There are currently three different roles in Symantec Risk Automation Suite (RAS)
The Administrator is a global role and has access to all features and functions in the RAS Portal. As a global role, users assigned to the Administrator role can see all data from all modules reported in all units and sub-units. The primary features that are unique to the Administrator role are i) Portal Administration including user management, portal settings, auto assignment of tickets, and the creation of asset classes, categories and business applications, and ii) Module Management whereby the user can schedule scans view scan history and scan queues. The Administrator role is the only role that is allowed to run scans.
The User role offers the most granular control over role-based access. The User role can be restricted to allow access to specific data sets. Accounts assigned to the User role can be restricted to view data that corresponds to a specific unit or subunit, and the account can be further restricted to data that is reported in a RAS Portal section such as asset inventory, vulnerability data, etc. User roles also have the ability to edit some of the data in the portal. For example, they can mark tickets as closed, assign false positive filters, assign names to networks, adjust network subnet masks, assign assets to asset classes/categories, mark policy exceptions. This role would be used to allow users in different departments or locations to access the Portal, contribute to the data management process within the Portal, while restricting their view to only the appropriate data.
The Auditor is a global role and has read-only access to all sections of the portal. The auditor can see all data from all modules reported in all units and sub-units and can also view the administrative areas of the portal such as scan schedules, history, user accounts and portal settings (see Administrator role). The Auditor role is unable to make any changes to any data or schedule any scans. This role would be used by individuals who need to consume data from the Portal (but not contribute any input) or monitor the activity within RAS.