Governance uses role-based access to control who can create policies, submit evidence, and approve bundles. This page describes the key roles and their permissions.
Governance workflows involve three main roles:
-
Practitioners answer questions, provide evidence, and contribute to governed bundles. They can’t create policies or request approvals. Practitioners create bundles, add artifacts and evidence, and submit bundles for review.
-
Approvers review evidence and approve bundles at designated stages. When a practitioner requests a review, the approver receives a task assignment. Approvers can also create findings to document issues and track resolution. Any user listed in a policy or organization as an approver gains consumer-level access to projects with governed bundles.
-
Governance administrators create, edit, and publish policies. They also have access to the governance dashboard, compliance views, audit trail, and Governance APIs. SysAdmins automatically have GovernanceAdmin permissions. All other users must be explicitly assigned the role.
The following table summarizes what each role can do in Governance:
| Permission | Practitioner | Approver | GovernanceAdmin |
|---|---|---|---|
Create governed bundles | Yes | No | Yes |
Add evidence and artifacts | Yes | Yes | Yes |
Submit bundles for review | Yes | No | Yes |
Review and approve stages | No | Yes | Yes |
Create findings | Yes | Yes | Yes |
Create and publish policies | No | No | Yes |
Access Governance APIs | Yes | No | Yes |
-
Create bundles: package models and artifacts for review
-
Send bundles for review: submit bundles for formal approval
-
Define policies: create and configure policies (for Governance administrators)