Roles & Permissions

SAR Portal uses role-based access control to manage what users can do within the system.

Available Roles

Admin

Full access to all features.

Admins can:

Create, edit, and close cases
Upload and manage documents
Use AI features
Delete documents
Manage users and invitations
Change organization settings
Manage billing and subscriptions
View audit logs
Access compliance features
Delete the organization

Recommended for:

Business owners
Compliance officers
DPOs (Data Protection Officers)
IT administrators

Case Manager

Full case management capabilities.

Case Managers can:

Create, edit, and close cases
Upload documents
Use AI features
Request information from subjects
Extend deadlines
View audit logs (for their cases)

Case Managers cannot:

Delete documents
Manage users
Change settings
Access billing

Recommended for:

Staff who handle DSARs day-to-day
Privacy team members
Customer service leads

Reviewer

Review and limited editing capabilities.

Reviewers can:

View all cases
Add notes to cases
Upload documents
View documents
Use AI analysis (view only)

Reviewers cannot:

Change case status
Close cases
Delete documents
Access settings or billing

Recommended for:

Legal reviewers
Quality assurance
Department liaisons

Read Only

View-only access for oversight.

Read Only users can:

View cases
View documents
View audit logs

Read Only users cannot:

Make any changes
Upload documents
Access settings or billing

Recommended for:

Auditors
External consultants
Management oversight
Compliance monitoring

Permission Matrix

Action	Admin	Case Manager	Reviewer	Read Only
View cases	Yes	Yes	Yes	Yes
Create cases	Yes	Yes	No	No
Edit cases	Yes	Yes	Limited	No
Close cases	Yes	Yes	No	No
Upload documents	Yes	Yes	Yes	No
Delete documents	Yes	No	No	No
AI analysis	Yes	Yes	View only	No
Apply redactions	Yes	Yes	No	No
Manage users	Yes	No	No	No
Change settings	Yes	No	No	No
Manage billing	Yes	No	No	No
View audit logs	Yes	Yes	Limited	Yes
Delete account	Yes	No	No	No

Choosing the Right Role

Single User Organizations

Start as Admin (automatic for first user)
No need to add others unless sharing work

Small Teams (2-5)

1-2 Admins for full control
Case Managers for daily work
Reviewers for quality checks

Larger Teams

Designated Admins (limited number)
Case Managers for processors
Reviewers for oversight
Read Only for auditors

Role Assignment

During Invitation

Enter user email
Select role from dropdown
Send invitation
User receives role upon activation

Changing Roles

Admins can change roles:

Go to Users
Find the user
Click role dropdown
Select new role
Change is immediate

Role Change Notifications

Users are not automatically notified of role changes. Consider informing them directly.

Role Best Practices

Limit Admin Access

Only essential personnel
At least 2 admins (for redundancy)
Document who has admin access

Regular Review

Audit roles quarterly
Remove unnecessary privileges
Adjust as responsibilities change

Separation of Duties

Different people for case processing and audit
Admins shouldn’t be the only case handlers
Consider who can see what data

Training by Role

Admins: Full system training
Case Managers: Case workflow training
Reviewers: Review process training
Read Only: Navigation only

Special Considerations

Last Admin Rule

The system prevents removing the last admin:

Cannot delete or deactivate
Must add another admin first
Protects against lockout

Self-Role Changes

Users cannot change their own role. Another admin must make the change.

Audit Trail

All role assignments and changes are logged in the audit trail.