User Management & Roles
Invite team members, assign system or custom roles, and control who can view, edit, approve, and publish governance content across your Dictiva workspace.
Controlling Access to Your Governance Program
As your governance program grows, different people need different levels of access. A CISO needs full control. An auditor needs read-only access with export capabilities. A junior analyst needs to create drafts but not publish them.
Dictiva uses role-based access control (RBAC) to ensure every team member sees exactly what they need — and nothing more.
The Seven System Roles
Every Dictiva workspace comes with seven built-in roles. Each role grants a specific set of permissions that determine what actions a user can take.
| Role | Permissions | Best For |
|---|---|---|
| Owner | All 50 permissions — full administrative control | Founders, CISOs, program leads |
| Admin | 48 permissions — everything except impersonation and hierarchy management | IT directors, compliance managers |
| Policy Owner | 36 permissions — full content lifecycle, no user management | Department heads, policy authors |
| Editor | 25 permissions — create and edit content, submit for review | Analysts, writers, content contributors |
| Reviewer | 16 permissions — approve content, comment, read everything | Legal, senior compliance staff |
| Auditor | 14 permissions — read all content, export reports, view audit logs | Internal/external auditors |
| Viewer | 10 permissions — read-only access to published content | Stakeholders, board members, new hires |
What Each Role Can Do
Owner and Admin have near-identical access. The only difference: Owners can impersonate other users (for support) and manage organizational hierarchy. Admins handle day-to-day user and settings management.
Policy Owner is the power-user content role. They can create, edit, publish, and retire statements and assemblies, manage controls, handle exceptions, and work with the glossary. They cannot manage users or billing.
Editor creates and edits content but cannot publish or approve. Editors submit work for review — a Policy Owner or Reviewer then approves it.
Reviewer focuses on quality. They can approve statements, exceptions, controls, and glossary terms. They cannot create or edit content directly.
Auditor has read-only access to everything plus the audit log and report export. This role is designed for compliance audits where full visibility is required without any write access.
Viewer sees published content only. This is the safest role for stakeholders who need awareness but should not interact with draft content.
Inviting Team Members
To add someone to your workspace:
- Navigate to Settings > Users
- Click Invite User
- Enter their email address
- Select a role
- Click Send Invitation
The invited user receives a magic link email. When they click it, they are added to your workspace with the assigned role. If they already have a Dictiva account, they will see your workspace in their workspace switcher.
Email Allowlists
For added security, you can restrict sign-ups to specific email domains. When an allowlist is configured, only users with matching email domains can join your workspace. Configure this in Settings > Security.
Changing Roles
Owners and Admins can change any user's role at any time:
- Go to Settings > Users
- Find the user
- Click their current role
- Select the new role from the dropdown
- Changes take effect immediately
Role changes are logged in the audit trail for compliance tracking.
How Roles Affect the Sidebar
Dictiva's sidebar navigation is permission-gated. Menu items only appear if the user has the required permission. For example:
- A Viewer sees: Dashboard, Statements, Policies & Standards, Library, Glossary, Regulations
- An Editor sees those plus: Actions (task inbox)
- An Admin sees everything including: Settings, Users, Billing, API Keys
If a user reports they cannot see a feature, check their role assignment first — the sidebar hides items they do not have permission to access.
Best Practices
- Start restrictive, expand as needed. Assign Viewer or Editor first, then upgrade to Policy Owner or Admin once you understand the person's responsibilities.
- Use Policy Owner for department leads. It grants full content control without exposing user management or billing settings.
- Keep Owner count low. One or two Owners is sufficient for most organizations. Use Admin for additional administrative users.
- Assign Auditor for external reviewers. It provides the visibility auditors need with zero write access.
- Review role assignments quarterly. Run a quick check in Settings > Users to ensure departed employees are removed and roles still match responsibilities.
Next Steps
- Configure organization settings including email allowlists
- Set up billing and plans to control feature access
- Browse the governance library and adopt statements