Employee Training Management for Office 365 – Configure Permissions

Applies to: Employee Training Management for Office 365/SharePoint online

The following article should help you understand how permissions can be configured in an Employee Training Management site.

In this article:

As in any other SharePoint site, your SharePoint administrator controls what users can see and what they can change.

So let me first explain how SharePoint handles permissions in general. If you are already familiar with this concept, please skip the next section and continue with Permissions in an Employee Training Management site.

Understanding permissions in SharePoint

Permissions inheritance

An important concept to understand is permissions inheritance.

A site collection can have multiple sites, a site can have multiple lists or libraries, a list or library can have multiple items or files. A list or library can also have sub folders containing items or files or other folders.

By default, all the sites, lists, folders, files and items in a site collection inherit the permissions settings of their parents, but you can stop permissions inheritance and change permissions settings on all levels. Permissions can be changed directly on a specific site, list, folder, file or item.

SharePoint Groups

A SharePoint group is a set of users or AD groups. You can assign specific permissions to a SharePoint group at any level (site, list, item …). By default every SharePoint site has the Owners, Members, and Visitors group. Visitors can read, Members can edit and Owner have full access on the site and all the inheriting objects below.

Permission Levels

Permission levels bundle permissions. By default, every site has default permission levels like Read, Contribute, Edit, Design, etc. with specific permissions like View Items, Add Items, Edit Items, etc. You can view the available permissions level and the included permissions if you open site settings, Users and Permissions/Site permissions/Permission Levels.

It’s also possible to create custom permission levels in the root site of your site collection.

Permission levels can be assigned to SharePoint groups or users at a specific level (site, list, item, …).

To learn more about permissions in SharePoint, please read the following: https://docs.microsoft.com/en-us/sharepoint/understanding-permission-levels

Permissions in an Employee Training Management site

As in any SharePoint site, administrators can also configure permissions in an Employee Training Management site. By default, permissions are configured as described below. If you have different requirements, please feel free to set permissions differently.

Site, List and Item permissions

By default all SharePoint groups (members, visitors and owners) have their default permission level assigned on the site level and all lists and items below. This means visitors can view everything, members can in addition create, change and delete items and owners have full access.

Site permissions

Enrollments and Achievements list

In the enrollments and the achievements list all users also have the permission to add items. The list has unique permission (broken permission inheritance) and the visitors group also has the Contribute permission level. This is necessary to allow visitors to enroll themselves in topics and scheduled training events and to allow them to add their own achievemetns.

The members group also has a custom permission level called ViewAllEnrollments assigned in both lists. This permission level includes ‘Override List Behaviors’ and is required to make sure members can view all enrollments and achievements if ‘Item Level Permissions’ are configured in the enrollments and achievements list (see Item-level Permissions for more details).

Site permissions

If you want to allow visitors to create enrollments and achievements, but not to delete them, please create your own permission level and assign it to the visitors group instead of the Contribute permission level.

For Organizers page

The ‘For Organizers’ page also has unique permissions and the visitors group doesn’t have permissions there. This means that members of the visitors group don’t see the ‘For Organizers’ item in the left navigation.

Permissions for organizers

The item ‘For Organizers’ in the list ‘Promoted Links for Employee Training Management’ also has unique permissions and the visitors group doesn’t have permissions there. This means that members of the visitors group don’t see the ‘For Organizers’ item in the Tiles view. This is only applicable if you use the Employee Training Management using the classic SharePoint experience.

Permissions in the promoted links list

All the other lists and items in an Employee Training Management site inherit permissions from the website.

Customizations

In the following section I would like to give you some tips on how to change what users can view or change.

Only show specific events to users

Example 1: Open and closed events

If you want to decide per event if an event should be open (all users can enroll) or closed (only organizers can enroll users), please use the ‘Online Enrollment’ column. This Yes/No column is not visible in the event form by default, but you can add it to the Training Event content type to make it visible. If ‘Online Enrollment’ is set to No, only organizers (users that have permissions to edit the event) can enroll users. All the other users are not allowed to enroll.

Online Enrollments are disabled

You can also change views in the Scheduled Training Events list and add the following view filter to make sure users don’t see ‘closed’ events.

Online Enrollment is not equal to No
Online Enrollment is not equal to No

Example 2: Target audience

You also have the option to limit the visibility of events to specific users or groups using the user and group membership query. For this example you can use any People or Group column that you have added to the Scheduled Training Events list. In this example the internal column name is ‘TargetAudience’. Please note that this is a custom column you have to add to the list first. Add the following view filter to the upcoming events view that is visible to attendees. The Query cannot be configured using the SharePoint UI, but you can open the view in SPDesigner and change the query in the XML definition directly or update the view query using PowerShell.

