Skip to main content

Governance intelligence for access, cloud, and SaaS. Now in early access

Nuxari
Roles and Permissions

Governance Operator

The Governance Operator runs governance templates, manages workflows and remediation plans, and processes access requests. This role operates within approval policy and cannot assign roles to other users.

Last updated: June 2026

Who this is for

IT operations staff, governance team members, or automation leads responsible for executing governance workflows and managing remediation and access operations.

Purpose

The Governance Operator role is designed for operational staff who do the day-to-day execution work in Nuxari: running templates, managing workflows, processing remediation plans, and handling access requests. They have enough capability to operate the platform but cannot change security policy, assign roles, or bypass the approval processes that owners and admins have configured.

What Governance Operators can do

  • Run and manage governance templates and control pack evaluations.
  • Create, configure, and execute workflows and automation.
  • Create and manage remediation plans for governance findings.
  • Submit and manage access requests on behalf of users or as part of onboarding and offboarding workflows.
  • View findings, evidence, audit events, and governance data relevant to their operations.
  • Manage scheduled jobs and monitor workflow execution.

What Governance Operators cannot do

  • Assign roles to users — role assignment requires Client Admin or Client Owner.
  • Bypass approval workflows — governed actions still require approval from an assigned Approver.
  • Configure security policy, MFA enforcement, or PIM settings.
  • Manage tenant settings, billing, or connector credentials.
  • Approve their own requests — requests they create must be approved by a designated Approver.
Governance Operators work within the boundaries set by admins and owners. They execute governance actions but cannot change the policies that govern those actions. This separation keeps operational work and policy configuration in distinct roles.

Approval policy applies

All governed actions that a Governance Operator initiates — such as access grants, onboarding workflows, or remediation plan execution — are subject to the approval policy configured in your tenant. If an action requires approval, the Governance Operator submits it and an Approver reviews it. The operator cannot self-approve governed actions.

Assignment guidance

  • Assign this role to IT operations staff who execute governance processes and workflows as part of their regular job.
  • If the user also needs to approve requests, add the Approver role in addition to Governance Operator.
  • Do not assign this role to users who only need to submit their own access requests — use Requester instead.

Related docs

Roles and Permissions Overview

All eight client tenant roles and the two role families

Approver

The role responsible for approving and denying requests

Approvals

How the Nuxari approval queue works

Remediation

Create, approve, execute, and close remediation plans

Was this page helpful?