You are using an unsupported browser. Please update your browser to the latest version on or before July 31, 2020.
close
Managing Roles
print icon

Console allows for creation and management of customizable permission based roles, ensuring more flexibility and internal control. Only users with the role of Admin can create, edit, or delete custom roles. 

 

In this article, we will cover the following:

Creating a custom role

 

  1. Select Settings on the left hand side of the navigation bar 
  2. Select Roles and Permissions tile

    Note: Roles and permissions page displays all editable roles that have been created, as well as non-editable, out of the box BenchPrep roles that cannot be modified.
  3. Prior to creating a new Role you can search for existing Roles and Permissions
  4. If the role you need isn't created, you can now Select Create Role button on the upper-right hand corner of the screen.

    NOTE: The Create Role button is only  available to a Console with the role of Admin.
  5. On the New Role page, fill out Name and Description* fields
    NOTE: Description field is optional, and if filled out it will appear in the Roles and Permissions page.
  6. Select Next button
  7. Select appropriate permissions from Users & Roles, Content Packages, Feature Accesses & Plans, and Settings sections.

    NOTE: Certain permissions require other permissions to be selected as well, in order for the role to be properly enabled/functional. A good rule of thumb - if the role should enable a user to perform some action (update:users), make sure they have the read permission for that resource (read:users) Reference the chart below to review these dependencies. 
    Permission(s) Need(s)
    create:users
    update:users
    impersonate:users
    deactivate:users
    activate:users
    read:user_roles
    create:user_roles
    delete:user_roles
    create:subscriptions
    read:users
    update:licenses read:users
    read:licenses
    reset:enrollments

    read:users

    read:enrollments

    create:plans read:plans
    update:plans

    read:plans

    read:content_packages*

    create:vouchers read:vouchers
    update:vouchers read vouchers
    update:content_packages read content_packages
    update:feature_access read:content packages (only needed if you want the Console user to toggle course-level feature accesses; without this permission, the user can only toggle features at the tenant level)

    *read:content_packages:In addition to the ability to view all courses within a tenant, this permission allows users to view, add and remove courses in a plan.
  8. Select Save 

Alternatively, new custom role can be set up via the Assign User button on the User page:

NOTE: If a user has the create:user_roles permission, they can assign user roles that have the same set of permissions or a sub-set of their own permissions.

Editing or deleting a custom role 

To Edit custom role, follow these steps:

  1. Select Settings on the left hand side of the navigation bar 
  2. Select Roles and Permissions tile
  3. Select role name of the role you would like to edit.  Ensure role type is Editable.
  4. Select Edit on the top section to update role name and description
  5. Select Edit in the permissions section to update the permissions
  6. Click Save.

 

NOTE: A role cannot be updated if any users are assigned the role. 

To Delete a custom role, follow these steps:

  1. Select Settings on the left hand side of the navigation bar 
  2. Select Roles and Permissions tile
  3. Select role name of the role you would like to edit.  Ensure role type is Editable
  4. In the confirmation window, select Delete to remove the role. The impacted users are not notified of their permission change at this time, but the permission change takes effect immediately.
    NOTE: If a user has the create:user_roles permission, they can assign user roles that have the same set of permissions or a sub-set of their own permissions.

Example Custom Roles

Below are a few examples of recommended permissions for Custom Roles based on their purpose in the system.

Create a test user and assign your custom role to it to ensure the role grants the proper permissions before assigning to your colleagues or clients.

Troubleshooting User Issues

If you want to grant access to Console, but only enable the user to troubleshoot issues submitted by platform users, grant the user these permissions:

  • Read:users - view all users in the tenant
  • Update:users - can resend a password reset email, as well as edit their name, email and password directly
  • Impersonate:users - can impersonate a learner’s experience to understand an issue (can also impersonate admins with a sub-set of their own permissions)
  • Read:user_roles - can view all roles assigned to users
  • Read:licenses - can view all licenses for users
  • Read:enrollments - can view all enrollments for users
     

If this user should also have the power to extend or remove a license, give them the update:licenses permission.

If this user should also have the power to reset enrollments, give them the reset:enrollments permission.

Supervising the System

If you have a user that needs to supervise operations but should not or does not need to take action like create users, modify enrollments, or manage branding, give them view-only permissions:

When creating the role, select all read actions like read:users, read:user_roles, read:plans, read:content_packages, etc.

Do not grant manage permissions (manage:branding, manage:custom_urls) as that grants both view and edit permissions.

Feedback
0 out of 0 found this helpful

scroll to top icon