<Where>
    <Or>
       <Or>
         <IsNull>
            <FieldRef Name="TargetAudience" />
          </IsNull>
          <Membership Type="CurrentUserGroups">
            <FieldRef Name="TargetAudience" /> 
          </Membership>
       </Or>
        <Eq>
            <FieldRef Name="TargetAudience" />
            <Value Type="Integer">
                <UserId Type="Integer" />
            </Value>
        </Eq>
    </Or>
</Where>
<Where>
    <Or>
       <Or>
         <IsNull>
            <FieldRef Name="TargetAudience" />
          </IsNull>
          <Membership Type="CurrentUserGroups">
            <FieldRef Name="TargetAudience" /> 
          </Membership>
       </Or>
        <Eq>
            <FieldRef Name="TargetAudience" />
            <Value Type="Integer">
                <UserId Type="Integer" />
            </Value>
        </Eq>
    </Or>
</Where>

If you use this query, events are visible to the user if no target audience is specified or the user is part of the specified target audience, either directly or as part of the SharePoint group or AD security group.

Item-level Permissions

In the ‘My Enrollments’ view and the ‘My Achievements’ view in the ‘For Learners’ section users only see their enrollments and achievements because the view uses a ‘Enrolled user is equal to [me]’ filter. If you want to make sure normal users don’t see any other users’ enrollments, you can in addition also use ‘Item-level Permissions’.

Open the list settings of the Enrollment list, click on ‘Advanced settings’ and select ‘Read items that were created by the user’ in the ‘Item-level permissions’ section. Repeat the same in the Achievements list

Item-level permissions

If read access is limited to items that were created by the user, users can only see the enrollments and achievements they created. Since it’s also possible to enroll users on their behalf as an organizers, this would mean that users don’t see enrollments and achievements that someone else created for them. To make sure user see all their enrollments and achievements, please open the Employee Training Management app in site contents and click on ‘Change Settings’. Now click on ‘Enrollment management’ on the left and select ‘Yes, change the author’ in the ‘Visibility of Enrollments’ section. Please note that this section is only visible if item-level permissions are enabled in the enrollment list.

Change author

If this is enabled, the enrolled user is always set as the author of the enrollment and the achievement. This means that users from now on also see the enrollments that have been created on their behalf. Please note that this will not affect existing enrollments.

As described in the advanced list settings, users with the Cancel Checkout permission can read and edit all items no matter if ‘read all items’ or ‘read items that were created by the user’ is selected. To makes sure organizers can see all users, organizers need the Cancel Checkout permission in the enrollments and achievements list. As I mentioned already in Permissions in an employee training management site, the members group has a custom permission level called ViewAllEnrollments assigned. Since this custom permission level contains the permission ‘Cancel Checkout’, we already made sure that organizers can view all enrollments and achievements. If you want managers to see the enrollments and achievements of their team members, also consider using a specific Managers SharePoint group that also has the ViewAllEnrollments permission level assigned. If you want instructors to view all enrollments in their events, also create an instructor SharePoint group with the ViewAllEnrollmetns permission level.

It’s not possible to configure unique permissions for items in the navigation, but if the user doesn’t have permissions to view the linked content, the link is also not visible. If you display a link to a site page for example, the item is only visible to users that have permissions to view this page. As described above in ‘Permissions in an Employee Training Management site’ the visitors group doesn’t have permission to view the ‘For Organizers’ page. This is why the ‘For organizers’ link and all links below don’t show up in the navigation for site visitors.

Navigation

If you want to change the permissions for other pages as well, open the site pages library, click on the … menu next to the new page, click on Share, … Manage Access and Advanced. Now click on ‘Stop inheriting permissions‘, select the groups that should not be able to view this page and click on ‘Remove user permissions‘.

Change page permissions 1

Change page permissions 2

I hope you found this information useful. If you have any problems or any other questions, please send an e-mail to support@sharepointsapiens.com.

Home > Employee Training Management for Office 365 – Configure Permissions

Stay updated

We will provide you with information about new products and updates.

Need help?

If you have any questions about our products or services, let us know.

e-mail: support@sharepointsapiens.com

Follow us!

Keep yourself informed about our products, company news and helpful blog posts.

Terms of Use | Privacy Statement | Legal Notice