Venvera uses a role-based access control (RBAC) system. Your administrator assigns you a role that determines what you can see and do across the platform.
Roles
| Role | Can View | Can Edit | Can Manage |
|---|---|---|---|
| Admin | Everything | Everything | Users, settings, all modules. Can invite/remove users, change roles, enable frameworks, configure organisation settings. |
| Editor | All enabled modules | All enabled modules | Cannot manage users or organisation settings. Can create, edit, and delete records in all modules. |
| Viewer | All enabled modules | Nothing | Read-only access. Cannot create, edit, or delete any records. Useful for auditors or stakeholders who need visibility. |
What each role can do
- Admins — Full access including user management (Settings → Users), company profile editing, framework enabling/disabling, and all CRUD operations across every module.
- Editors — Can create assessments, add providers, log incidents, manage policies, and perform all day-to-day compliance work. Cannot access user management or change organisation-level settings.
- Viewers — See all dashboards, lists, and detail pages in read-only mode. Form fields and action buttons are hidden or disabled. Ideal for board members, external auditors, or oversight roles.
Platform administrators
In addition to tenant roles, Venvera has a platform admin tier. Platform admins can manage all organisations, view system-wide metrics, and access the /admin panel. This is typically reserved for Venvera staff.
Framework gating
Your organisation chooses which regulatory frameworks to enable (e.g., DORA + GDPR). Only enabled frameworks appear in the sidebar. This is configured by your administrator in Settings → Company Profile → Enabled Frameworks.
If you need access to a module you can't see, contact your organisation's Venvera administrator. They can adjust your role or enable additional frameworks.