Secure Controls and Their Incidents

In a Deploy Controls: Control Security Assignment page, grant access to the controls you're deploying. You're automatically their owner, but you can authorize other users as owners, editors, or viewers. Or you can select user groups.

For transaction controls, you can select only users assigned the business objects that supply data to the models you're deploying as controls, or groups whose members are assigned these objects. This limitation doesn't apply to access controls.

If you selected Incident as the result type in the Details page, use a Deploy Controls: Result Security Assignment page to grant access to the incidents generated by the controls. Again, you're automatically their owner, but you can authorize other users as incident owners, editors, or viewers, or select user groups. Business-object security doesn't apply to incidents. You can select any eligible users or groups.

You can't assign result security for a control whose result type is Data set, since it doesn't generate incidents for result investigators to review.