The Whistleblower module has three distinct permission levels that control what users can see and manage:

Important: People who want to submit incidents don’t need any module access – they use the public reporting page.

Super Administrator Permissions

What Super Administrators Can Do

• Manage email templates for whistleblowers
• Configure the public reporting page
• Manage incident categories
• Manage all reported incidents
• Assign people to handle reports (assignees must have module access)
• Be assigned to handle reports themselves

Required Permission Settings

Module Administrator Permissions

What Module Administrators Can Do

• Manage all reports submitted by whistleblowers
• Assign people to handle reports (assignees must have module access)

Required Permission Settings

Assigned Handler Permissions

What Assigned Handlers Can Do

• Be assigned to handle specific reports by administrators
• View and manage only reports assigned to them

Required Permission Settings

Important Security Notes

Who Should NOT Have Access

Do not set up any module access for:

• Regular employees (unless they’re assigned handlers)
• External contractors
• Anyone not directly involved in incident management

Access Control Best Practices

• Limit access to only those who need to handle reports
• Use assigned handlers rather than full administrator access where possible
• Regular review access permissions to ensure they remain appropriate

Quick Setup Guide

Setting Up a Super Administrator

1. Go to Settings > User Permissions
2. Edit the user’s permission group
3. Set Whistleblower Module access and management rights
4. Set Settings access and management rights
5. Save changes
6. Assign them to specific reports as needed

Setting Up Report Handlers

1. Go to Settings > User Permissions
2. Give users Module Access: Yes
3. Set Management Rights: Manage only own records
4. Save changes
5. Assign them to specific reports as needed