Better ability to customize role and reporting permissions
We are leveraging the learning admin roles and custom roles within Percipio to support compliance training initiatives for different functions within our organization allowing us to take a decentralized approach to compliance training.
While leveraging the roles and audiences works from an assignment perspective, Percipio does not allow for more stringent permissions to be set up when it comes to accessing analytics and training records.
For example, we need our EHS group to have access to be able to assign compliance courses/content to all users and to be able to pull data on these assignments; however, by nature of granting them access to the 'all users' audience, this also grants them access to all training records for all users - including all business content and other compliance content. Ideally, they should only be able to access analytics for the assignments they create, but they have access to all learning activity for all content for all users. Assigning them to have access only to "Compliance reports" in the role permissions 1) removes any analytics access they would have had set up in the Manager role (the employees in this role are also managers and should have access to their direct and indirect reports' learning activity in its entirety.) and 2) they would also continue to have access to compliance content assigned by others such as HR-related content like Harassment Prevention.
Comments
-
By giving them "all users" control, you are giving them the ability to give and see all users data. This is clearly by design for Percipio. So how can you limit the view on assignment reporting to only the assignments they create? This can be done now using the column-level filtering in the Assignment Reports. You can type in a value on the "Assigned by UserID" column and save that view as a template. This would become the learning admin's preferred template, and they would not use the standard assignment report.
0 -
Hello @Monica Kraft, thank you for your comment.
My primary suggestion is to establish a mechanism that separates access to what output a role can view in terms of analytics for their assigned users. This need has become even more critical following our recent migration to the Compliance Suite.
Functional users/admins are tasked with assigning content to all users. However, from a data privacy and minimization perspective, it’s essential to have the ability to limit system outputs. Functional users/admins should only be able to access analytics and reports relevant to their specific compliance functions—not the entire dataset of user training records. They should not, for instance, see irrelevant information like whether a user completed a conflict management course or other business or unrelated compliance courses. Access to analytics should strictly follow a "need-to-know" principle.
While functional users may need the ability to assign training broadly, their analytics access should be limited to data specific to their roles.
I would greatly appreciate the opportunity to discuss our scenario with your product development team. Thank you for considering this feedback.
0
