User Roles & Permissions
Klarvo uses role-based access control (RBAC) to ensure users have appropriate access to compliance data.
Available Roles
#### Admin
Full platform access
| Area | Permissions |
| AI Systems | Create, Read, Update, Delete |
| Evidence | All actions + approve |
| Tasks | All actions + reassign |
| Team | Invite, manage, remove |
| Settings | All including billing |
| Integrations | Configure all |
| Reports | Generate any |
#### Compliance Owner
Manages the compliance program
| Area | Permissions |
| AI Systems | Create, Read, Update, Delete |
| Evidence | All actions + approve |
| Tasks | All actions |
| Team | Invite (except admin) |
| Settings | Org settings, not billing |
| Reports | Generate any |
#### System Owner
Owns specific AI systems
| Area | Permissions |
| AI Systems | Read/Update own systems |
| Evidence | Upload for own systems |
| Tasks | Complete assigned tasks |
| Team | View only |
| Settings | Personal settings only |
| Reports | Own systems only |
#### Reviewer/Approver
Reviews and approves compliance artifacts
| Area | Permissions |
| AI Systems | Read all |
| Evidence | Read + approve |
| Assessments | Review + approve |
| Policies | Review + approve |
| Tasks | View + comment |
#### Viewer
Read-only access
| Area | Permissions |
| AI Systems | Read only |
| Evidence | View only |
| Tasks | View only |
| Reports | View shared reports |
Permission Matrix
| Capability | Admin | Comp. Owner | Sys. Owner | Reviewer | Viewer |
| Create AI systems | ✅ | ✅ | ❌ | ❌ | ❌ |
| Edit any AI system | ✅ | ✅ | ❌ | ❌ | ❌ |
| Edit own AI systems | ✅ | ✅ | ✅ | ❌ | ❌ |
| Upload evidence | ✅ | ✅ | ✅ | ❌ | ❌ |
| Approve evidence | ✅ | ✅ | ❌ | ✅ | ❌ |
| Create tasks | ✅ | ✅ | ❌ | ❌ | ❌ |
| Complete tasks | ✅ | ✅ | ✅ | ❌ | ❌ |
| Invite members | ✅ | ✅ | ❌ | ❌ | ❌ |
| Manage billing | ✅ | ❌ | ❌ | ❌ | ❌ |
| Export reports | ✅ | ✅ | ✅ | ✅ | ❌ |
Cannot invite Admin users
Own systems only
Auditor Role (Special)
For external auditors, Klarvo offers a restricted "Auditor" view:
Custom Roles (Enterprise)
Enterprise plans support custom role definitions:
Best Practices
🔒 Least privilege: Assign minimum necessary access
👥 Separation of duties: Different people for create vs. approve
📋 Regular audits: Review access quarterly
🚪 Prompt offboarding**: Remove access same-day