Articles in this section

Security Roles: Overview

Convergence Training Support
  • Updated
Follow

Article Links Introduction | Best Practices | Pre-Configured Security Roles: LMS | Pre-Configured Security Roles: Express LMS | Pre-Configured Security Roles: IMS | Pre-Configured Security Roles: IMS and LMS Combo |

The Express LMS is a basic feature LMS and does not include all the features of a full service LMS. The Express LMS does not include the ability to create custom security roles or copy security roles to a new target.

 

INTRODUCTION

Once your organization structure has been created, you will need to identify your LMS Administrators and assign their security roles.  You will need to determine what role you want them to have and where in the organization you want them to be able to exercise the privilege that you have given them.

A Security Role is made up of two things:

  • Privilege
  • Target

They are defined as follows:

PRIVILEGE

Privileges are the features and functions that a security role can perform. For example, print reports or import documents, videos or create quizzes and tasklists.

As an LMS or IMS Administrator you can choose to use the pre-configured security roles that are included in the system or create your own custom roles.

TARGET

The location of the organization where the administrator can exercise the privilege they have been assigned. For example, the entire organization, one or more regions, one or more sites, one or more departments or one or more teams.

Pre-configured security roles have the same target: Organization.

This means that anyone assigned to any pre-configured role can then exercise the role’s privileges for the entire organization. For example, if you assign a user the pre-configured View Reports security role, that user will be able to run reports for ALL users in your Organization.

In some cases, you will want to limit the target of a role to a specific organization unit. You can use the Copy Role feature to copy a pre-configured security role to a new target (organization unit) in your organization. For example, a team. That means if you assign a user the newly copied role, that user will only be able to run reports for users on that team.

Please refer to the Security Roles: Copy a Security Role article to learn how to copy a security role to a new target.

Back to top

 

BEST PRACTICES

We recommend that you follow these best practices:

  • The only time your should change a pre-configured security role is when a release includes a new function that requires you to enable the feature.
  • Use the copy role function to copy any role to a new target.
  • You may assign multiple security roles to an administrator. For example, a user can be an Admin for one region and have a View Reports role for a different region OR a user can be an Incident Manager Master for one site and an Incident Manager Admin for a different site.
  • You can assign the same security role to an administrator with different targets.  For example, if you have three regions, you could assign an Admin role to a user at two of the three regions OR you could assign an Incident Manager Admin role to a user at two of the three sites.
  • Avoid duplicating security roles.  For example, you would NOT assign a Master and Admin role to the same person with the same target.

Back to top

 

PRE-CONFIGURED SECURITY ROLES: LMS

The LMS comes with the following EIGHT pre-configured security roles:

Master: Users assigned this role can perform all administrative functions in the LMS; including delete. As a best practice, we recommend limiting the number of Master users to one or two users.

Admin: Users assigned this role have most of the privileges of the Master EXCEPT they cannot:

  • Delete: Users, organization units, activities, qualifications, requirements, completion records, and security roles
  • System Menu: Access configuration and landing page
  • Security Menu: Copy security roles
  • Authorizations: Create and manage training authorizations

Content Developer: Users assigned this role can import and create training content

Assign Training: Users assigned this role can assign and manage training assignments, and edit users.

Credit Training: Users assigned this role can to give users credit for completing ANY activity.

Tasklist Check-Off: Users assigned this role can give users credit for completing tasklists.

Report Viewer: Users with this role can run, view, email, export and set up recurring reports.

Read Role: Users with this role will be able to view, assign, credit training and run reports on activities and qualifications in the Shared Region where Convergence Training Content Libraries are stored. 

Everyone: This is a role assigned to every user in the system. It establishes the base-level privileges for users to log-in, view and complete training.

As a best practice, the only time your should change a pre-configured security role is when a release includes a new function that requires you to enable the feature.

Create a custom security role when you want to change what a role can do.  Refer to the Security Roles: Create a Custom Security Role  article to learn how to create a custom role.

Back to top

 

PRE-CONFIGURED SECURITY ROLES: EXPRESS LMS

The Express LMS is a basic feature LMS comes with the following FOUR pre-configured security roles:

Master: Users assigned this role can perform all administrative functions in the LMS; including delete. As a best practice, we recommend limiting the number of Master users to one or two users.

Admin: Users assigned this role have most of the privileges of the Master EXCEPT they cannot:

  • Delete: Users, organization units, activities, qualifications, requirements, completion records, and security roles
  • System Menu: Access configuration and landing page

Report Viewer: Users with this role can run, view, email, export and set up recurring reports.

Everyone: This is a role assigned to every user in the system. It establishes the base-level privileges for users to log-in, view and complete training.

Back to top

  

 

PRE-CONFIGURED SECURITY ROLES: IMS

The IMS comes with the following THREE pre-configured security roles:

Incident Manager Master (IMS ONLY): Users assigned this role can perform the following administrative functions:

  • Delete: Users, organization units, rate data and incident records
  • Incidents: Report, edit, investigate, and delete incidents
  • Corrective Actions: Assign and manage corrective actions
  • Establishments: Configure and manage establishments
  • Assets: Create, edit and delete assets
  • Reports: Run, view, email, export and set up recurring reports.
  • Forms: Run OSHA and MSHA forms
  • Security: View, assign, unassign and copy security roles

Incident Manager Admin (IMS Only): Users assigned this role have most of the privileges of the Master EXCEPT they cannot:

  • Delete: Users, organization units, rate data, assets and incident records
  • Forms: Run the OSHA Form 300 Log and file or print OSHA Form 300A
  • Security Menu: Unassign and copy security roles

Incident Submitter (IMS Only): This is an OPTIONAL Role. You do not have to allow users to report incidents.  A user does NOT need to be assigned an Incident Submitter role to view their assigned corrective actions. Allows a user to:

  • Report incidents
  • View their reported incidents
  • View their assigned corrective actions
  • Update completion status on their corrective actions

As a best practice, the only time your should change a pre-configured security role is when a release includes a new function that requires you to enable the feature.

Create a custom security role when you want to change what a role can do.  Refer to the Security Roles: Create a Custom Security Role  article to learn how to create a custom role.

Back to top

 

PRE-CONFIGURED SECURITY ROLES: IMS and LMS COMBO ROLES

The IMS comes with the following THREE pre-configured security roles:

Master LMS and IMS (COMBO ROLE): Users assigned this role can perform all the administrative functions of BOTH the Master (LMS Only) and the Incident Manager Master roles.

Admin LMS and IMS (COMBO ROLE): Users assigned this role can perform all the administrative functions of BOTH the Admin (LMS Only) and the Incident Manager Admin roles.

Everyone LMS and IMS Submitter (COMBO ROLE): Users assigned this role can perform all the user functions of BOTH the Everyone (LMS Only) and Incident Submitter (IMS Only) roles.

As a best practice, the only time your should change a pre-configured security role is when a release includes a new function that requires you to enable the feature.

Create a custom security role when you want to change what a role can do.  Refer to the Security Roles: Create a Custom Security Role article to learn how to create a custom role.

Back to top

 

Related articles