Roles
Understand predefined roles and permissions.
Overview
A role is a predefined collection of permissions that may be granted to a group. The role represents a particular job title and includes permissions that enable that role to perform operations that are the responsibility of professionals with that title in an organization.
In Intelligent Risk Platform applications, roles are not directly assigned to principals. Roles are assigned to groups, and a principal is assigned one or more roles based on being a member of a group. Multiple roles may be assigned to each group. A principal may belong to multiple groups.
Admin roles
The Intelligent Risk Platform supports a number of administrative roles.
These roles enable the principal to perform user management, security, data management, and application-specific administrative tasks. Administrative actions manage the access rights and privileges of licensed principals (users and clients).
The principal's ability to perform operations is restricted by both role and entitlement.
| Role | Scope | Entitlement |
|---|---|---|
| Admin | RI-EXPOSUREIQ, RI-RISKMODELER, RI-TREATYIQ, RI-UNDERWRITEIQ | |
| Data Admin | Admin Data API | RI-DATAVAULT, RI-RISKMODELER |
| Data Exchange Admin | RI-RISKMODELER | |
| TreatyIQ Admin | RI-TREATYIQ | |
| UnderwriteIQ Admin | RI-UNDERWRITEIQ |
Admin
The Admin role is collection of permissions that enable a principal to perform administrative tasks in Admin Center. Administrative tasks include the creation and management of principals (user accounts and API keys) and groups.
In general, a tenant administrator may perform administrative tasks using controls in Admin Center. For detailed information about administering Intelligent Risk Platform groups and role-based privileges, see the Intelligent Risk Platform Administrator Guide.
In ExposureIQ licensed for ESG data, Admins can customize sector-specific ranges for ESG scores. For more information, see "Customize ESG Score Ranges" in the ExposureIQ User Guide.
Data Admin
The Data Admin role may define access controls for platform securables (exposure sets, program sets, business hierarchy sets, and share sets).
This role is not product-specific. The Data Admin role is used to define the owners and groups associated with the Intelligent Risk Platform™ securables, which include exposure sets, platform sets, business hierarchy sets, and share sets.
Admin Data API operations are restricted to principals based both on role and entitlement.
- Operations for managing securables can be performed by principals with the
RI-EXPOSUREIQ,RI-RISKMODELER,RI-TREATYIQ, orRI-UNDERWRITEIQentitlements. - Operations for managing archives and snapshots require the
RI-DATAVAULTentitlement.
| Operation | Data Admin | Entitlement |
|---|---|---|
| Search Securables | Yes | RI-EXPOSUREIQ, RI-RISKMODELER, RI-TREATYIQ, RI-UNDERWRITEIQ |
| Get Securable | Yes | RI-EXPOSUREIQ, RI-RISKMODELER, RI-TREATYIQ, RI-UNDERWRITEIQ |
| Update Securable | Yes | RI-EXPOSUREIQ, RI-RISKMODELER, RI-TREATYIQ, RI-UNDERWRITEIQ |
| Search Archive | Yes | RI-DATAVAULT |
| Get Archive | Yes | RI-DATAVAULT |
| Create Archive | Yes | RI-DATAVAULT |
| Delete Archive | Yes | RI-DATAVAULT |
| Restore Archive | Yes | RI-DATAVAULT |
| Search Database Snapshots | Yes | RI-DATAVAULT |
| Get Database Snapshot | Yes | RI-DATAVAULT |
| Search Database Snapshots by Server Snapshot | Yes | RI-DATAVAULT |
| Get Database Snapshot by Server Snapshot | Yes | RI-DATAVAULT |
| Create Archive of Server Snapshot | Yes | RI-DATAVAULT |
| Search Admin Data Jobs | Yes | RI-EXPOSUREIQ, RI-RISKMODELER, RI-TREATYIQ, RI-UNDERWRITEIQ |
| Get Admin Data Job | Yes | RI-EXPOSUREIQ, RI-RISKMODELER, RI-TREATYIQ, RI-UNDERWRITEIQ |
| Update Admin Data Job | Yes | RI-EXPOSUREIQ, RI-RISKMODELER, RI-TREATYIQ, RI-UNDERWRITEIQ |
Data Exchange Admin
The Data Exchange Admin is a role that may manage share keys, recipients, and share requests using the Data Exchange API.
