Help Center
News
Help Center
News
Sign in
Document
Documents & PoliciesQuestionnairesControls & Technical and Organizational Measures (TOMs)Report ExplorerAsset RegisterFrameworksRecord of Processing Activities (ROPA)Exporting your ROPAVendorsImpact Assessments (IA)Legitimate Interest DocumentationsMeetings & ActivitiesRetentions & Deletions PeriodsData Collection Point (DCP)Add documents to vendors
DPIA
Assessments
ROPA
Assets
International Standards & Frameworks
TOMs & Controls
Categories & Attributes
Data Collection Points
Legal Basis
Legitimate Interest
Documents & Policies
Retention & Deletion
Data Flow
Vendors
Questionnaires
Manage
Process Risk OverviewData Flow Map
Dashboards
AI Assistance & Automation
Projects
Tasks
Meetings & Activities
Workflows & Automations
Reporting
React & Resolve
TasksProjectsIncidents & BreachesData Subject Requests
Risk Scenarios & Treatments
Incidents & Breaches
Release Notes
Q2 2026
Q1 2026
Q4 2025
Q3 2025
Q2 2025
Q1 2025
Q4 2024
Q3 2024
Q2 2024
Q1 2024
Q4 2023
Q3 2023
Q2 2023
Q1 2023
Q4 2022
Q3 2022
Getting Started
Quickstart GuideQuestionnairesTasksProcess Risk OverviewIT SettingsFrameworksThe Information Security / Asset Risk ModelData Subject RequestsDownloading an elementLegitimate Interest DocumentationsAssigning Audiences to ElementsDocuments & PoliciesControls & Technical and Organizational Measures (TOMs)General SettingsCreating attributes that fit your industryDocument list for onboardingThe Data Protection Risk ModelIncidents & BreachesProjectsManaging audiencesAdd documents to vendorsHow to answer an assessment/questionnaireSetting up the first organization or companyData Collection Point (DCP)Use AI to create elementsSetting Risk models in General SettingsSharing ElementsHow can a user change the language?Data Flow MapRecord of Processing Activities (ROPA)Time MachineCreate and evaluate assessments Company Widget FeatureAsset RegisterVendorsImpact Assessments (IA)Creating organizational unitsExporting your ROPAMeetings & ActivitiesTerms for legitimate processingRetentions & Deletions PeriodsHow to create a new user and how to change the password for loginReport ExplorerMaturity modelAdding risk scenarios to assets or asset groupsRelevant Risk SzenariosPriverion GRC Platform overviewDocument list for onboardingHow can a user change the language?Setting up the first organization or companyCreating attributes that fit your industry
User account
Sharing & Group functions
Features
How-To Guides & Tips
Get Help
Legal
Settings
General Settings
Compliance settings
Identity and access management
IT Settings
IT SettingsGeneral IT settingsBrowse usersCreate a new userEdit a userBrowse rolesCreate a custom roleEdit a custom roleLanguage settingsAI settingsAI credentialsEmail logsAuto-translation settingsAnti-malware settingsExternal integrationsRoles, responsibilities and notificationsMicrosoft Entra ID SetupManaging audiencesHow to create a new user and how to change the password for loginSAML2 with SCIM2 Integration GUIDE
Risk Settings

Browse users

List all platform users with their roles and status.

Browse Users — User Management

The Browse Users screen is your single source of truth for everyone who has access to your DPMS platform. IT Administrators, Super Administrators, and Data Protection Officers come here to answer questions like "Who is still active?", "Which accounts hold elevated roles?", and "Why can a former employee still log in?" Because every other module in DPMS — from ROPA entries and asset records to tasks and incidents — relies on the user directory managed here, getting this screen right is foundational to your entire compliance programme.

How to open it

Navigate to IT Settings in the main application sidebar, then click User Management in the left-hand IT Settings menu. The user list opens immediately — there is no additional tab to click.

Heads up: You need the User Management read permission to see this screen at all. Without it, DPMS shows an "Access Denied" page instead of the user list, and the menu item itself may not appear. Creating, editing, deactivating, or deleting users additionally requires the User Management edit permission.

