for tasks.
      • In add user page screen after selecting all fields and when user click on save button user should be saved successfully message should be displayed on the page and it should be navigated to user module home page.
  1. After creating new user will user get any email?

Yes, in user module after creating new user password creation email should be sent to the newly created user email person. And those emails will be captured in email section in user module home page.

  1. Are user operations tracked in the Events section?

Yes. Every action related to user creation, update, or deletion is logged in the Events Section of the User Module home page.

Captured Events Include:

  1. User Creation – Logged when a new user is added.
  2. User Update – Logged when any existing user details (like name, email, roles, etc.) are modified.
  3. User Deletion – Logged when a user is removed from the system.

Event Details Shown:

  • Event Type (Created, Updated, Deleted)
  • User Name (affected user)
  • Performed By (who triggered the action)
  • Timestamp (when the action occurred)
  • Action Details (what was changed)
  1. What are the Limitations of Risk Manager User Role?
  • User Creation Permissions: The Risk Manager role has the ability to create:
      • Other Risk Manager users
      • Users with roles below Risk Manager, such as:
        • Risk Assessor
        • Risk Owner
        • Risk User
        • Risk Viewer
    • Functional Permissions: The Risk Manager can perform the following actions:
    • Create and manage Risk Assessments
    • Create and manage Risk Templates
    • Create and manage Risk Register entries
    • Module Access:
  • Upon logging into the Risk Assessment product, the Risk Manager should have access to all modules, except the Settings module.

When a user with the Risk Manager Role logs in, they can create new users for manager & below user roles only:

  • Risk Manager
  • Risk Assessor
  • Risk Owner
  • Risk User
  • View Only
      • A user with the Risk Manager role cannot create a new Risk Administrator user role from within their Risk Manager User account.
  1. What are the Risk Assessor User Role Limitations

Risk Assessor user role can Assess Assessments for Facility(s) assigned, can create tasks and can create risk role assessor user & below risk roles users. Risk Assessor user role can see below modules once he log into the risk assessment Product:

  • My Actions
  • Risk Assessment
  • Risk Treatment
  • Users
  • Tasks

When a user logs in with the Risk Assessor role, they can create new user roles for the following roles only:

  • Risk Assessor
  • Risk Owner
  • Risk User

A user with the Risk Assessor role cannot create a new Admin or Manager User role when logged in with the Risk Assessor user role.

  1. What are the limitations of Risk Owner User Role?

Risk owner user cannot create any data in risk assessment product. Risk owner user role can see below modules once he log into the application:

  • My Actions: In My action module we have my scheduler & My Tasks tab.
  • Risk Dashboard
  • Risk Treatment
  • Tasks

When Risk Owner user logs in with the Risk owner role, they can create new user roles for the following roles only:

  • Risk owner
  • Risk User

A user with the Risk Owner role cannot create a new Risk Administrator, Risk Manager, and Risk Assessor.

  1. What are the limitations of Risk User Role?

Risk User role cannot create any data in risk assessment product. He can just view My Tasks data in my action module & tasks data. Risk user role can see below modules once he log in to the application.

  • My actions: In my action module only my tasks tab data should be displayed.
  • Tasks module

When Risk User logs in with the Risk User role, they can create new user roles for the following roles only:

  • Risk User

A user with the Risk User cannot create a new Risk Administrator, Risk Manager, and Risk Assessor.

  1. What are the limitations of Risk Viewer Role?
  • The Risk Viewer user role has read-only access.
  • Users with this role can only view the following, as assigned to them:
  • Facilities
  • Tasks
  • Other risk-related items created by other users
  • The Risk Viewer cannot create, edit, or delete any data within the Risk Assessment product.
  1. How to clone a user in user module?

Steps to Clone a User

  • Go to the User Module from the Main Menu.
  • Click the Clone icon next to the user you want to clone.
  • A Clone Confirmation Popup will appear.
  • Click Yes to proceed.
  • The Clone Add User Page will be displayed.

Fields Automatically Fetched on Clone Page

When the clone user page opens, the following fields from the selected user will be pre-filled:

  • Status
  • Risk Role
  • Job Title
  • Session Timeout
  • Facilities (as per the role's mapped facilities)

Note

  • Only relevant data is cloned.
  • You can modify the cloned data as needed before saving the new user.
  1. How to delete the Risk User from User module?

Risk Administrators can delete user using the form fields provided:

  1. Go to User module.
  2. Click on delete icon on any user
  3. Check that selected user deleted successfully
  4. Selected user also deleted using delete button when user opened in edit.
  1. How to search the specific user from the Grid?

You can get the specific record from the grid by using search field and also from the Filter feature as shown below. When data is entered in search field, it shows the like search data.

  1. How to notify the user?

User can be notified for creating his password or recreating the new password using the notify button. Notify of the users for selected or all the available user to notify.

The Notify button in the User Module allows Risk Administrators to send password creation or reset instructions to users via email.

Purpose:

To inform users (new or existing) to create their password for first-time login or to recreate/reset their password if needed.

Steps to Use the Notify Button:

  • Go to the User Module from the Main Menu.
  • Select one or more users by checking the box next to their names.
  • Click on the Notify button.
  • A confirmation message appears (e.g., “Send notification to selected users?”).
  • Click Yes to proceed.
  • Each selected user will receive an email with a secure link to set or reset their password.

Additional Notes:

  • You can notify a single user or all users at once.
  • The email sent includes a link to create/reset the password, which is valid for a limited time (based on system configuration).
  • This feature is especially useful after:
    • Creating a new user account
    • Updating user credentials
    • Unlocking or reactivating user accounts
  1. How to reset the password for the user?

Password reset functionality is available for both self-service by users and administrative action by Risk Administrators.

Reset Password – Admin-Initiated

If you are a Risk Administrator and need to reset another user's password:

  • Go to the User Module from the main menu.
  • Click on the user’s name to open their profile.
  • Click the "Reset Password" button.
  • A notification is sent to the user’s registered email ID with a password reset link.

Reset Password – From User Screen

  • Go to the User Module.
  • Select the user whose password needs to be reset.
  • Click on the Reset button.
  • A notification is sent confirming that a reset password email has been sent to the user.

Self-Service Password Reset (Forgot Password)

  • Navigate to the Login Page of the Risk Assessment application.
  • Click on "Forgot Password?".
  • Enter your registered email address.
  • Click on Submit / Send Link.
  • You will receive a password reset email.
  • Open the email and click the Reset Password link.
  • Enter a new password and confirm it.

Common questions about Users Module for Risk Application

What does the Users Module for Risk Application module integrate with?+

The Users Module for Risk Application screen shares records with the rest of the RiskWatch risk suite: Accessing the Users Module, Adding Users, Editing Users, Deleting Users, plus the cross-mapping engine that connects risk controls to other frameworks like ISO 27001, SOC 2, HIPAA, NIST 800-53, and PCI DSS. There is nothing to wire up, the integrations are native.

Where does the Users Module for Risk Application fit in the RiskWatch risk workflow?+

It is one of 27 screens that make up the Risk module. Most teams reach it from the risk dashboard while running an assessment or reviewing posture. See the related-topics sidebar for the workflows it feeds into and the upstream screens that feed it.

References and related standards

Standards and references the Users Module for Risk Application module aligns with, plus related RiskWatch documentation.

Stuck on this workflow?

Talk to support, or have a solutions engineer walk you through the workflow on your tenant.

Contact supportBook a walkthrough
All Risk support topics
Request a Demo