Readonly Viewer

Who this is for

Stakeholders, executives, or team members who need occasional visibility into the organization's governance posture or operations without any ability to take action.

Purpose

The Readonly Viewer role provides a minimal footprint for users who need to observe without acting. It is more limited than the Client Compliance Auditor role — it does not provide full audit log access or evidence export capabilities. It is suitable for stakeholders who want dashboard visibility or occasional report access, with no risk of inadvertent changes.

What Readonly Viewers can do

• View permitted dashboards — the specific dashboards available depend on what a Client Admin or Client Owner has configured as visible.
• View selected reports that have been made available to their role.
• Receive notifications about governance summaries if configured.

What Readonly Viewers cannot do

• Submit requests of any kind.
• Approve or deny any actions.
• Export evidence packages or reports.
• View the full audit log — audit log access requires the Client Compliance Auditor role or higher.
• Configure any platform settings, connectors, or workflows.
• Assign roles or manage users.

How to decide between Readonly Viewer and Client Compliance Auditor

Use this guide to choose the right read-only role:

• If the user needs full audit log access and evidence exports for compliance or audit purposes, use Client Compliance Auditor.
• If the user only needs to see summary dashboards and operational reports without sensitive audit access, use Readonly Viewer.

Assignment guidance

• Use this role for executives, business stakeholders, or team members who need occasional governance visibility without operational involvement.
• Do not assign this role to someone who needs to submit requests — use Requester instead.
• Review Readonly Viewer assignments periodically to ensure access is still needed.