Skip to main content

Governance intelligence for access, cloud, and SaaS. Now in early access

Nuxari
Roles and Permissions

Client Compliance Auditor

The Client Compliance Auditor has read-only access to audit logs, evidence, reports, and compliance readiness data. This role cannot create, modify, or delete any data.

Last updated: June 2026

Who this is for

Internal auditors, compliance officers, external reviewers, or anyone who needs visibility into the organization's governance posture without the ability to change anything.

Purpose

The Client Compliance Auditor role is designed for people who review the organization's governance posture, audit evidence, and compliance readiness but have no need to make changes. This is a pure read-only role. Assigning this role to auditors ensures they have full visibility into the evidence record without any risk of inadvertent or unauthorized modifications.

What Client Compliance Auditors can do

  • View the full audit log, including all action types, actors, timestamps, and metadata.
  • View governance evidence captured by control packs and connectors.
  • View all reports, including compliance readiness, security posture, and operational reports.
  • Export evidence packages and reports for external review.
  • View findings and their current status across the tenant.
  • View control pack coverage and compliance mapping.

What Client Compliance Auditors cannot do

  • Create, modify, or delete any data — this role has no write permissions.
  • Submit or approve requests of any kind.
  • Configure connectors, workflows, or templates.
  • Assign roles to other users.
  • Manage tenant settings or security policy.
Assign the Client Compliance Auditor role to internal or external auditors who need full visibility for compliance reviews. The read-only constraint ensures they cannot accidentally or intentionally alter evidence records, which preserves the integrity of the audit trail.

Use cases

  • External auditors reviewing governance evidence for SOC 2, ISO 27001, or other assessments.
  • Internal audit teams conducting periodic access reviews and evidence collection.
  • Compliance officers reviewing the organization's continuous compliance posture.
  • Legal or risk teams requiring evidence of security controls for contractual obligations.

Assignment guidance

  • Assign this role to anyone who needs visibility for compliance reviews without needing to change anything.
  • Do not assign Client Compliance Auditor to someone who also needs to manage workflows or approve requests — use a more appropriate role for operational users.
  • Remove access after an audit engagement ends if external access is no longer needed.

Related docs

Roles and Permissions Overview

All eight client tenant roles and the two role families

Audit Log

Review the complete tamper-evident log of all platform actions

Evidence

How Nuxari captures, stores, and exports audit-ready evidence

Reports

Generate and export governance reports for auditors and stakeholders

Was this page helpful?