Restrict Access to a Risk/Opportunity – Private Issues

Any risk/opportunity (Issue) can be made Private by the person who created it, restricting access to only selected users, regardless of their permissions for the Business Risk Manager module.

NOTE that only the user who logged (created) the Issue can make it private.  No other users, regardless of their permissions, can change the private settings of an Issue.

To make an Issue private, when its Details form is open for editing click on the drop-down list next to the Private?* flag and change it to ‘Yes’:

Once the form has been saved with Private? = Yes, a new Access Rights tab becomes available:

The Access Rights tab lists all users of your system that have access to the Business Risk Manager module.  There is one level of access for private Issues – the user can either see the Issue or not:

  • Can View?

By default, all other users are assigned no access rights to the private Issue.  To make the private Issue visible to additional users, click on Edit.  Tick the names of the users who will be permitted to see the private Issue:

Remember to click on Save to make the changes take effect.

A log is maintained of all changes to access rights, which can be viewed on the Change Log sub-page of the Access Rights tab.  See View the History of Changes to a Private Risk/Opportunity’s Access Rights – Change Log.

All Private Issues are listed on the Business Risk Manager – Register, but they are redacted for users who have not been given Can View? rights.  Private Issues that a user does not have access rights to are indicated with the text “This is a private Issue” in the Summary column and the user will not be able to click on the item to open it.

NOTE: by default all other users of Activ are assigned no access rights to an Issue when it is made private.  If a user is not given access to a private Issue they cannot view it, regardless of their system permission level for the Business Risk Manager module.  If there are links in your Activ system to a private Issue, only the users that have access to that Issue will be able to click on the links.  Therefore, it is important to review the Access Rights tab and select the appropriate access rights to a private Issue for all users at the time that the Issue is made Private.

It is also worth emphasising that the access rights given to a user for a private Issue take precedence over the system permissions that the user has for the Business Risk Manager module.  For example, if a user has access rights to a private Issue but ‘Read Only’ system permission for the Business Risk Manager module, they will be able to edit and delete the private Issue.  Access rights to individual private Issues over-ride system permissions for Business Risk Manager.