Assign Security Levels to Features
After you define security levels for your site, you can assign those levels to each feature in the Compliance Administrator. Security levels provide users with read-only or read/change access to each feature in Compliance. The levels assigned to one feature do not affect the levels assigned to another feature.
Security levels have a hierarchical structure, with 1 the lowest level and 10 the highest level. Assigning a level to a feature determines the lowest level needed for a user to read or read/change a feature. For instance, if you assign a security level of 5 to the read-only access for a feature, and a security level of 8 to the read/change access for the same feature, users with levels 5-10 can access and read the feature, but only users with a level of 8-10 can make changes to the feature.
Example: You want to allow Managers and higher to see users’ Learning Plans, but you only want to allow Learning Admins and higher to change users’ Learning Plans.
For the User Learning Plan Assignments page, set Read Access Only to Managers, and Read/Change Access to Learning Admins. Users with a security level of Manager or higher can see all users’ Learning Plan Assignments, but only users with a security level of Learning Admin or higher can change users’ Learning Plan Assignments.
Set the level of access for each Page under Assign Security Level to a Page or Function by selecting a level from the drop down.
The level for read/change access should not be lower than the level for read-only access, however they can be the same.
There are also some features that cannot be set to a security level equal or lower to that defined in your Demographic Delimiter settings. These features include:
- Certitude
- Certitude Review
- Completion Criteria
- Content Configuration
- Curriculum Groups
- Email - Standard Emails
- Email Notifications
- Email Notification Reports
- Equivalent Courses
- Player Logo
- Prerequisites
- Security Setup
Demographic Delimeter
The Demographic Delimiter allows you to further refine access to your Compliance site by limiting the user information others can see. If you choose to use a demographic delimiter, administrators who have a security level at or below the selected level will only have access to users with the same attribute label as the administrator.
Example: You want to allow Managers to see Compliance information only for users in their same location.
Your organization uses a Location demographic with values such as Boston, London, and Paris. Each of your employees is assigned a Location value.
Set the Security level to which delimiting applies to Manager, and set Demographic to use as a filter to Location.
Now, when users whose security level is set to Manager or lower log into Compliance, they’ll only be able to see information for users who are in the same location. In other words, a Manager with the Location value London, will only be able to see users who also have the Location value of London.
Compliance users whose security level is higher than Manager can still see all users.
Access Compliance Administrator from Percipio
Each Percipio role maps to a default Compliance role. In order for the Compliance roles to perform administrative tasks, a Percipio site admin must define security levels for each Compliance role before the user can access the Compliance admin interface and perform administrative tasks. Any Compliance role is not scoped to the audience owned by that Percipio user.
If a user with a role other than Percipio site admin needs to access the Compliance admin interface, they must:
- From the Percipio profile drop-down, select Compliance.
- From the Compliance profile drop-down, select Administrative tasks.