Risks

Risks roles and access

Risks permissions are set by module role: Member, Manager, or Admin. These roles control who can view, create, manage, and delete risk assessments, risk sets, hazardous materials, and related reviews and insights. Roles are assigned per site in Settings > User Management.

Quick reference

Action

Member

Manager

Admin

View risk assessments

Yes

Yes

Yes

Create and edit risk assessments

Yes

Yes

Yes

Comment on risk assessments

Yes

Yes

Yes

View risk sets

Yes

Yes

Yes

Create and edit risk sets

No

Yes

Yes

Manage risks and categories

No

Yes

Yes

Create assessment templates

No

Yes

Yes

Approve assessments

No

Yes

Yes

Print or export assessments

No

Yes

Yes

Manage hazardous materials

No

Yes

Yes

Distribute assessments

No*

Yes

Yes

View reviews and create review instances

No

Yes

Yes

Access insights and dashboards

No

Yes

Yes

Delete risk content

No

No

Yes

Cancel distributions

No

No

Yes

*Members who create a dynamic risk assessment can create a one-time distribution without the distribute permission, if the site option allowDynamicAssessmentDistributions is enabled.

Risk assessments

Members can create and edit risk assessments, add comments, and view existing assessments. Depending on the site configuration, Members may only be able to see their own comments on a risk assessment rather than all comments. They cannot create assessment templates, manage risk categories, or approve assessments. Note: unlike most modules, Risks Members can create and edit assessments directly.

Managers can do everything Members can, plus set up and run risk assessments, link evidence, assign roles and owners, and view all comments. Managers can also create assessment templates, approve assessments, print or export assessments, and manage risk categories. For details on publishing and versioning, see Working with risk assessment versions.

Admins have the same operational access as Managers, plus the ability to delete risk assessments, risk sets, and hazardous materials; cancel distributions; and delete review instances.

Risk sets and hazardous materials

Members can view risk sets and hazardous materials but cannot create or edit them. Managers can create and update risk sets and manage hazardous materials. Admins can delete risk sets and hazardous materials.

Reviews, approvals, and distribution

Members cannot view reviews, approve assessments, or distribute content (except one-time dynamic assessment distributions when enabled). Managers can view reviews, create review instances, approve assessments, and distribute assessments to relevant parties. Admins can cancel distributions and delete review instances. Approval and review settings are set directly on each assessment or template. For details, see Set up approvals and review policies for risk assessments.

Being named as an approver does not override the Manager requirement. Only users with the approve-assessments permission can complete approvals.

Insights and dashboards

Members cannot access Risks insights or dashboards. Managers and Admins can access insights such as Reviews Due Soon and Reviews Overdue. These insights show risk assessments with upcoming or overdue reviews and require the Risks module role of Manager or higher.

Settings and configuration

Risks settings are under Settings > Risks. Members can view the settings page. Managers can edit categories, medical outcomes, presenting issues, and risk configuration. Changing options requires Site Manager or Site Admin (update-site permission). Approval templates and review policies are created in Settings > Governance, which requires Site Manager or Site Admin.

How to change a risk role

Roles are assigned per site and per module. To change someone’s Risks access:

  1. Go to Settings > User Management

  2. Find the person and click Edit Access

  3. In the Access Control table, set their role for the Risks module at each site: Member, Manager, or Admin

  4. Click Save

If you do not see Edit Access, you need the Manager role (or higher) for the Site module. You need Site Manager or Site Admin (or organisation owner) to access User Management and use Edit Access. For a full overview of the three roles, see Understanding User Roles and Permissions. For reusable role configurations, see Module Entitlements and Permission Templates.

Access to a child site automatically grants at least Member access on parent sites. Parent-site access does not automatically include child sites β€” each site needs its own role assignment unless explicitly granted. Someone can be a Manager at one site and a Member at another.

Was this helpful?