Permission if a user has more than one role

Applicable Product:

  • PeopleFluent Learning

Applicable Release:

  • V21
  • 11.x


Summary:

How does permissions work if a user has more than one role, which takes precedence?
 
 
  
Keywords:

permissions, user roles, multiple user roles


Basically, the role with the highest level of access takes precedence over any additional roles. If permissions are in conflict, the primary roles' access will take precedence over the additional role.

 

Allow Additional Roles

The LMS allows assigning additional roles to a user in the User Editor. Administrators are given the option to activate or de-activate these roles in System Configuration. This strengthens the security level for some clients having stringent role level protocols as they may want to prevent lower-level administrators from assigning any particular additional role(s).

In the System Configuration screen, under the USER category, a setting named "Allow additional roles" has been added. This setting is checked by default.

In Talent Suite, access to functionality is managed per user role and each user could be assigned one and only one role. Limitation of one role per user makes assignment of role based access control harder to manage as a new role has to be created for every change in the access control when only a subset of users need the change.

The user can take on additional roles on top of his primary role. The flexibility on role assignment makes access management easier.

At the moment specification of additional roles can be done via User Editor. 

User are granted the greatest access of their roles. A typical example would be: user "Mark William" is assigned with a primary role of "Manager" and an additional role of "HR Manager". If "Manager" does not have access to "Competency Management" while "HR Manager" has, user will be granted access to "Competency Management" as a result of their association with "HR Manager" role.

Usually, "Unrestricted" level on a function would mean greater access; yet, there are a few exceptions on the Role Access Control page:

  • Following would give user more access when "No" is selected
    Show only top-level learning objects in enrolled learning modules
    Is External Question Approver
  • Following would give user more access for smaller value
    Highest Organization Level Visible
  • Following would follow primary role settings
    Sort the enrolled learning modules list by module title
    Home Page Template for This Role

unnamed__6_.png

unnamed__7_.pngunnamed__9_.pngunnamed__8_.png

unnamed__9_.png

 

This feature applies to User Data Loader and Report R109 as well. The column of the additional roles will be ignored if the option is disabled. And only primary roles will be considered in this case.

 

Note:
User can take additional roles on top of his primary role (multiple role per user). The flexibility on role assignment makes access management easier.

 

 

Was this article helpful?

1 out of 1 found this helpful