With authorisation groups you determine which features and menu items are available to users in the portal. By bundling rights into groups you can easily manage the access level of users.
Prerequisites
You need the right Admin Authorisation Groups to configure authorisation groups.
Opening authorisation groups
Go to Admin > General admin > Admin authorisation groups to open the authorisation groups overview.
Creating an authorisation group
Click New authorisation group.
Fill in the following details:
| Field name | Description | Required |
|---|---|---|
| Name | The name of the authorisation group. | Yes |
| Description | A description of the authorisation group. | No |
| Type | The type of authorisation group (see explanation below). | Yes |
| Code | The code of the authorisation group. | Yes |
Click Save.
Authorisation group types
| Type | Purpose / Description |
|---|---|
| General | Administration rights and system-wide functions (portal settings, imports, SSO, translations, forms, etc.). Rights of all other types may be included. |
| Assessor | Rights for assessing participants. |
| Teacher | Rights for teachers/instructors: participant lists, attendance tracking, assessing participants and forms. |
| Owner | Rights for owners of trainings and schedules: sessions, registrations, costs and budget management. Only visible if the right "Manage Owners" is enabled. |
| Hrm | Rights for HR staff with a broad scope across HRM departments: user management, bulk assigning certificates, approvals, annual planning. Broader than Manager. |
| Course supplier | Rights for external training providers: access to the training planner, training definitions, locations, materials and certificate definitions. |
| Manager | Rights for line managers: manage team members, approve/reject training requests, assign certificates, delegate, team dashboards. Own team members only. |
| User | Rights for end users: own profile, catalogue, trainings, certificates, registering for trainings. |
| Observer | Rights for merging data: users, authorisations, certificates, trainings, waiting rooms and CVs. |
| Praticementor | Rights for coaches supporting practical assignments: viewing participants, viewing/adding forms, access to profile tabs of participants. |
| Reporter | Rights for reporting: all reporting modules (users, trainings, certificates, knowledge & skills, digital content, forms, custom reports). Configurable per department via the Reports tab. |
| Project leader | Rights for managing projects/teams: My Projects, project details, roles, members, required certificates and knowledge & skills, project matrix. |
Good to know
- The type is set when the authorisation group is created and cannot be changed afterwards.
- Only the types User, Manager, Hrm, Teacher, Course supplier and Reporter support the Default option (new users are then automatically assigned to that group).
- You can add rights of other types to an authorisation group — the type mainly determines the default available rights and role-specific functionality.
- Do not assign too many authorisation groups to a single user. Rights from all assigned groups are cumulative, which means a user may unintentionally receive too many rights or conflicting roles. This can lead to unexpected behaviour, for example when someone is both a Manager (own team only) and an Hrm user (broad scope). Keep it manageable and only assign the authorisation groups that are actually needed.
Assigning rights
- Open the authorisation group.
- Review the list of available rights, grouped by category.
- Tick the rights you want to assign to this group.
- Click Save.
The rights are organised in categories such as:
- Admin — Access to admin settings and configuration.
- Reports — Access to reports and overviews.
- Training — Rights for training and registration management.
- User — Rights for the user's own profile.
Assigning an authorisation group to users
Authorisation groups are assigned via the user profile:
- Open the user profile via Actions > Actions > Search User.
- Go to the Details tab.
- Click Authorisation group at the bottom of the page.
- Select the desired authorisation group.
- Click Save.
Note: Changes to authorisation groups take effect upon the next login. Carefully check which rights you assign, especially for admin and reporting rights.
Two-factor authentication and authorisation groups
When the administrator has enabled the setting Force use of 2FA via the portal settings, this applies to all authorisation groups. When editing an authorisation group you can see whether 2FA is enforced for the users in this group.
Read more about 2FA in [Setting up two-factor authentication].
Frequently asked questions
Can a user have multiple authorisation groups?
Yes, a user can be assigned to multiple authorisation groups. The rights are cumulative: the user receives all rights from all assigned groups.
What happens if I remove a right from a group?
Users who only had that right via this group will lose access to the corresponding feature. Users who also have the right via another group will retain access.
Where can I find an overview of all available rights?
A complete overview of all rights and their descriptions can be found in the article Overview.