Access Control

Transcend allows for granular role-based access control to restrict what your organization members can or cannot do on your organization's Transcend account. Every route that we expose has the ability to be managed from the Users and Permissions → page. This means the administrator of your account can dictate which views the users in your Transcend account can see, as well as which changes they can make. We call these access controls scopes.

Throughout these docs, we will indicate when a section is referring to some set of scopes. Look for messages like this to determine how you can configure access control for certain features.

We break down every view we show, and action we allow into scopes. An administrator of your Transcend account can assign these scopes to individual members, or to teams of members within your organization.

Scopes can also be assigned to API keys. The API keys can be given that same privileges as any member in your organization.

You can manage the assignment of "Scopes" under individual users in the Users & Permissions → section within Administration.

A full list of available user scopes is available below. Note: some scopes grant access to other scopes. For example, the ability to "View Email Templates" is automatically granted when permissions are given to "Manage Email Templates". This scope dependency is described by the "Dependencies" column.

TitleDescriptionTypeProductsDependencies
View OnlyAccess is granted to all of the scopes of type "View".ViewAdmin
  • All Scopes of Type=View
Full AdminFull administrative access. All scopes are granted.ModifyAdmin
  • All Scopes
Rotate Hosted Sombra keysAbility to perform a key rotation on the encryption keys used within your account.ModifyAdmin
    Manage Global AttributesUnder the infrastructure tab, manage your custom attributes and select which views those attributes should display in.ModifyAdmin
    • View Global Attributes
    Manage Access ControlsManage what employees in your organization can access within Transcend.ModifyAdmin
    • View Employees
    • View Scopes
    Manage BillingManage billing details for your organization.ModifyAdmin
      Manage SSOManage SSO configuration for members of your organization.ModifyAdmin
      • View SSO
      Manage API KeysCreate, update and delete API keys for programmatic access to your Transcend organization.ModifyAdmin
      • View API Keys
      Manage Organization InformationEdit the top-level organization settings details.ModifyAdmin
        Manage Email DomainsManage the domains from which Transcend can send emails on behalf of your organization.ModifyAdmin
        • View Email Domains
        View Customer Data in Privacy RequestsGive permissions for an employee to view the data in an access request.ViewAdmin, Privacy Requests
          View Customer Data in Data MappingGive permissions for an employee to view the sampled data in the data mapping product.ViewAdmin, Data Mapping
            View API KeysView the API keys on your account and see what scopes are assigned to them.ViewAdmin
              View SSOView the SSO configuration for your organization.ViewAdmin
                View ScopesView the potential access control scopes that can be assigned to members in the organization.ViewAdmin
                • View Employees
                View EmployeesView the list of employees within your organization.ViewAdmin
                  View Email DomainsView the domains from which Transcend can send emails on behalf of your organization.ViewAdmin
                    View Global AttributesView the attribute definition key/value pairs.ViewAdmin
                      View Legal HoldView the individuals that have been placed on legal holds.ViewPrivacy Requests
                        Manage Legal HoldsManage and edit the individuals that have been placed on legal holds.ModifyPrivacy Requests
                        • View Legal Hold
                        Manage Request SecurityReSign expired request encryption contexts, and data silo contexts.ModifyAdmin, Privacy Requests
                          Manage Request CompilationMake changes to the compilation process of a request. This involves changing the status of data silos in your Data Map, as well as editing profiles and files.ModifyPrivacy Requests
                          • View Incoming Requests
                          • View the Request Compilation
                          Manage Assigned Privacy RequestsMake changes to the compilation process of a request for requests assigned to your or your team. This involves changing the status of data silos in your Data Map, as well as editing profiles and files.ModifyPrivacy Requests
                          • View Assigned Privacy Requests
                          Submit New Data Subject RequestSubmit a new privacy requests.ModifyPrivacy Requests
                          • View Data Subject Request Settings
                          • View Identity Verification Settings
                          Manage Data Subject Request SettingsMake changes to the request actions that your organization allows, as well as what data subjects you will serve.ModifyPrivacy Requests
                          • View Data Subject Request Settings
                          Manage Email TemplatesManage the email communication templates that your organization uses to communicate with your data subjects.ModifyPrivacy Requests
                          • View Email Templates
                          Manage Request Identity VerificationManage how your organization will verify the identities of new privacy requests, and how that identity will be enriched for all of your data silos to lookup that person.ModifyPrivacy Requests
                          • View Identity Verification Settings
                          Publish Privacy CenterLaunch the Privacy Center on your own domain, and publish new changes.ModifyPrivacy Requests, Privacy Center
                          • Manage Privacy Center Layout
                          Manage Data MapEdit the configurations on your data silos and determine what information should be included in a request.ModifyPrivacy Requests, Data Mapping
                          • View Data Map
                          Manage Privacy Center LayoutMake changes to the privacy center configuration and policies.ModifyPrivacy Requests, Privacy Center
                          • View Privacy Center Layout
                          Request Approval and CommunicationThe ability to approve and manage the state of privacy requests, and communicate with the data subject.ModifyPrivacy Requests
                          • View Incoming Requests
                          • View the Request Compilation
                          • Manage Request Compilation
                          View Data Subject Request SettingsView the privacy request actions settings and data subject categories that your organization supports.ViewPrivacy Requests
                            View the Request CompilationView the status of requests as they compile across your Data Map.ViewPrivacy Requests
                            • View Incoming Requests
                            View Identity Verification SettingsView the settings for data subject request identity verification.ViewPrivacy Requests
                              View Incoming RequestsView the stream of incoming requests, and any details submit through the form or later enriched.ViewPrivacy Requests
                              • View Global Attributes
                              • View Data Subject Request Settings
                              View Assigned Privacy RequestsView the stream of incoming requests assigned to you and your team. You will be able to see any request details submitted through the form or later enriched.ViewPrivacy Requests
                              • View Global Attributes
                              • View Data Subject Request Settings
                              View Privacy Center LayoutView the full configuration of the privacy center.ViewPrivacy Requests, Privacy Center
                                View Email TemplatesView the default email templates templates used to communicate with your data subjects.ViewPrivacy Requests, Privacy Center
                                  Connect Data SilosConnect new data silos to your Data Map.ModifyPrivacy Requests, Data Mapping
                                  • View Data Map
                                  • Manage Data Map
                                  • View Email Templates
                                  Manage Data InventoryAbility to manage and edit everything in the data mapping product. Includes the data inventory, ROPE, and content classification views.ModifyData Mapping
                                  • View Data Inventory
                                  Manage Assigned Data InventoryManage the data inventory rows in your organization's Data Map that are assigned to you or your team.ModifyData Mapping
                                  • View Data Inventory
                                  Manage Assigned IntegrationsManage the integrations in your organization's Data Map that are assigned to you or your team.ModifyPrivacy Requests, Data Mapping
                                  • View Assigned Integrations
                                  View Data MapView your organization's Data Map and see the configuration settings for each action your support.ViewPrivacy Requests, Data Mapping
                                  • View Global Attributes
                                  View Assigned IntegrationsView the integrations in your organization's Data Map that are assigned to you or your team.ViewPrivacy Requests, Data Mapping
                                  • View Global Attributes
                                  View Data InventoryAbility to view the resources in the data mapping product that are assigned to your or your team.ViewData Mapping
                                  • View Global Attributes
                                  • View Data Subject Request Settings
                                  View Data InventoryAbility to view all of the data mapping product. Includes the data inventory, ROPA, and content classification views.ViewData Mapping
                                  • View Data Map
                                  • View Global Attributes
                                  • View Data Subject Request Settings
                                  Manage Consent ManagerManage & deploy the consent manager changes to your websites.ModifyConsent Manager
                                  • View Consent Manager
                                  • Manage Data Flows
                                  • View Data Flows
                                  Manage Assigned Consent ManagerManage Data Flows & Cookies assigned to you or your team.ModifyConsent Manager
                                  • View Assigned Consent Manager
                                  Manage Data FlowsManage & Deploy Data Flows (tracking purpose maps, site scans, cookies)ModifyConsent Manager
                                  • View Data Flows
                                  View Opt Out StatusCheck the opt out status of a particular user.ViewPrivacy Requests, Consent Manager
                                    View Data FlowsView Data Flows (tracking purpose maps, site scans)ViewConsent Manager
                                    • View Consent Manager
                                    View Assigned Consent ManagerView Data Flows and Cookies assigned to you or your team.ViewConsent Manager
                                    • View Global Attributes
                                    View Consent ManagerView the consent manager configuration.ViewConsent Manager
                                    • View Global Attributes
                                    View AssessmentsView the assessments and assessment templates.ViewAssessments, Data Mapping
                                      Manage AssessmentsManage and edit assessments and assessment templatesModifyAssessments, Data Mapping
                                      • View Assessments
                                      Approve AssessmentsApprove the assessments and assessment templatesModifyAssessments, Data Mapping
                                      • View Assessments