What you see

When you land on User Management, the page is divided into two columns. On the left sits the IT Settings sidebar — a vertical list of all IT Settings sub-sections (General, Active Directory, IAM, AI, Virus Scanner, Language, User Management, and others). The currently active item, User Management, is highlighted in blue so you always know where you are.

The right-hand column takes up most of the width. A breadcrumb trail at the top — IT Settings › User Management — lets you jump back to the IT Settings index at any time. Below the breadcrumb is the main content card, which contains a search bar on the left and a blue Create button on the right, followed by the user table itself.

The table lists one user per row and loads additional rows automatically as you scroll down. On the far right of every row is a three-dot menu (⋯) that gives you quick access to actions without opening the full user profile.

Working with this screen

Adding a new user

When a new colleague needs access to DPMS, start by confirming they are not already in the system. Type their email address into the search bar at the top of the table. If no results appear, click the blue Create button in the top-right corner.

A user creation form opens. Fill in the person's full name, their company email address, and choose the appropriate role — for example, Data Protection Coordinator or Employee. You can also assign them to an organisational unit. When you click Save, DPMS creates the account and typically sends the new user an invitation email. You are then returned to the Browse Users list, where the new entry is immediately visible.

From this point on, the new user can be selected as a responsible person anywhere in DPMS — on ROPA entries, tasks, assets, incidents, and more. If they do not appear in those pickers, return here and verify their account exists and is active.

Deactivating a user who has left your organisation

When someone leaves the company, you want to revoke their access quickly without losing the audit trail they leave behind. Find the person using the search bar — typing part of their name or email is usually enough to surface them.

Once you see their row, click the three-dot menu (⋯) on the right and choose Deactivate. A brief confirmation prompt appears; confirm to proceed. The user's status column updates to reflect that the account is now inactive. They can no longer log in to DPMS, but every record they were responsible for — ROPAs, tasks, incidents — remains intact with their name attached.

Before you eventually delete the account, open the user's detail view (click anywhere on the row) and reassign any open tasks or responsibilities to an active colleague. Deleting a user while they are still listed as a responsible person on live records will leave those records with a missing contact.

Heads up: You cannot deactivate your own account, and the last remaining active Super Administrator cannot be deactivated. If you need to replace your only Super Administrator, first promote another user to that role, then demote or deactivate the original.

Reviewing which users hold elevated roles

During an internal audit, a DPO may need to confirm that only designated people hold the Super Administrator or IT Administrator role. Scroll through the Role column in the user table — roles are displayed inline for every account. You can also sort the table by clicking the column header to group accounts by role.

If you find someone with an elevated role who should not have it, click the three-dot menu (⋯) on their row and select Edit. The edit form opens, where you can change their role and click Save. The change takes effect on the user's next page load — if they are currently logged in, they will continue to see their old permissions until they navigate away or refresh. Consider informing them directly if the change is security-sensitive.

Resetting two-factor authentication for a user

When an employee loses their phone or changes devices and can no longer generate 2FA codes, they will be locked out of DPMS. Search for their name or email in the search bar, then click the three-dot menu (⋯) on their row and choose Reset 2FA.

This clears the user's enrolled authenticator. The next time they log in, DPMS will prompt them to set up 2FA on their new device. If your organisation's General IT Settings require 2FA for all users, the employee cannot skip this step — the reset is a recovery mechanism, not a bypass.

Removing a user account entirely

Permanent deletion should be reserved for test accounts, duplicates, or accounts created in error. Before you delete, open the user's detail view and reassign any records they are responsible for.

When you are ready, click the three-dot menu (⋯) on the row and select Delete. A confirmation modal appears with a warning that this action cannot be undone. Confirm to proceed. The row disappears from the table and the account is permanently removed from DPMS. Note that any records that still reference this user as a responsible person will show a dangling name — DPMS does not cascade-delete those references.

Tip: When in doubt, deactivate rather than delete. Deactivation is reversible; deletion is not.

