Best Answer

Is it possible to have Power Users view all courses but only edit their assigned courses?

  • 23 November 2021
  • 16 replies
  • 600 views

Userlevel 3
Badge

Hi all!

New to posting but have been lurking for a couple months. We have several Power Users who want to be able to see what everyone is doing globally. Ideally they would like to edit their own courses (assigned to them by location), but also view everyone else’s. Is this possible? 

icon

Best answer by Adam Ballhaussen 24 November 2021, 03:29

View original

16 replies

Userlevel 7
Badge +1

@karilynnrussell as far as I know it’s not possible to set different PU permissions for different courses, but will be interested to see what others have to say.

On the other hand, in most cases it should be enough to ask them not to mess with courses created by others.

You can restrict PUs from deleting courses, so they won’t accidentally destroy someone else’s (or even their own) work.

On our platform only Super Admins can delete courses, as we want to keep the records, and rather retire old content.

Userlevel 7
Badge +3

Hey @karilynnrussell, I love seeing long-time lurkers become first-time posters. Welcome to our community! 🙂 I hope to see more of you around here.

 

The best way to achieve what you’re after here would be to use a Custom Selection of Courses, Learning Plans, and Categories when assigning resources to your Power Users.

 

To do this, navigate to ⚙️ Admin Menu > Power Users > Select one or multiple Power Users > Select Assign Resources > Select Courses and Learning > Select Custom Selection. This option will allow you to select any individual Courses, Learning Plans, or Categories that you’d like your Power Users to have the ability to edit (as long as they have a PU profile with Edit permissions).

 

Using Custom Selection for assigning Courses & Learning Plans gives you more flexibility to control your PU permissions​​

 

Your Power Users will be able to edit any resources you select via this custom selection (from either the course itself or from the Course Management page). You can then freely assign visibility to or enroll these Power Users into additional courses and learning plans which they will not be able to edit.

 

Here are a few resources that can help as you think more through your Power User strategy:


Lastly, as @alekwo mentioned, another good option here could be to give you Power Users more permissions. This can often make it easier for you as the administrator, as you’ll have less to manage when it comes to assigning profiles & resources. With great power, though, comes great responsibility, so it’s always a good idea to make sure that your Power Users are trained and knowledgeable enough to be trusted with greater permissions. There are some great tips on keeping Power Users & Superadmins in check in the post started by @Dahveed that I’ve shared below. I encourage you to give it a read and chime in if you have more questions for that group of experts.

 

 

I hope this helps! Please let us know if you have any more questions.

Userlevel 3
Badge

Thank you so much, Adam! 

“Your Power Users will be able to edit any resources you select via this custom selection (from either the course itself or from the Course Management page). You can then freely assign visibility to or enroll these Power Users into additional courses and learning plans which they will not be able to edit.”

 

Can you elaborate on what you mean by “freely assign visibility”? I’m still a bit lost on how to assign visibility to courses when the Power User has full permission for a certain Category (for example). They seem to have that full permission for all courses that are assigned to them. How do I differentiate? 

Userlevel 7
Badge +3

Sure thing @karilynnrussell. By “freely assign visibility”, I mean that you could give these Power Users visibility to courses not assigned to them as resources in Power User Management. Course visibility is set via catalogs. Assigning a user visibility of a catalog will ensure that the user has visibility of all Courses and Learning Plans within that catalog (assuming that the Learning Plan Settings are set to Show this learning plan in the course catalog). 

 

The permissions and resources you assign to the Power User will trump whatever course/learning plan visibility and enrollment settings you configure for the user. If your Power User is assigned a profile that includes Edit permissions for courses, then that Power User will be able to view and edit any courses you select via the custom selection when assigning resources. Any courses not selected when assigning resources that the user is subsequently either enrolled into or has visibility of via catalog would be visible to the user, but the user wouldn’t be able to edit those courses.

 

The following Knowledge Articles might also help you better understand how Catalogs and Enrollments function:

Please feel free to continue asking questions if things still aren’t clicking. I’m confident we can crack this one!

Userlevel 6
Badge +3

We ran into this issue as well.  We want our Power Users to be able to see our courses and enroll their staff into those courses.  We also have some Power Users that create courses that are accessible only to their branch of users.  For this, we have to allow them the ability to create/edit courses.  However, we do NOT want them to be able to edit our courses. 

We were told that we may be able to achieve this down the road when we are able to assign different resources to different PU profiles on a user’s account (allow them to enroll users into one set of courses with one profile, but not edit courses, then have another set of courses that they are allowed to edit based on another profile).

To achieve this goal currently, we had to set up secondary logins for those users that are creating their own content (again, these courses are only for their own branch of users and would never be visible to any other branches).  We have them use the second login for creating those courses, but use their main login for everything else.  This is certainly not ideal, but we only have a handful of users that need this ability at this time.  However, we hope to expand this option to much more of our client base but have hesitated to do so, hoping there will be a more viable solution soon.

Userlevel 5
Badge +2

@sjennings78  We have a very similar setup. We need the PU to be able to enroll the users in courses that they otherwise have zero editing ability on. While still being able to edit or create courses in their own branch.

@Adam Ballhaussen  Are you saying that the PU can enroll users into the course if they can get to it in the catalog?

Userlevel 7
Badge +3

@lhubbard in the post above, I was explaining that Power Users can enroll users into any courses that they are assigned as resources on the Power User Profile. A Power User can be assigned multiple profiles. Their resulting permissions will be a culmination of all permissions set across all profiles. However, they can only be assigned a single set of resources. So in the scenario you described, there is not currently a way to allow a single Power User to have Course Edit/Create permissions on some courses while simultaneously having Enrollment Edit permissions on other courses.