                                      Every employee, partner, or person that should have a login to your Transcend account is known as a member. By default, each member has no scopes. They cannot see any incoming Requests or private configurations for your organization. The only changes they can make are to their personal account settings.

                                      In order for your members to start doing things like configuring your Privacy Center or Integrations or responding to Data Subject Requests you must assign them scopes.

                                      You can manage and invite new "Users" on the Users and Scopes → tab.

                                      Typically, groups of members should be assigned the same set of scopes. For this reason, we allow you to create teams of members, and assign scopes to everyone in that team. If you remove a member from a team, that member will lose the scopes it had from that team unless the member was also individually assigned those scopes.

                                      You can manage and invite new "Users" on from your profile icon in the bottom left, then "Administration", then Users & Permissions → tab.

                                      When one of your employees logs into Transcend for the first time using their SSO login, if you expose some certain attributes to Transcend, the employee will be assigned to the Transcend team when their account is created, thus giving them a specific set of scopes by default.

                                      You can enable the following SSO attribute mappings

                                      AttributeTranscend Mapping
                                      Employee Details.Titletitle
                                      Employee Details.Departmentdepartment

                                      In addition to mapping SSO attributes to a "Team" on Transcend, you can map SSO groups (AKA Okta Groups) to do the same. For organizations that already have groups set up, this is often the preferred method. For those without groups, attribute mapping is the preferred mapping. You must configure user access to the group within your SSO provider, and then map the group name to the Transcend team as shown in the image below. (Below, we are mapping the SSO group named "Engineering" to a Transcend team named "Developers").

                                      Map SSO Group to Transcend Team.