All Data Exchange Admin role permissions apply to Exchange Data API operations.
| Operation | Data Exchange Admin | Entitlement |
|---|---|---|
| Search Share Keys | Yes | RI-RISKMODELER |
| Get Share Key | Yes | RI-RISKMODELER |
| Create Share Key | Yes | RI-RISKMODELER |
| Update Share Key | Yes | RI-RISKMODELER |
| Search Recipients | Yes | RI-RISKMODELER |
| Get Recipient | Yes | RI-RISKMODELER |
| Create Recipient | Yes | RI-RISKMODELER |
| Update Recipient | Yes | RI-RISKMODELER |
| Search Share Request | Yes | RI-RISKMODELER |
| Get Share Request | Yes | RI-RISKMODELER |
| Create Share Request | Yes | RI-RISKMODELER |
| Update Share Request | Yes | RI-RISKMODELER |
| Review Share Request | Yes | RI-RISKMODELER |
The Data Exchange Admin role can be assigned to groups with the RI-EXPOSUREIQ or RI-RISKMODELER.
TreatyIQ Admin
The TreatyIQ Admin role can access and manage the Reference Data used in program and portfolio creation and analyses, such as Models, Scenarios, Metadata and Analysis Defaults.
Can access and manage the Reference Data used in program and portfolio creation and analyses, such as Models, Scenarios, Metadata and Analysis Defaults.
The TreatyIQ Admin role can be assigned to groups with the RI-TREATYIQ entitlement.
UnderwriteIQ Admin
The UnderwriterIQ Admin role can upload databases, define all settings in an analysis template (including: geocoding and hazard settings, model settings, and report settings), add/edit policies, add/edit locations, import locations into an account, run analyses, and view and export reports.
The UnderwriteIQ Admin role can be assigned to groups with the RI-UNDERWRITEIQ entitlement.
| API | Operation | UnderwriteIQ Admin |
|---|---|---|
| Admin Data | Create Tag Group | Yes |
| Admin Data | Create Tag | Yes |
| Admin Data | Delete Tag Group | Yes |
| Admin Data | Delete Tag | Yes |
| Admin Data | Get Tag Groups | Yes |
| Admin Data | Get Tag | Yes |
| Admin Data | Search Tag Groups | Yes |
| Admin Data | Search Tags | Yes |
| Admin Data | Update Tag Group | Yes |
| Admin Data | Update Tag | Yes |
| Export | Create Export Job: CSV | Yes |
| Export | Create Export Job: EDM | Yes |
| Export | Create Export Job: RDM | Yes |
| Export | Create Export Job: Report | Yes |
| Export | Create Export Job: Results to RDM | Yes |
| Geohaz | Create Geohaz Job | Yes |
| Geohaz | Update Geohaz Job | Yes |
| Import | Create Import Folder | Yes |
| Import | Create Import Job | Yes |
| Import | Create Mapping to Import File | Yes |
| Import | Transform Import File | Yes |
| Import | Update Import Job | Yes |
| Legacy | Create Model Profile | Yes |
| Legacy | Create Output Profile | Yes |
| Legacy | Delete Model Profile | Yes |
| Legacy | Delete Output Profile | Yes |
| Legacy | Delete Output Profiles | Yes |
| Legacy | Get Model Profile | Yes |
| Legacy | Get Output Profile | Yes |
| Legacy | Search Model Profiles | Yes |
| Legacy | Search Output Profiles | Yes |
| Legacy | Update Model Profile | Yes |
| Legacy | Update Output Profile | Yes |
| Risk Data | Create Account | Yes |
| Risk Data | Create Currency Conversion Job | Yes |
| Risk Data | Create Exposure Set | Yes |
| Risk Data | Create Facultative | Yes |
| Risk Data | Create Portfolio | Yes |
| Risk Data | Create Treaty | Yes |
| Risk Data | Delete Account | Yes |
| Risk Data | Delete Analysis | Yes |
| Risk Data | Delete Facultative | Yes |
| Risk Data | Delete Portfolio | Yes |
| Risk Data | Delete Treaty | Yes |
| Risk Data | Get Account | Yes |
| Risk Data | Get Analysis | Yes |
| Risk Data | Get Currency Conversion | Yes |
| Risk Data | Get Facultative | Yes |
| Risk Data | Get Portfolio | Yes |
| Risk Data | Get Treaty | Yes |
| Risk Data | Rename Analysis | Yes |
| Risk Data | Search Accounts | Yes |
| Risk Data | Search Analyses | Yes |
| Risk Data | Search Currency Conversions | Yes |
| Risk Data | Search Facultatives | Yes |
| Risk Data | Search Portfolios | Yes |
| Risk Data | Update Account | Yes |
| Risk Data | Update Currency Conversion Job | Yes |
| Risk Data | Update Exposure Set | Yes |
| Risk Data | Update Facultative | Yes |
| Risk Data | Update Portfolio | Yes |
| Risk Data | Update Treaty | Yes |
| ~jobs~ | Update Job ~ jobs | Yes |
User roles
A user role is a role that enables the principal to perform operations that perform job functions. Platform API roles map to the roles assigned to users in Intelligent Risk Platform applications, e.g. Risk Modeler, ExposureIQ, UnderwriteIQ.
