Who is this article for?

Users who need to understand security roles and permissions.

No special access or permissions are required.

Incidents contain highly sensitive information and are managed within a strict security framework to ensure data protection and appropriate access control.

1. Understanding general security measures

To ensure complete data security for incidents, the following measures are in place:

• Incidents are not cached locally on your computer
• It is not possible to check out incidents

2. Understanding security context and permissions

Incidents are created independently and are managed within the same security context as other permissions related to entities and entity risks and controls.

Your ability to view incidents depends on your existing access permissions:

• You can only view incidents associated with entities and entity processes that you have read access to
• You can only view incidents associated with entity risks and controls that you have read access to
• You can only view incidents which are linked to entities, and entity risks and controls that you have read access to

Note: Your incident visibility is determined by your existing entity and risk control permissions, ensuring you only see information relevant to your role.