Field reference

The following columns appear in the user table. Most are self-explanatory, but a few deserve extra context.

  • Name / Display Name — The user's full name as stored in DPMS. This is the primary identifier in the list. If a name is blank, the platform may fall back to the email address to avoid an empty cell.
  • Email — The user's unique login identifier. A missing email usually means the account was created by an external sync (Active Directory or SCIM) and not all attributes have resolved yet.
  • Role(s) — The role or roles assigned to this user. Roles determine which modules and actions are available across the entire platform. A user with no role assigned cannot log in or perform meaningful actions — this indicates an incomplete provisioning step. Available roles include Super Administrator, IT Administrator, Data Protection Manager, Data Protection Coordinator, IT Security Manager, Employee, and others depending on your configuration.
  • Status — Whether the account is Active (the user can log in) or Inactive (the user cannot log in but their data remains). An absent status defaults to Active in the backend.
  • Two-Factor Authentication (2FA) — Whether 2FA is enrolled for this user. If your organisation enforces 2FA in the General IT Settings, this column helps you quickly spot users who have not yet completed enrolment.
  • Last Login / Last Activity — The date and time of the most recent successful login. A blank value means the user has never logged in — common for newly invited users who have not yet accepted the invitation.

How this connects to the rest of DPMS

What feeds into this screen

  • The IT Settings index page lists all sub-sections; clicking User Management brings you here.
  • Active Directory and SCIM provisioning automatically create and update user accounts. The results of those sync operations are visible in this list. If there is a mismatch — a user deactivated in DPMS but still active in your identity provider — you will see it by comparing the Status column here against the sync status on the Active Directory settings screen.

What this screen feeds into

  • Responsible person pickers everywhere in DPMS — Every module that asks you to assign a responsible person (ROPA entries, assets, tasks, incidents, DPIAs, vendors) draws from the user directory managed here. If a user does not appear in those pickers, the most common reason is that their account is inactive or has not been created yet.
  • Email notifications and workflow actions — Approval steps, review reminders, and workflow notifications are routed to users by the email address stored here. An incorrect or inactive email address will cause silent failures in workflow automation.
  • Role-based access across all modules — Every permission check in DPMS derives from the role assigned to the user on this screen. Changing a role here immediately changes what the user can see and do on their next page load.
  • Two-factor authentication enforcement — The enforceTwoFa setting in the General IT Settings screen determines whether all users must enrol in 2FA. Compliance with that policy is visible from the 2FA status column in this list.

What to do after finishing here

After provisioning a new user, consider whether they need to be added as the responsible person on any existing ROPA entries, assets, or tasks. After deactivating a departing user, reassign their open responsibilities before archiving or deleting the account.

Tips & common pitfalls

Tip: Deactivate first, then reassign, then delete — in that order. Deactivation is immediately reversible if you make a mistake. Deletion is permanent and leaves dangling references on any records the user was responsible for.
Heads up: Role changes take effect on the user's next page load, not immediately. If you demote someone while they are actively using DPMS, they will continue to see their old menus until they refresh. For security-sensitive changes, ask the user to log out and back in.
  • Searching by partial email domain (for example, @yourcompany.com) is a quick way to list all users from a specific domain. This is useful during onboarding audits to confirm that no personal email addresses have been granted system access.
  • SCIM and Active Directory-synced users may have their name and email fields locked against manual editing in DPMS, because those fields are owned by the identity provider. If a change you make does not persist, check the IAM settings screen to see whether the account is under external management.
  • Resetting 2FA does not disable 2FA enforcement. If your General IT Settings require 2FA for all users, the employee will be prompted to re-enrol on their very next login after a reset. This is intentional — it is a recovery mechanism, not an exemption.
  • You cannot delete the last Super Administrator or your own account. If you need to replace the only Super Administrator, promote another user to that role first, then remove the original.
  • A user with no assigned role can be created but cannot log in or be useful. Always assign at least one role before communicating login credentials to a new user.


Was this article helpful?

English
Powered by Product Fruits