LMS365 roles and permissions

Introduction

Before people can consume, create, and manage training in LMS365, they need the appropriate permissions. 

Permissions in LMS365 derive from seven roles in LMS365, and two roles in Microsoft 365 that also have access to a set of permissions in LMS365.

LMS365 includes a matrix for roles and permissions that allows you to delegate the exact permissions required for each role. The roles and permissions matrix is available as an attachment at the bottom of this article.

In this article, we will provide an overview of the different roles and permissions in LMS365 and show how the LMS365 roles are granted to people from the LMS365 Admin Center. You will also learn which roles you should grant to which people in your organization.

 

NOTE   

If the management of LMS365 is switching hands in your organization, please work with your predecessor or your internal IT global admin to provide you with administrative access. LMS365 is hosted in your Microsoft 365 environment, so LMS365 can't make changes to your instance of LMS365.

 

Read the article or watch the video (more details are included in the article).

 

Roles in LMS365 from Microsoft 365

Currently, there are two Microsoft 365 roles with their own capabilities and permissions that LMS365 understands but has no control overMicrosoft 365 global admin and SharePoint admin.

 

Microsoft 365 global admin

The Microsoft 365 global admin role is required to install the LMS365 app. After installation, the Microsoft 365 global admin will have access to the global settings of LMS365. Granting this role gives the user permissions to:

The Microsoft 365 global admin can't automatically configure the settings of individual course catalogs because this is a permission given to catalog admins. If a Microsoft 365 global admin wishes to do so, they can grant these permissions to themselves from the global settings of LMS365. 

The Microsoft 365 global admin role is granted via the Microsoft 365 admin center to internal users. You can find more information on this in Microsoft’s documentation.

 

image_158.png

The view of the LMS365 Admin Center for the Microsoft 365 global admin.

 

SharePoint admin

Given the permissions of the SharePoint admin in SharePoint, the SharePoint admin has access to the global settings of LMS365. Granting this role gives the user permissions to:

The SharePoint admin can't automatically configure the settings of individual course catalogs because this is a permission given to catalog admins. If a SharePoint admin wishes to do so, they can grant these permissions to themselves from the global settings of LMS365. 

You can find more information about the SharePoint admin role here.

 

Teams_view_of_the_LMS365_Admin_Center.png

The view of the LMS365 Admin Center via Teams for the SharePoint admin.

 

Roles in LMS365

The following roles have their own capabilities and permissions in LMS365:

 

LMS admin

The LMS admin is the role in LMS365 with the widest set of permissions. Once LMS365 is installed, and one or more course catalogs are created, the LMS365 admin role is all you need to manage your LMS365 global settings.

If you need people in your organization to administer the global settings of LMS365, you should grant them this role. Please note that only internal LMS365 users can be granted this role.

In LMS365, the LMS admin can:

The LMS admin can't immediately configure the settings of individual course catalogs because this process would require an additional permission that is granted to catalog admins. If an LMS admin wants this permission, they can grant it to themselves from the global settings of LMS365. 

Please note that either the Microsoft 365 global admin or SharePoint admin role is required to create a new course catalog because creating a new course catalog also creates a SharePoint site collection. To create a SharePoint site collection, the Microsoft 365 global admin or SharePoint admin role is required.

The LMS admin role can be granted by a Microsoft 365 global admin, a SharePoint admin, or another LMS admin via the LMS365 Admin Center > Global Settings > LMS Administrators.

 

LMS_admin_view_in_teams.png

The view of the LMS365 Admin Center via Teams for the LMS admin.

 

Catalog admin

The catalog admin role gives a person almost full control over a course catalog. This role is necessary for people to configure course catalog settings, and to manage training and learners in a course catalog. Therefore, you should grant this role to people who will be performing these tasks. This role can be granted to both internal and external users.

Catalog admins are automatically added to the SharePoint site Owners group of the course catalog. This gives them the Full Control permission level over the SharePoint course catalog site. Each permission level in SharePoint has a set of permissions associated with it, based on the intended roles and tasks for that level. As a result, the catalog admin on the SharePoint site collection has full access and control of site content, can manage site permissions, settings, appearance, and much more. The complete list of the permissions of the SharePoint site Owners group can be found in this Microsoft documentation article.