 

List of all possible Resource Types a PU can be assigned:

  • Users
  • Groups
  • Branches
  • Courses & Learning Plans
  • Catalogs
  • Locations

 

The alternative solution that @sjennings78 has devised is likely the best way to achieve the desired behavior.

 

I want to bring the following idea shared by @Jessica Overby to your attention:

 

 

You’ll notice that the idea is currently closed due to a number of technical obstacles identified by our product team. We do not plan to deliver this functionality, but I encourage you to vote on the idea and share your use case nonetheless. It will help our product team as they continue to prioritize and seek to better understand what our customers need when it comes to Power Users.

Userlevel 7
Badge +7

Interesting thread however when managing access for PU’s in sub domains, for example, trying to manage course edit access via Custom Resources is just not sustainable.

It would be so much easier to manage if at the catalogue level, we could determine whether they have view & edit rights, or just view, etc.

As well, how do manage this as new courses and LP’s are added to the system? You would need to update the PU settings almost daily.

@Adam Ballhaussen does what you describe above also work with users? ex: assigning users vs. branches? If I want to provide a PU with view access to 1 set of branches but also want to give them edit access to only the branch they reside it. Ex: that PU creates courses that are consumed by all users on the platform however when they run reports, they can only see the users assigned to them under Resources. If I add all users, they would be able to edit all users - not desirable at all for us.

Userlevel 3
Badge

I’m revisiting this old thread with a new idea. I’m not sure if this will ping everyone so I’m tagging. @lrnlab @Adam Ballhaussen @alekwo   

With Power Users getting the ability to log in as another user, is this a good way to resolve our access issues? @sjennings78 mentioned using secondary logins as their solution. We haven’t been able to do that because we have a SSO login. But if we could create a secondary profile for reporting and the Power User would go to that profile and “log in as this user”, then it might work.

What do you think? Could it work? 

Userlevel 7
Badge +3

@karilynnrussell the update to Power User permissions coming out this week in the April release only allows Power Users to impersonate normal users in Docebo Learn, not other Power Users. Superadmins are still the only users who can impersonate other Power Users.

 

I really like your idea for a workaround, but I wonder if it would be a cleaner and more elgegant solution to focus on allowing users to be assigned permissions specific to different sets of resources rather than multiple permissions for a single set of resources.

 

What do you think?

 

For reference you can find a full list of Power User permissions in this knowledge article.

Userlevel 7
Badge +7

I really like your idea for a workaround, but I wonder if it would be a cleaner and more elgegant solution to focus on allowing users to be assigned permissions specific to different sets of resources rather than multiple permissions for a single set of resources.

 

What do you think?

 

For reference you can find a full list of Power User permissions in this knowledge article.

Hi @Adam Ballhaussen think what you describe is what we need….had a read through the section, “Notes on Assigning Resources” but not sure I understand it completely (may be the way it’s written)

Essentially we need a power user to be able to have different permission levels for different resources.

For example: PU1 has access to view & edit all courses in Catalogue A, but can only view courses in Catalogue B. The same could be said for other areas like users.

This is especially useful when using sub domains since the same PU who has access to view & edit their own courses can also view and edit courses they need access to assign or buy for their users but where those courses/catalogues are owned or managed by them.

Today, when we add this access, the PU permissions have no concept of being able to segregate different access for the same resource types; we tried this initially when we were able to assign multiple PU roles to a single PU but that only gave them the same permissions across the board even though one role was a “View only” and the other had edit privileges.

Not sure if this makes sense for you...I still need to create a more detailed document to share with you on this regard. If it makes more sense for me to provide some use cases you can work on and let me know what would be do-able, let me know. Thanks.

Userlevel 3
Badge

@karilynnrussell the update to Power User permissions coming out this week in the April release only allows Power Users to impersonate normal users in Docebo Learn, not other Power Users. Superadmins are still the only users who can impersonate other Power Users.

 

I really like your idea for a workaround, but I wonder if it would be a cleaner and more elgegant solution to focus on allowing users to be assigned permissions specific to different sets of resources rather than multiple permissions for a single set of resources.

 

What do you think?

 

For reference you can find a full list of Power User permissions in this knowledge article.

Hi Adam,

Yes, this would solve a LOT of access issues for us. We have global courses that Power Users need to be able to report on, drive engagement for, etc. BUT there are several things like editing the courses that have been problematic in giving them too much permission. If we could give full editing access to their courses, but then just reporting access for our global courses that would be very helpful. This is just one example, but I know this would be helpful in a variety of ways. 

Userlevel 4

So it sounds like I am not able to provide my PUs with the tools they need to both:

  1. Build, edit and manage certain courses they own (as a resource)
  2. AND also be able to run reports on all courses within a catalog but not edit the additional courses.

Is this true? 😯
If not, please tell me how to set up multiple profiles / variable permissions.

Userlevel 7
Badge +7

HI @susan2000 at the moment, yes...the only way to get around this would be to assign the same PU multiple PU accounts, each with its own set of permissions. Certainly not ideal.

Userlevel 4

@lrnlab I thought about that, but unfortunately, we use SSO and SecOps won’t allow it. 
Thanks for thinking creatively! ;)

Userlevel 4
Badge

@Adam Ballhaussen - is there any fix in the works for this? We have PUs with two profiles so they can manager their content and then assign our content. This gets really confusing to them when it comes to managing assignments and reporting. They are increasingly frustrated and angry and we end up having to manage their work for them. 

Reply