Restricted Content for User Risk & User Privacy Roles is a visibility control feature that limits what users with these roles can see in the Diri platform. When enabled by an admin, affected users only see items they created, items shared with them, or items where they have a defined role (e.g., owner or responsible).
The goal is to enhance security, reduce unnecessary access, and support compliance through role-based restrictions. While applied globally per role, individual overrides are possible for flexibility.
Benefits:
This feature provides enhanced data access control for organizations with many users. It allows administrators to restrict visibility for users assigned the User Risk
and User Privacy
roles.
When the restriction is enabled:
Users only see content they created,
Content shared directly with them,
Or content where they have an assigned role (e.g., owner, responsible, participant).
This feature must be enabled by an organization administrator.
We recommend informing affected users before activating it.
To enable restricted content visibility:
Go to Users & Access
→ Access Control
.
Toggle Restricted Role ON for the User Risk
or User Privacy
role.
All users with that role will have their access restricted according to the rules described below.
To override the global rule for a specific user:
Open the user's profile in user management.
Switch their restriction setting from Global to Custom.
You can now set whether this user follows the restriction or not.
In the above example:
If the global rule is Restricted ON
, but User B is set to Restricted OFF
, they will retain full access regardless of global changes — until you switch them back to Global
.
Below are the access limitations for users with restricted roles:
See only tasks they created or are assigned.
All users can view sprints (sprints are not restricted).
Visible if the user is owner or responsible.
Also visible if part of an accessible Risk Assessment.
Vendors linked to visible IT systems are shown.
Note: If a vendor is linked to multiple systems, only those accessible to the user will be shown.
Visible if user is owner, responsible, or a participant.
Linked IT systems, vendors, and values become visible.
Shown if linked to accessible Risk Assessments or IT Systems.
If a value is linked to multiple IT systems, only systems the user can access will be shown.
Visible if user is owner, responsible, or a participant.
Linked IT systems, vendors, processing activities, or values are visible depending on DPIA type.
Visible if the user is an owner, responsible, or if the measure is linked to an accessible Risk Assessment or DPIA.
Visible if:
Created by the user,
Owned by the user,
Or linked to a DPIA the user can access.
Visible only if created by the user or assigned to them.
Some content created before this update may not be visible to restricted users because creator metadata was not previously stored.
This applies to:
Processing Activities
Reports
Guidelines