 

In the LMS365 Admin Center, the catalog admin can: 

  • Configure course catalog settings and branding, including the course catalog title, site URL, and site template.
  • Create and manage courses and training plans in their own course catalogs.
  • Add or remove course admins.
  • Manage all learners and their training records, including the upload of learners' external training.
  • Manage enrollment approval workflows and waiting lists.
  • Manage content and course catalog content libraries, including quizzes of their own course catalogs, all question pools, and content packages shared with the current course catalog and courses from this course catalog.
  • Manage and create certificate templates, course categories, tags, notifications, and the Skills Framework.
  • Manage and configure course catalog configuration settings, including ratings, course session displays, regional settings, and the default training banner image.

 

NOTE   

The catalog admin can access the LMS365 Admin Center to manage their course catalogs but can't access the global settings of LMS365. Therefore, catalog admins who don't have a permission set above this role in LMS365 won't see the LMS365 Admin Center > Global Settings menu item.

 

The catalog admin role is granted by a Microsoft 365 global admin, a SharePoint admin, or an LMS admin from the global settings of the LMS365 Admin Center.

 

Catalog_admin_view.png

The view of the LMS365 Admin Center via Teams for the catalog admin.

 

Course admin

The course admin role enables people to manage a course or training plan. Grant this role to people who will be responsible for managing or creating content for one or more specific courses or training plans. This role can be granted to both internal and external users.

Access to the course catalog or course home page depends on whether the course admin is added to the Users list in the LMS365 Admin Center:

  • If the course admin is added to the Users list in the LMS365 Admin Center, this course admin is automatically added to the SharePoint site Visitors group of the course catalog and the Administrators group of the relevant course or training plan on the training page in SharePoint. As a result, the Visitors group gives the course or training plan admin the Read permissions level in the SharePoint course catalog site, meaning this user can view the site content of the whole course catalog. Being in the Administrators group enables them to view and manage the course or training plan from the training home page, meaning they see the Course or Training Plan Management action link and can select it.

More information about the default SharePoint site groups can be found in this Microsoft documentation article.

  • If the course admin isn't added to the Users list in the LMS365 Admin Center but is added to a specific course or training plan as a course or training plan admin respectively, they won't be added to the Visitors group of the course catalog, but they will be added to the Administrators group in the SharePoint training page with Read permissions. This enables course admins to view and manage (meaning they see the Course or Training Plan Management action link and can select it) only the relevant course or training plan, without being able to view the content of the whole course catalog.

The course admin can: 

  • Manage their own courses and training plans, including the course content, general configuration and administration, due date and completion requirements, recertification, waiting list, and enrollment rules.
  • Add or remove course admins and learners of their own courses and training plans.
  • Manage quizzes and question pools in the course catalog of their own courses and training plans, and access content packages that are shared with their own courses from this course catalog.
  • Create and manage sessions for instructor-led training.
  • Manage the progress and records of learners of their own courses and training plans. 
  • Create course-specific reports.

The course admin role is granted by the catalog admin from the specific course or training plan, either when creating a course (e-Learning, Instructor-Led Training) or training plan, or when editing it.

 

Course_admin_view.png

The view of the LMS365 Admin Center via Teams for the course admin.

 

Line manager

The line manager role is automatically assigned to users who manage other employees or teams. This manager-employee relationship has to be configured internally by your IT department within Azure Active Directory. 

From the LMS365 Line Manager Dashboard, the line manager can: 

  • View and export the overall training activity progress of all their subordinates.
  • View and download the transcript of an individual subordinate.
  • View and download the learning progress of an individual subordinate.
  • Approve or reject subordinates' enrollment requests in courses and training plans with the Line Manager Approval enrollment flow.
  • Enroll and unenroll subordinates in courses and training plans.
  • Download certificates.
  • Import external training.
  • Grant and revoke skills.

From the Overview section of My Training Dashboard under My Team's Training Status, the line manager can track the overall progress of their subordinates, as well as the progress of individual team members. 

 

LMS365_Line_manager_dashboard.png

The view of the LMS365 Line Manager Dashboard.

 

Instructor

The instructor role can be given for instructor-led training when an instructor is assigned to one or more specific sessions for which this person will be an instructor. This role can be granted to both internal and external users.

In the LMS365 Admin Center, the instructor can:

  • Manage attendance in their own course session(s).
  • Print attendance sheets.
  • Send email messages to learners in their own course session(s).

