Administrators often need to share access to reporting with key stakeholders. In this article, we'll explain how the security model ensures that Users with access to reporting will only see the right data in reporting.
We'll cover:
- What is a security model?
- Reporting permissions in a nutshell: What Users see in Learn and Perform reporting
- Access and options with saved Views in reports
- Reporting views for people managers and Group administrators
- Allow a User access to ALL data - even if otherwise restricted by the security model
What is a security model?
The Security Model is a safety net. It ensures that Users given access to reporting or to Learn admin, do not see more data than they should.
At the highest level, there will be Users who can see everything. In Learn, they will typically be LMS Administrators. They see all data and can run the LMS for the entire organisation. In Perform, they will be Perform Administrators.
For other roles, the view of data in Learn reports and the view of data in Perform reports is more restricted.
In the example below, both an LMS admin and a Manager can view the Learning progress report. But their view of the data is different:
Note that it is also possible to give a User access to ALL data, should that be required - even if the security model would otherwise restrict that.
See Give a User permission to access Reporting and Analytics to learn how to give Users access to reporting and How to give access to ALL reporting data.
Reporting permissions in a nutshell: What Users see in Learn and Perform reporting
Assuming Users have been given permission to access Reporting and Analytics, their view of the data will be determined by their LMS role:
| View of data in Learn reports | View of data in Perform reports | |
| User | Will only see data for themselves | Will only see data for themselves |
| Line Manager | Will only see data for themselves and their team | Will only see data for themselves and their team |
| Group Administrator | Will only see data for themselves and their team (if they have one) and members of any Group they administer | Will only see data for themselves and their team (if they have one) and members of any Group they administer (if the Group is configured to allow Users to view Group members in Perform) |
| LMS Administrator | Will see data for all Learn Users | Will only see data for themselves and their team (if they have one) |
| Perform Administrator | Will only see data for themselves and their team (if they have one) | Will see data for all Perform Users |
View LMS Roles and responsibilities 101 for more about LMS roles.
There are three permissions that can be set in Manage Users that impact the actions that a user can take within the Reporting tool:
View Reporting
This allows the user to access the reporting application and view all reports (although the data within them will be controlled by other factors, as described above).
Edit Reporting
This allows the user to access the reporting application, view and edit all reports (although the data within them will be controlled by other factors as described above), create and edit Saved Views and report Reminders, organise folders, and create/edit user-created reports.
Data Connector
Allows the user to access the data connector tool, to configure SFTP transfer of datasets.
View Give a User permission to access Reporting and Analytics to find out more.
Access and options with saved Views in reports
When a User is given access to a Fixed or User-created report, they will see all saved Views. However, the security model restricts the user's view of the data in any report. This may mean that when selecting a saved View, the User does not see any results.
Note that Users must have the 'Edit' permission to:
- Create a saved view
- Create / Edit a report reminder
The security model and shared report Views
The security model also applies if a link to view a report is shared with a stakeholder. Even if the person who shares the link can see data for 1,000 people, the User who receives the link will have a different view of the data - controlled by the security model.
Reporting views for people managers and Group administrators
Here are some examples of users who may have access to reporting, with a limited view of the data.
People managers
A people manager might have a team of 10 people. The Security Model also ensures that if the manager has access to Learn admin, they see only those ten people in the list of Users.
Therefore, when the manager logs into reporting they will see all the reports, but in those reports, they will ONLY see data for their team that they are the Group Administrator or Group Manager of.
Group administrators
The Group administrator option allows Users who do not have/require full LMS Administrator access or Manager-level access to reporting to share report access.
When a Group administrator is given access to reporting, they will see all the reports, but in those reports, they will ONLY see data for Users who are members of the Group(s) of which they are a Group administrator or Group manager of.
For example, an organisation with Groups based on geographical regions (North, West, East, South) may wish to grant a regional administrator access to reporting for their region without assigning them full LMS Administrator privileges.
In this scenario, the regional administrator can be designated as a Group Administrator. This allows them to view reports containing data for all members of the specific regional Group for which they are an Administrator.
Group administrators who can view Group members in Perform
If Group administrators are able to view Group members in Perform, administrators will be able to view reporting data for members of the specific Groups they manage.
Allow a User access to ALL data - even if otherwise restricted by the security model
When users are given access to reporting and analytics, their view of the data is dictated by the security model.
For example, if a Manager is given access, they will see results for their direct reports only.
Any User who is a Group administrator will see data about members of any groups for which they are a Group administrator.
In some circumstances, however, it may be beneficial to allow a User unrestricted access to see all data in Learn LMS, for example, an LMS Administrator or a senior manager. To achieve this, add the ACL permadission to the Users' role: Admin.Reports.PowerBI.ShowAllData
Watch the video to see how:
Discover more about reporting with Power BI
Looking for quick answers? Check out FAQ, Reporting and Analytics with Power BI, packed with over 100 common questions and links to in-depth resources.
If you're new to reporting with Power BI, Reporting and analytics 101 introduces the fundamentals to help you get started. For a deeper dive, the short Academy Course Five must-know features explores these key topics in more detail and serves as the starting point for the Get Started: Reporting and analytics with Power BI course.
You can also join our regular Ask Me Anything: Reporting live events - come along and ask your question directly to our panel of experts.
Don't have your Academy account yet? Contact your Customer Experience Manager or the Support Team to sign up today.