Risks roles and access
Risks permissions are set by module role: Member, Manager, or Admin. These roles control who can view, create, manage, and delete risk assessments, risk sets, hazardous materials, and related reviews and insights. Roles are assigned per site in Settings > User Management.
Quick reference
Action | Member | Manager | Admin |
|---|---|---|---|
View risk assessments | Yes | Yes | Yes |
Create and edit risk assessments | Yes | Yes | Yes |
Comment on risk assessments | Yes | Yes | Yes |
View risk sets | Yes | Yes | Yes |
Create and edit risk sets | No | Yes | Yes |
Manage risks and categories | No | Yes | Yes |
Create assessment templates | No | Yes | Yes |
Approve assessments | No | Yes | Yes |
Print or export assessments | No | Yes | Yes |
Manage hazardous materials | No | Yes | Yes |
Distribute assessments | No* | Yes | Yes |
View reviews and create review instances | No | Yes | Yes |
Access insights and dashboards | No | Yes | Yes |
Delete risk content | No | No | Yes |
Cancel distributions | No | No | Yes |
*Members who create a dynamic risk assessment can create a one-time distribution without the distribute permission, if the site option allowDynamicAssessmentDistributions is enabled.
Risk assessments
Members can create and edit risk assessments, add comments, and view existing assessments. Depending on the site configuration, Members may only be able to see their own comments on a risk assessment rather than all comments. They cannot create assessment templates, manage risk categories, or approve assessments. Note: unlike most modules, Risks Members can create and edit assessments directly.
Managers can do everything Members can, plus set up and run risk assessments, link evidence, assign roles and owners, and view all comments. Managers can also create assessment templates, approve assessments, print or export assessments, and manage risk categories. For details on publishing and versioning, see Working with risk assessment versions.
Admins have the same operational access as Managers, plus the ability to delete risk assessments, risk sets, and hazardous materials; cancel distributions; and delete review instances.
Risk sets and hazardous materials
Members can view risk sets and hazardous materials but cannot create or edit them. Managers can create and update risk sets and manage hazardous materials. Admins can delete risk sets and hazardous materials.
Reviews, approvals, and distribution
Members cannot view reviews, approve assessments, or distribute content (except one-time dynamic assessment distributions when enabled). Managers can view reviews, create review instances, approve assessments, and distribute assessments to relevant parties. Admins can cancel distributions and delete review instances. Approval and review settings are set directly on each assessment or template. For details, see Set up approvals and review policies for risk assessments.
Being named as an approver does not override the Manager requirement. Only users with the approve-assessments permission can complete approvals.
Insights and dashboards
Members cannot access Risks insights or dashboards. Managers and Admins can access insights such as Reviews Due Soon and Reviews Overdue. These insights show risk assessments with upcoming or overdue reviews and require the Risks module role of Manager or higher.
Settings and configuration
Risks settings are under Settings > Risks. Members can view the settings page. Managers can edit categories, medical outcomes, presenting issues, and risk configuration. Changing options requires Site Manager or Site Admin (update-site permission). Approval templates and review policies are created in Settings > Governance, which requires Site Manager or Site Admin.
How to change a risk role
Roles are assigned per site and per module. To change someoneβs Risks access:
Go to Settings > User Management
Find the person and click Edit Access
In the Access Control table, set their role for the Risks module at each site: Member, Manager, or Admin
Click Save
If you do not see Edit Access, you need the Manager role (or higher) for the Site module. You need Site Manager or Site Admin (or organisation owner) to access User Management and use Edit Access. For a full overview of the three roles, see Understanding User Roles and Permissions. For reusable role configurations, see Module Entitlements and Permission Templates.
Access to a child site automatically grants at least Member access on parent sites. Parent-site access does not automatically include child sites β each site needs its own role assignment unless explicitly granted. Someone can be a Manager at one site and a Member at another.