| Role | Scope | Entitlement |
|---|---|---|
| Cat Modeler | RI-EXPOSUREIQ, RI-RISKMODELER | |
| Data Exchange User | Admin Data API | RI-RISKMODELER, RI-DATAVAULT |
| Group Exposure Manager | Grouping API | RI-EXPOSUREIQ |
| Portfolio Manager | RI-EXPOSUREIQ, RI-RISKMODELER | |
| Risk Analyst | RI-EXPOSUREIQ, RI-RISKMODELER | |
| Technical Underwriter | RI-EXPOSUREIQ, RI-RISKMODELER | |
| Treaty Underwriter | RI-RISKMODELER | |
| Treaty Pricing Manager | RI-TREATYIQ | |
| Underwriter | RI-EXPOSUREIQ, RI-RISKMODELER |
Cat Modeler
Can access to all features and data. They implement model assumptions to align with company standards and implement model settings to be used by other roles.
The Cat Modeler role can be assigned to groups with the RI-EXPOSUREIQ or RI-RISKMODELER.
Data Exchange User
The Data Exchange User role can perform operations in the Data Exchange API including assigning notification email address(es) and managing white list data exchange partners.
All Data Exchange User role permissions apply to Exchange Data API operations.
| Operation | Data Exchange User | Entitlement |
|---|---|---|
| Search Share Keys | Yes | RI-RISKMODELER |
| Get Share Key | Yes | RI-RISKMODELER |
| Create Share Key | No | RI-RISKMODELER |
| Update Share Key | No | RI-RISKMODELER |
| Search Recipients | Yes | RI-RISKMODELER |
| Get Recipient | Yes | RI-RISKMODELER |
| Create Recipient | No | RI-RISKMODELER |
| Update Recipient | No | RI-RISKMODELER |
| Search Share Request | Yes | RI-RISKMODELER |
| Get Share Request | Yes | RI-RISKMODELER |
| Create Share Request | Yes | RI-RISKMODELER |
| Update Share Request | Yes | RI-RISKMODELER |
| Review Share Request | No | RI-RISKMODELER |
Portfolio Manager
Can upload, prepare, and analyze all data that contributes to model losses, including reference data and output profiles. They cannot edit model sensitivity or model settings.
The Portfolio role can be assigned to groups with the RI-EXPOSUREIQ or RI-RISKMODELER.
Risk Analyst
Can upload, prepare, edit, and analyze all data that contributes to model losses but cannot edit model settings or reference data. |
The Risk Analyst role can be assigned to groups with the RI-EXPOSUREIQ or RI-RISKMODELER.
Technical Underwriter
Can edit more exposure data than the Underwriter role. They can commit bound accounts to booked portfolios, run models, and analyze results but cannot update model settings.
The Technical Underwriter role can be assigned to groups with the RI-EXPOSUREIQ or RI-RISKMODELER.
Treaty Pricing Manager
Can access, create and manage Pricing Formulas and update the Pricing Defaults.
The Treaty Pricing Manager role can be assigned to groups with the RI-TREATYIQ.
Treaty Underwriter
Can price treaties for their employer and select treaties to quote for based on pricing assessments. They have full access to the pricing workflow.
Can edit account-level exposure data, run models, and view analysis results data, but cannot update model settings.
The Treaty Underwriter role can be assigned to groups with the RI-EXPOSUREIQ or RI-RISKMODELER.
Underwriter
Role-based permissions determine operations that a principal may perform in the Risk Modeler application or using Risk Modeler API operations.
The Underwriter role can be assigned to groups with the RI-EXPOSUREIQ or RI-RISKMODELER.
Updated 7 days ago