Documentation menu

DOCUMENTATION

Roles & data isolation

Two mechanisms decide what someone can see and change in EquanimGRC: their role, which governs the actions available to them, and tenant isolation, which guarantees the records they touch are only ever your organization's. Both are enforced in the application's authorization layer on every request, not in the interface.

Roles

Each member holds one role, checked by policy on every action:

  • Admin — manages the workspace: members, roles, settings, and the compliance program.
  • Manager — runs the program day to day: frameworks, controls, policies, vendors, and tasks.
  • Editor — creates and edits the work: drafts policies, maps and submits evidence, answers questionnaires.
  • Viewer — read-only access for stakeholders who need visibility but not edit rights.
  • Auditor — read-only access scoped for external assessors, so you can grant an auditor direct entry without exporting your workspace. See Audit & reporting.

Authorization is decided server-side from the role, so a control that is hidden is also one the request layer refuses — the boundary is real, not cosmetic. Assigning roles is part of inviting your team; see Getting started.

Tenant isolation

Every record — policies, controls, evidence, vendors, questionnaires, the audit log — is scoped to a tenant, and that scope is applied automatically to every query the application runs. A user or agent provisioned in one tenant cannot read or write another tenant's data, by construction rather than by remembering to filter.

Shared or dedicated

The same application image runs in two isolation modes:

  • Shared — your tenant lives in a shared database with row-level isolation enforcing the per-tenant boundary. This is the default and the most efficient.
  • Dedicated — where a contract or regulation requires it, your tenant runs against its own database. The product behaves identically; only the data's residency changes.

Because the behavior is the same in both modes, moving from shared to dedicated is an infrastructure decision, not a re-platforming. SeeAuthentication & SSO for how identity ties to a tenant.