Configuring Permissions

Overview

Permissions in Skills Base are controlled via a combination of Security Group Privileges and (optionally) Team membership.

Security Groups

Security Groups define the privileges that a person is granted. These privileges include the ability to view, edit and delete different record types, and the ability to access parts of the system. Anyone that can log in to Skills Base must be assigned a Security Group, and a person can only have one Security Group at any one time.

By default Skills Base comes with the following pre-defined Security Groups for convenience:

  1. Administrator - Members of this group will have unrestricted access to all features, data and privileges across your instance.
  2. Supervisor - This group is pre-configured to provide members access to conduct supervisor assessments of people within their team (including subteams).
  3. General Staff - This group has been pre-configured to allow members to view all data in the system without the ability to make changes or assess other people.

All Security Groups are configured to allow self-assessments to be undertaken.

Modifying Security Groups

Administrators have the ability to not only edit the pre-defined Security Groups, but to also create new ones. There is no limit to the number of Security Groups you can have, although the fewer there are the less overhead there will be in managing them.

Note that the "Administrator" Security Group permanently has full access and cannot be edited or deleted.

To add or edit a Security Group, you must be a member of the "Administrator" Security Group.

Editing a Security Group

  1. Click the [Administration > Security Groups] menu item
  2. Click the "Edit" button corresponding to the desired Security Group
  3. Make the required changes and click "Save"

Creating a new Security Group

  1. Click the [Administration > Security Groups] menu item
  2. Click the "Add a new Security Group" button
  3. Provide a name, and optionally a description
  4. Set the desired privileges
  5. Click "Save"

Copying an existing Security Group

  1. Click the [Administration > Security Groups] menu item
  2. Click the downward facing arrow next to the "Edit" button on the corresponding Security Group that you would like to copy
  3. Click "Copy"
  4. Update the name, and optionally the description
  5. Make the required permission changes and click "Save"

Granting a person access to a team that they are not a member of

The easiest and recommended way to grant people access to a team is to simply make them a member of that team. To do this you can either drag people into the desired team via the Team Directory Tree view, or you can edit the person's record and set the desired team in their "Team" field.

If a person requires access to multiple teams, the easiest way to achieve that is to simply make them a member of a parent team that includes the desired teams as subteams.

However, sometimes it is not desireable to make a person a member of a parent team, or to have certain teams under the same parent team (one reason could be reporting requirements).  In that case, Skills Base provides the ability to grant specific people access to specific teams.  That way a person's privileges will apply not only to the team that they are a member of, but also specific discreet teams that you grant them access to.  To do this:

  1. Edit the team you wish to grant the person access to
  2. In the "Additional people granted access" section click "Add a person"
  3. Click "Add" button in the list corresponding to the person you wish to grant access
  4. Save the team.

Auditing Permissions

Permissions can be audited in four ways:

  1. By editing a Security Group and reviewing the granted privileges
  2. By Temporarily assuming a different Security Group
  3. By running the "Permissions Audit" report [Reporting > Reports > Permissions Audit] for teams. This will show a list of all teams in the system along with all of the people that have permissions relating to them.
  4. By running the "Permissions Audit" report [Reporting > Reports > Permissions Audit] for a specific person. This will show the privileges a person has in relation to each team in the system.