Governance & records
Granular Access Governance
Not one "admin" switch — 181 duties you grant exactly, to exactly who needs them.
Control access at the level a government audit expects: a catalog of 181 individual duties, each tied to a module and a function, granted or revoked by group or by individual. Turn on per-tenant strict mode and access is denied by default — staff get only the duties someone deliberately granted, and you can prove it.
The challenge
Most software gives you "admin" and "not admin," so the clerk who needs to record one payment ends up with the keys to the whole building. When the auditor asks who could approve a purchase order, or who could see HR records, the honest answer is "anyone we made an admin" — which is everyone, eventually.
In practice
Exactly the duties, exactly the people
A new clerk joins the utility office. Instead of making her an admin, the IT lead grants her group the duties that office actually needs — record a payment, look up an account, issue a statement — and nothing else. She can't touch purchasing approvals or personnel records, because no one granted those duties to her group, and in strict mode anything not granted is denied.
Months later the county turns on a new module and the auditor asks who can approve disbursements. The answer isn't a guess: it's the list of people whose group or individual grant includes that one duty. Separation of duties — request versus approve, record versus reconcile — is enforced because the duties are separate things you hand out on purpose, not a single admin flag.
What it does
- 01
A catalog of 181 duties
Every module-and-function pairing is its own duty — record a payment, approve a PO, view HR records — not a blunt admin role.
- 02
Grant by group or by person
Bundle duties onto a group everyone in an office shares, or grant a single duty to one individual when that's all they need.
- 03
Strict mode: deny by default
Turn on per-tenant strict mode and anything not explicitly granted is denied — the safe default an audit expects.
- 04
Separation of duties, enforced
Because request and approve are separate duties, no one person holds both by accident — the control is structural, not a policy memo.
- 05
An answer for the auditor
"Who can approve a disbursement?" is a query, not a guess — the list is exactly who holds that duty.
- 06
Revoke as cleanly as you grant
Pull a duty from a group or a person and the access is gone everywhere it applied — no orphaned permissions left behind.
How it works
Start from the duty catalog
Browse the 181 duties, each tied to a module and a function, and decide which an office or person needs.
Build groups, grant duties
Assemble the duties an office shares into a group, or grant a single duty to one individual.
Turn on strict mode
Enable per-tenant strict mode so anything not granted is denied by default.
Prove it on demand
When the audit asks who can do what, answer from the grants instead of from memory.
English and Spanish
Bilingual by design
Access governance is a staff and IT control surface — an internal tool, English-first for the administrators who manage it. Its payoff reaches the public indirectly: the duties that gate who can publish to the website, send an alert, or release a record protect the integrity of everything residents see in both languages.
CiVQ AI — included in every package
CiVQ AI: spot the access that shouldn't be there
CiVQ AI can review who holds which duties and flag the combinations that break separation of duties — the person who can both request and approve — so the IT lead fixes it before the auditor finds it. Recommendations only; the grant and the revoke are always a human decision.
Works better together
Get started
See CiVQ in your language.
Book a 30-minute walkthrough with our team in Rio Grande City. We'll tailor it to your city, county, or district.
Bilingual support included at every tier.