Teams & Roles
GOVERN uses a role-based access control (RBAC) model. Roles are assigned to users at the organization level, with optional team-level scoping.
Built-in roles
| Role | Description | Key permissions |
|---|---|---|
| Org Admin | Full organization control | Manage users, policies, billing, all systems |
| Governance Lead | Governance program management | Create and publish policies, manage remediations |
| Practitioner | Day-to-day governance work | View assessments, respond to alerts, open remediations |
| System Owner | Manage specific systems | Edit owned systems, view their assessments, close their remediations |
| Viewer | Read-only access | View dashboards and reports |
| Auditor | Compliance audit access | Export audit trail, view all records, no write access |
Creating teams
Teams are logical groups within an organization (e.g., “ML Platform Team”, “Customer AI”, “Finance AI”). Systems can be assigned to teams, and policies can be scoped to teams.
- Go to the organization settings → Teams
- Click New Team, give it a name and description
- Assign users to the team and set their role within the team
Role assignments
A user can have different roles in different teams. For example, a user may be a Practitioner in one team and a Viewer in another.
To assign a role: open the user’s profile, click Edit Roles, and configure the role for each team or the whole organization.
SCIM provisioning
On Enterprise plans, GOVERN supports SCIM 2.0 for automated user provisioning from your identity provider (Okta, Entra ID, etc.). Configure SCIM in Settings → Authentication → SCIM.