Permission if a user has more than one role
Applicable Product:
- PeopleFluent Learning
Applicable Release:
- V21
- 11.x
Summary:
How does permissions work if a user has more than one role, which takes precedence?
Keywords:
permissions, user roles, multiple user roles
Basically, the role with the highest level of access takes precedence over any additional roles. If permissions are in conflict, the primary roles' access will take precedence over the additional role.
Allow Additional Roles
The LMS allows assigning additional roles to a user in the User Editor. Administrators are given the option to activate or de-activate these roles in System Configuration. This strengthens the security level for some clients having stringent role level protocols as they may want to prevent lower-level administrators from assigning any particular additional role(s).
In the System Configuration screen, under the USER category, a setting named "Allow additional roles" has been added. This setting is checked by default.
In Talent Suite, access to functionality is managed per user role and each user could be assigned one and only one role. Limitation of one role per user makes assignment of role based access control harder to manage as a new role has to be created for every change in the access control when only a subset of users need the change.
The user can take on additional roles on top of his primary role. The flexibility on role assignment makes access management easier.
At the moment specification of additional roles can be done via User Editor.
User are granted the greatest access of their roles. A typical example would be: user "Mark William" is assigned with a primary role of "Manager" and an additional role of "HR Manager". If "Manager" does not have access to "Competency Management" while "HR Manager" has, user will be granted access to "Competency Management" as a result of their association with "HR Manager" role.
Usually, "Unrestricted" level on a function would mean greater access; yet, there are a few exceptions on the Role Access Control page:
- Following would give user more access when "No" is selected
Show only top-level learning objects in enrolled learning modules
Is External Question Approver
- Following would give user more access for smaller value
Highest Organization Level Visible
- Following would follow primary role settings
Sort the enrolled learning modules list by module title
Home Page Template for This Role
This feature applies to User Data Loader and Report R109 as well. The column of the additional roles will be ignored if the option is disabled. And only primary roles will be considered in this case.
Note:
User can take additional roles on top of his primary role (multiple role per user). The flexibility on role assignment makes access management easier.