Vendor Pulse: Roles & Permissions Reference

Vendor Pulse: Roles & Permissions Reference

This guide lists the permission scopes that control access to each part of Vendor Pulse, so administrators can grant users exactly the access they need.

This page covers Vendor Pulse only. For the complete cross-product reference — every product's scopes, resource-level roles, groups, and common scenarios — see the Zeron Platform: Complete Permissions & RBAC Reference.

How permissions work

  • Groups bundle one or more policies (permission sets). Add users to a group and they inherit all of its permissions — the recommended approach.
  • Permissions can also be attached directly to a user.
  • Each permission is a scope string (e.g., vendor:view). If a user lacks the scope a page needs, they see an "Unauthorized" screen.

Manage user accounts and groups under Admin > Management (requires the zitadel:iam permission).

Section-by-section: what scope each page needs

To do thisRequired scope
View the vendor risk dashboarddashboard:view
View vendor list and all vendor detail tabsvendor:view
Add vendors (single & bulk), edit vendor profilesvendor:add
Delete vendorsvendor:delete
View assessments, responses, historyvendor:assessment:view
Create assessments, send reminders, configure schedulingvendor:assessment:add
Review and evaluate vendor responsesvendor:assessment:review
Delete assessmentsvendor:assessment:delete
View vendor risksvendor:risk:view
Create risks, manage lifecycle, send risks to vendorsvendor:risk:add
View Digital Risk (DRM) / external attack surfacevendor:digital:view
View MasterVault templates, categories, questionsmaster:view
Create/edit templates, categories, questions, import/exportmaster:add
Delete from MasterVaultmaster:delete
View ZIN documents & knowledge basezin:view
Upload documents, manage KB entries, import KBzin:add
Delete ZIN documentszin:delete
View questionnaire checklist & scan resultsquestionnaire:view
Upload questionnaires for AI scanningquestionnaire:add
View & download reportsreport:view

External vendor portal roles

Vendors who respond through the Vendor Assessment Portal use roles, not scopes:

RoleWhat they can do
AdminFull access: manage team, submit assessments, answer questions, upload documents
CollaboratorAnswer questions, upload documents, add comments
ViewerRead-only: view questions and responses

Common setups

  • Read-only Viewer: dashboard:view + vendor:view + vendor:assessment:view + vendor:risk:view + master:view + zin:view + questionnaire:view
  • Vendor Manager (full): all vendor:*, master:*, zin:*, questionnaire:* + report:view

Troubleshooting

IssueWhat to do
User sees "Unauthorized" on a pageTheir group/role is missing that page's scope. Add the scope from the table above.
User can view but not create/editView and add/edit are separate scopes. Add the matching :add scope.
User cannot see ReportsAdd report:view.
Vendor cannot submit in the portalThe vendor needs the Admin or Collaborator role, not Viewer.

Need more help? Contact support@zeron.one.

    • Related Articles

    • Vendor Pulse: Frequently Asked Questions (FAQ)

      Answers to the questions we hear most often about Vendor Pulse, Zeron's third-party risk management (TPRM) product. Getting Started What is Vendor Pulse? Zeron's TPRM product for managing your vendor portfolio, sending assessments, scoring vendor ...

    • Troubleshooting Common Issues in Vendor Pulse

      This guide covers common issues in Vendor Pulse and how to resolve them. Login & Permissions Many "I can't see/do X" issues are missing permission scopes — a user without the required scope sees an "Unauthorized" screen. Symptom Fix SSO login fails ...

    • Getting Started with Vendor Pulse

      Prerequisites Before you begin, ensure you have: An active Zeron account with Vendor Pulse access Admin or Vendor Manager role assigned to your profile A list of vendors your organization works with Step 1: Log In to the Platform Navigation: Browser ...

    • How to Review Vendor Risk Scores

      Prerequisites At least one vendor with a completed assessment Access to the vendor risk section Viewing Vendor Risk Scores Navigation: Sidebar → Vendors → [Select Vendor] → Risk Tab Step 1: Open Vendor Risk Details Click Vendors in the sidebar. Click ...

    • How to Import and Export Data in Vendor Pulse

      Vendor Bulk Import Navigation: Sidebar > Vendors > Bulk Upload Importing Vendors from Excel On the vendor list page, click the Bulk Upload option. Click Download Template to get the Excel template. The template includes columns for all vendor fields ...