Help Center
News
Help Center
News
Sign in
Document
Documents & PoliciesQuestionnairesControls & Technical and Organizational Measures (TOMs)Report ExplorerAsset RegisterFrameworksRecord of Processing Activities (ROPA)Exporting your ROPAVendorsImpact Assessments (IA)Legitimate Interest DocumentationsMeetings & ActivitiesRetentions & Deletions PeriodsData Collection Point (DCP)Add documents to vendors
DPIA
Assessments
ROPA
Assets
International Standards & Frameworks
TOMs & Controls
Categories & Attributes
Data Collection Points
Legal Basis
Legitimate Interest
Documents & Policies
Retention & Deletion
Data Flow
Vendors
Questionnaires
Manage
Process Risk OverviewData Flow Map
Dashboards
AI Assistance & Automation
Projects
Tasks
Meetings & Activities
Workflows & Automations
Reporting
React & Resolve
TasksProjectsIncidents & BreachesData Subject Requests
Risk Scenarios & Treatments
Incidents & Breaches
Release Notes
Q2 2026
Q1 2026
Q4 2025
Q3 2025
Q2 2025
Release 245 (12.04.2025)Release 246 (15.04.2025)Release 247 (23.04.2025)Release 248 (24.04.2025)Release 249 (25.04.2025)Release 252 (04.05.2025)Release 255 (12.05.2025)Release 259 (07.06.2025)Release 261 (11.06.2025)Release 262 (12.06.2025)Release 264 (14.06.2025)Release 266 (22.06.2025)Release 250 (28.04.2025)Release 251 (30.04.2025)Release 253 (07.05.2025)Release 254 (08.05.2025)Release 256 (18.05.2025)Release 257 (25.05.2025)Release 258 (01.06.2025)Release 260 (10.06.2025)Release 263 (13.06.2025)Release 265 (18.06.2025)Release 267 (24.06.2025)Release 269 (28.06.2025)Release 268 (28.06.2025)Release 276 (16.05.2025)Release 275 (09.05.2025)Release 274 (07.05.2025)Release 273 (05.05.2025)Release 272 (02.05.2025)Release 271 (29.04.2025)Release 270 (25.04.2025)Release 269 (25.04.2025)Release 268 (23.04.2025)Release 267 (22.04.2025)Release 265 (14.04.2025)
Q1 2025
Q4 2024
Q3 2024
Q2 2024
Q1 2024
Q4 2023
Q3 2023
Q2 2023
Q1 2023
Q4 2022
Q3 2022
Getting Started
Quickstart GuideQuestionnairesTasksProcess Risk OverviewIT SettingsFrameworksThe Information Security / Asset Risk ModelData Subject RequestsDownloading an elementLegitimate Interest DocumentationsAssigning Audiences to ElementsDocuments & PoliciesControls & Technical and Organizational Measures (TOMs)General SettingsCreating attributes that fit your industryDocument list for onboardingThe Data Protection Risk ModelIncidents & BreachesProjectsManaging audiencesAdd documents to vendorsHow to answer an assessment/questionnaireSetting up the first organization or companyData Collection Point (DCP)Use AI to create elementsSetting Risk models in General SettingsSharing ElementsHow can a user change the language?Data Flow MapRecord of Processing Activities (ROPA)Time MachineCreate and evaluate assessments Company Widget FeatureAsset RegisterVendorsImpact Assessments (IA)Creating organizational unitsExporting your ROPAMeetings & ActivitiesTerms for legitimate processingRetentions & Deletions PeriodsHow to create a new user and how to change the password for loginReport ExplorerMaturity modelAdding risk scenarios to assets or asset groupsRelevant Risk SzenariosPriverion GRC Platform overviewDocument list for onboardingHow can a user change the language?Setting up the first organization or companyCreating attributes that fit your industry
User account
Sharing & Group functions
Features
How-To Guides & Tips
Get Help
Legal
Settings
General Settings
Compliance settings
Identity and access management
IT Settings
Risk Settings

Release 269 (28.06.2025)

Release 269 introduces a comprehensive Role-Based Access Control (RBAC) system with fully customisable roles and granular permissions, alongside improvements to the "Select All Relevant TOMs" button in risk management and several workflow enhancements.

New Release

Version: 269
Release Date: 28.06.2025 19:00 CET

Overview

This release delivers the long-awaited Role-Based Access Control (RBAC) feature, giving administrators the ability to create, edit, and delete custom roles with fine-grained, per-module permissions. In addition, the risk management area receives an improved "Select All Relevant TOMs" button with tooltip guidance and a direct link to Controls & TOMs, and workflow templates gain new permission controls.

