User roles and organization access in Guardey

Understanding the different roles within Guardey is important for proper organization management and security. Each role comes with specific permissions and access levels designed to balance functionality with data protection. By assigning appropriate roles to team members, organizations can maintain security while ensuring that everyone has the tools they need to succeed.

This guide will help you understand the different roles available in Guardey, their capabilities, and how they function in different organizational setups. Whether you're setting up a single organization or managing multiple entities through a reseller account, choosing the right roles is crucial for an effective security awareness program.

Standard organizational roles

Guardey has three main roles with different access levels that accommodate various responsibilities within your organization. Each role is designed to provide the right balance of functionality and security for different types of users.

Admin

The Administrator role is designed for individuals who need full oversight and control of the Guardey implementation within an organization.

Key capabilities:

• User management: Add/remove users, assign roles, and manage teams.
• Comprehensive reporting tools: Access to activity reports, engagement metrics, and completion rates.
• Organizational dashboards: Complete organizational overview and detailed analytics.
• Team statistics: Track performance, challenge completion rates, and engagement levels across all teams.
• Gamification settings: Configure game and competition settings.
• Complete organizational data access: View all data within the organization.

When to use this role: Assign the admin role to IT managers, security officers, or training coordinators who need comprehensive control over the security awareness program. This role is ideal for those responsible for the organization's overall security posture who need to make data-driven decisions about training initiatives.

Note: Regular organization admins cannot modify or view subscription plans—this requires reseller admin privileges.

How to make someone an admin

To assign admin rights to a user:

1. Go to users
2. Click view user
3. Open the settings tab
4. Enable the admin rights switch

The user will immediately gain full administrative access across the organization.

Additional admin capabilities:

Custom content management: Create, upload, and distribute custom security awareness content tailored to organizational needs and industry-specific threats, for more information view our custom content article.

Phishing simulation control: Design, schedule, and execute phishing simulation campaigns with customizable templates and difficulty levels.

Phishing campaign management & analytics: Fully manage and deploy phishing campaigns, including modifying or creating phishing templates that reflect current threat landscapes and organization-specific scenarios. Additionally, you can access comprehensive analytics such as click-through rates, user susceptibility patterns, and detailed performance reports for each campaign.

Note: Custom content management features are available with the Advanced package. Phishing simulation features are included in both the Phishing Only and Advanced packages.

Group leader

The Group leader role provides targeted administrative capabilities specifically designed for department heads and team managers who need visibility into their team's performance.

Key capabilities:

• Team statistics dashboard: Can view comprehensive statistics for their assigned team, including:
  • Individual and team completion rates.
  • Challenge performance metrics.
  • Engagement levels and participation rates.
  • Training progress tracking.
  • Gamification achievements and scores.
• Team progress monitoring: Real time insights into how team members are progressing through their security awareness training.
• Performance insights: Detailed analytics to help identify training needs and celebrate successes within their team.
• Focused reporting: Access to reports specific to their team's activities and outcomes.

When to use this role: Assign the group leader role to department managers, team leads, or supervisors who need visibility into their team's performance but don't require organization-wide access.

How to make someone a group leader

To assign a group leader to a team:

1. Go to users
2. Open groups
3. Select manage group
4. Go to the settings tab
5. Open game
6. Set the leader for the group

This user will now appear as the official group leader for gamification and team statistics.

Note: Group leaders must be members of the groups they manage. A single user can serve as a group leader for multiple groups, and each group can have multiple leaders assigned to it.

Allowing multiple users to view the same team statistics

In addition to assigning an official group leader, Guardey allows you to give multiple users access to the same team statistics. This is useful for HR, additional managers, or supervisors who require insight into team performance.

How to set this up

1. Go to users
2. Select view user
3. Enable allow team statistics

This can be done for as many users as needed and does not affect gamification roles or leaderboards.

User

The User role is the standard role for employees participating in security awareness training, designed to provide an engaging and personalized experience.

Key capabilities:

• Training challenges: Access to all assigned security awareness training content.
• Gamification features: Participate in badges, competitions, leaderboard and rewards systems.
• Personal progress tracking: View their own training history and achievements.
• Interactive learning: Engage with various training formats and scenarios.

When to use this role: This is the default role for most employees. Users can complete their assigned security awareness training, participate in gamification elements, and track their own progress.

Organization admin

In a standard Guardey environment, organization admins have complete control within their organization:

• Organizational scope: Admin access limited to their own organization only.
• Complete internal access: Full access to all data within that organization.
• Privacy boundaries: No insight into other organizations' data.
• Operational focus: Cannot modify subscription plans or billing settings.

When to use this role: This is the standard administrative role for a single organization implementation. It's ideal for companies managing their own security awareness program without the need to oversee multiple separate organizations.

Reseller admin

For resellers and managed service providers, Guardey offers enhanced administrative capabilities:

• Multi-organization access: View and manage all connected sub-organizations.
• Subscription management: Modify subscription plans for sub-organizations.
• Billing administration: Configure billing settings for all managed organizations.
• Centralized control: Manage all connected organizations from a single interface.

When to use this role: This role is designed for ressellers, or partners that need to manage multiple client organizations or subsidiaries from a central administrative account.