Access to the course catalog or course home page depends on whether the instructor is added to the Users list in the LMS365 Admin Center:

  • If the instructor is added to the Users list in the LMS365 Admin Center, this session instructor is automatically added to the SharePoint site Visitors group of the course catalog in SharePoint. Each permission level in SharePoint has a set of permissions associated with it, based on the intended roles and tasks for that level. As a result, the Visitors group gives the instructor the Read permissions level in the SharePoint course catalog site collection, meaning this instructor can view the site content of the whole course catalog.

More information about the SharePoint site groups can be found in this Microsoft documentation article.

  • If the instructor isn't added to the Users list in the LMS365 Admin Center but is added to a specific course as a session instructor, they aren't automatically added to any of the SharePoint groups of the course catalog. As a result, the instructor may encounter the access denied message while trying to access the course catalog and course home page. We recommend you add users to the Users list before adding them as instructors to courses.

 

image_11.png

The view of the LMS365 Admin Center for the session instructor.

 

Supervisor

The supervisor role should be given to the people who will be responsible for evaluating learners' performance in assessments. This role can be granted to both internal and external users.

The supervisor role will have no access to manage courses but will be able to see the list of assessments they need to approve and approve them from the Overview section of My Training Dashboard

For more information on the supervisor's role in recording assessments, see this article.

Access to the course catalog or course home page depends on whether the user is added to the Users list in the LMS365 Admin Center:

  • If the supervisor is added to the to the Users list in the LMS365 Admin Center, this supervisor is automatically added to the SharePoint site Visitors group of the course catalog in SharePoint. The Visitors group gives the user the Read permissions level in the SharePoint course catalog site collection, meaning this supervisor can view the site content of the whole course catalog. 

More information about the SharePoint site groups can be found in this Microsoft documentation article.

  • If the supervisor isn't added to the Users list in the LMS365 Admin Center but is added to a specific course as a supervisor, they aren't automatically added to any of the SharePoint groups of the course catalog. As a result, the supervisor may encounter the access denied while trying to access the course catalog and course home page. We recommend you add users to the Users list before adding them as supervisors to courses.

Learner

The learner role should be given to the people who will attend training in LMS365. A learner can be assigned specific training, or they can self-enroll in courses or training plans of interest. This role can be granted to both internal and external users.

A learner can:

  • Access, pass, and complete courses and training plans that they are enrolled in.
  • Enroll or apply for enrollment in available training.
  • Access My Training Dashboard.
  • Download personal transcripts and certificates.

Users can be given the learner role for specific courses or training plans. This would mean they will have access to these courses and training plans only, and they won't be able to access the course catalog home page or any other available training in the course catalog.

We recommend you add all employees to the Users list before enrolling them in respective courses or training plans. Being added to the Users list means this learner is automatically added to the SharePoint site Visitors group of the course catalog in SharePoint. As a result, the Visitors group gives the learner the Read permissions level in the SharePoint course catalog site, enabling access to view all course and training plan home pages in the course catalog, and prevent users from encountering the access denied message from SharePoint when they navigate around the course catalog. 

 

If you want to ensure specific training can be accessed only by certain users of the course catalog, you can use training audience and course targeting.

The course catalog admin can give users the learner role in a course catalog from the Users page of the course catalog. Here, the course catalog admin selects + Add or Invite User(s) to either add the specific users they want to invite, or add one or more Azure Active Directory or Microsoft 365 groups and invite all members of these groups to the course catalog at the same time.

 

Absence of synchronization with SharePoint groups

It isn't enough to add users to the SharePoint Learner group on the course catalog, or the course or training plan site, to assign them the learner role. This action only gives users SharePoint permissions on the SharePoint site. It doesn't give them any LMS365 learner permissions.

The best way to assign the necessary roles to users is to add them via LMS365.

When you want to remove a learner role from a user, it isn't enough to delete the user from the SharePoint Learner group because this action only removes the user's permissions on the SharePoint site. You will also need to unenroll the user via LMS365.

 

NOTE   

Synchronization is also absent for other roles.

 

LMS365 roles and permissions matrix

Select the LMS365RolesAndPermissions.xlsx at the bottom of this article to open the LMS365 roles and permissions matrix.

 

Was this article helpful?
11 out of 12 found this helpful

Comments

Article is closed for comments.