Article Links Introduction | Best Practices | Pre-Configured Security Roles: LMS | Pre-Configured Security Roles: Express LMS | Pre-Configured Security Roles: IMS | Pre-Configured Security Roles: IMS and LMS Combo |
INTRODUCTION
Once your organization structure has been created, you will need to identify your LMS Administrators and assign their security roles. You will need to determine what role you want them to have and where in the organization you want them to be able to exercise the privilege that you have given them.
A Security Role is made up of two things:
- Privilege
- Target
They are defined as follows:
PRIVILEGE
Privileges are the features and functions that a security role can perform. For example, print reports or import documents, videos or create quizzes and tasklists.
As an LMS or IMS Administrator you can choose to use the pre-configured security roles that are included in the system or create your own custom roles.
TARGET
The location of the organization where the administrator can exercise the privilege they have been assigned. For example, the entire organization, one or more regions, one or more sites, one or more departments or one or more teams.
Pre-configured security roles have the same target: Organization.
This means that anyone assigned to any pre-configured role can then exercise the role’s privileges for the entire organization. For example, if you assign a user the pre-configured View Reports security role, that user will be able to run reports for ALL users in your Organization.
In some cases, you will want to limit the target of a role to a specific organization unit. You can use the Copy Role feature to copy a pre-configured security role to a new target (organization unit) in your organization. For example, a team. That means if you assign a user the newly copied role, that user will only be able to run reports for users on that team.
Please refer to the Security Roles: Copy a Security Role article to learn how to copy a security role to a new target.
BEST PRACTICES
We recommend that you follow these best practices:
- The only time your should change a pre-configured security role is when a release includes a new function that requires you to enable the feature.
- Use the copy role function to copy any role to a new target.
- You may assign multiple security roles to an administrator. For example, a user can be an Admin for one region and have a View Reports role for a different region OR a user can be an Incident Manager Master for one site and an Incident Manager Admin for a different site.
- You can assign the same security role to an administrator with different targets. For example, if you have three regions, you could assign an Admin role to a user at two of the three regions OR you could assign an Incident Manager Admin role to a user at two of the three sites.
- Avoid duplicating security roles. For example, you would NOT assign a Master and Admin role to the same person with the same target.
PRE-CONFIGURED SECURITY ROLES: LMS
The LMS comes with the following EIGHT pre-configured security roles:
Master: Users assigned this role can perform all administrative functions in the LMS; including delete. As a best practice, we recommend limiting the number of Master users to one or two users.
Admin: Users assigned this role have most of the privileges of the Master EXCEPT they cannot:
- Delete: Users, organization units, activities, qualifications, requirements, completion records, and security roles
- System Menu: Access configuration and landing page
- Security Menu: Copy security roles
- Authorizations: Create and manage training authorizations
Content Developer: Users assigned this role can import and create training content
Assign Training: Users assigned this role can assign and manage training assignments, and edit users.
Credit Training: Users assigned this role can to give users credit for completing ANY activity.
Tasklist Check-Off: Users assigned this role can give users credit for completing tasklists.
Report Viewer: Users with this role can run, view, email, export and set up recurring reports.
Read Role: Users with this role will be able to view, assign, credit training and run reports on activities and qualifications in the Content Region where Convergence Training Content Libraries are stored.
Everyone: This is a role assigned to every user in the system. It establishes the base-level privileges for users to log-in, view and complete training.
As a best practice, the only time your should change a pre-configured security role is when a release includes a new function that requires you to enable the feature.
Create a custom security role when you want to change what a role can do. Refer to the Security Roles: Create a Custom Security Role article to learn how to create a custom role.
PRE-CONFIGURED SECURITY ROLES: EXPRESS LMS
The Express LMS is a basic feature LMS comes with the following FOUR pre-configured security roles:
Master: Users assigned this role can perform all administrative functions in the LMS; including delete. As a best practice, we recommend limiting the number of Master users to one or two users.
Admin: Users assigned this role have most of the privileges of the Master EXCEPT they cannot:
- Delete: Users, organization units, activities, qualifications, requirements, completion records, and security roles
- System Menu: Access configuration and landing page
Report Viewer: Users with this role can run, view, email, export and set up recurring reports.
Everyone: This is a role assigned to every user in the system. It establishes the base-level privileges for users to log-in, view and complete training.
PRE-CONFIGURED SECURITY ROLES: IMS
The IMS comes with the following THREE pre-configured security roles:
Incident Manager Master (IMS ONLY): Users assigned this role can perform the following administrative functions:
- Delete: Users, organization units, rate data and incident records
- Incidents: Report, edit, investigate, and delete incidents
- Corrective Actions: Assign and manage corrective actions
- Establishments: Configure and manage establishments
- Assets: Create, edit and delete assets
- Reports: Run, view, email, export and set up recurring reports.
- Forms: Run OSHA and MSHA forms
- Security: View, assign, unassign and copy security roles
Incident Manager Admin (IMS Only): Users assigned this role have most of the privileges of the Master EXCEPT they cannot:
- Delete: Users, organization units, rate data, assets and incident records
- Forms: Run the OSHA Form 300 Log and file or print OSHA Form 300A
- Security Menu: Unassign and copy security roles
Incident Submitter (IMS Only): This is an OPTIONAL Role. You do not have to allow users to report incidents. A user does NOT need to be assigned an Incident Submitter role to view their assigned corrective actions. Allows a user to:
- Report incidents
- View their reported incidents
- View their assigned corrective actions
- Update completion status on their corrective actions
As a best practice, the only time your should change a pre-configured security role is when a release includes a new function that requires you to enable the feature.
Create a custom security role when you want to change what a role can do. Refer to the Security Roles: Create a Custom Security Role article to learn how to create a custom role.
PRE-CONFIGURED SECURITY ROLES: IMS and LMS COMBO ROLES
The IMS comes with the following THREE pre-configured security roles:
Master LMS and IMS (COMBO ROLE): Users assigned this role can perform all the administrative functions of BOTH the Master (LMS Only) and the Incident Manager Master roles.
Admin LMS and IMS (COMBO ROLE): Users assigned this role can perform all the administrative functions of BOTH the Admin (LMS Only) and the Incident Manager Admin roles.
Everyone LMS and IMS Submitter (COMBO ROLE): Users assigned this role can perform all the user functions of BOTH the Everyone (LMS Only) and Incident Submitter (IMS Only) roles.
As a best practice, the only time your should change a pre-configured security role is when a release includes a new function that requires you to enable the feature.
Create a custom security role when you want to change what a role can do. Refer to the Security Roles: Create a Custom Security Role article to learn how to create a custom role.