Contents

  • What's new
  • Improvements
  • Fixes

What's new

Custom Roles and Granular Permissions (RBAC)

Administrators can now create fully custom roles in IT Settings → Roles. Each role can be configured with read, write, and "access only to assigned elements" permissions for every module in the system, including ROPA, Assets, Incidents, Vendors, TOMs, Assessments, Projects, Tasks, Workflows, Compliance Settings, Risk Settings, and more.

Key capabilities:

  • Create custom roles with a dedicated role-creation form featuring a permission matrix. Each column (Read, Write, Edit only assigned) can be selected individually or all at once using the "Select all" column header.
  • Edit existing custom roles to adjust permissions at any time.
  • Delete custom roles that are no longer needed (system roles cannot be deleted).
  • Assign multiple roles to users — the user management screen now shows all roles assigned to a user.
  • The Roles index list now displays the role type (system or custom) alongside the role name and logo.
  • Permissions respect dependency rules: enabling a write permission automatically activates the required read permission.
  • A dedicated Workflow Manager role has been added, covering all workflow-related actions including template management and import/export.
  • "Read only assigned" permissions are available for key modules, restricting users to records they are responsible for.

Workflow Templates: Permission Controls

Workflow templates now include permission checks, ensuring that only users with the appropriate access level can create or modify templates ([NG-4513]).

Workflows: Add Workflows from Assessment Template

It is now possible to add workflows directly from an assessment template, streamlining the process of linking assessments to workflow automation ([NG-4575]).

Improvements

  • Risk Management – Select All Relevant TOMs: The "Select All Relevant TOMs" button now shows a tooltip when no relevant TOMs are available, and includes a direct link to the Controls & TOMs section so users can navigate there immediately ([NG-4622]).
  • Risk Settings – Control Sets: The control sets filter in risk settings has been refined for more reliable selection behaviour.
  • ROPA – AI Autogenerate: The AI auto-generation flow for ROPA entries now correctly passes the required parameters and displays the job-status indicator during processing ([NG-4619]).
  • International Standards – Route Generation: Improved routing for standard-related pages ensures consistent navigation ([NG-4454]).
  • 403 Error Page: The forbidden-access page now provides clearer messaging and better context when a user lacks the required permission for a specific screen.
  • Checkbox styling: Required checkboxes are now highlighted in red when a validation error occurs, and revert to their normal appearance once the user interacts with them.
  • Quick Navigation filter: The quick-navigation panel now correctly filters items based on module-level permissions ([NG-3850]).

Fixes

  • RBAC – various screens: Multiple screens that were incorrectly showing edit or create buttons to users without the required permissions have been corrected ([NG-4376], [NG-4431], [NG-4432], [NG-4433], [NG-4434], [NG-4435], [NG-4436], [NG-4438], [NG-4449], [NG-4460], [NG-4461], [NG-4467], [NG-4469], [NG-4472], [NG-4480], [NG-4489], [NG-4491], [NG-4492], [NG-4521], [NG-4525], [NG-4529], [NG-4538], [NG-4539], [NG-4558]).
  • Roles list – sorting: Roles are now sorted alphabetically by name.
  • Custom role creation: Fixed an error that prevented a new role from being saved under certain conditions.
  • Custom role deletion: Fixed an error that occurred when deleting a custom role.
  • Sharing / Publishing permissions: Fixed incorrect validation of sharing and publishing permissions that could allow or block actions unexpectedly.
  • ROPA – forbidden message: Fixed an incorrect "forbidden" message appearing on ROPA screens for users with valid permissions.
  • User Management – roles list: Fixed a display bug in the roles list within user management.
  • Data Mapping permission: Fixed an error in the Redux state causing data-mapping permission checks to fail.
  • Vendor – edit permission: Fixed an error that incorrectly blocked editing of vendor records for users with write permissions.
  • Workflow – wrong route: Fixed an incorrect routing issue in the workflow module ([NG-4559]).
  • Asset detail – group permissions: Fixed an issue where asset group actions were not correctly gated by the user's permissions.

Known issues

No known issues.

Feedback and Support

We value your feedback. If you encounter any issues or have suggestions, please contact our support team:

  • Schedule a Meeting: Via the Help Widget
  • Give Feedback with Screenshots: Via the Feedback Button in the Help Widget
  • Schedule a Support Call: Here
  • Schedule a Technical Support Call: Here

Was this article helpful?

English
Powered by Product Fruits