User Permissions Guide

This guide describes user permissions in the Training Manager system based on System Roles and Scopes. Every user account is assigned one System Role and one Scope that together determine what actions they can perform and what data they can access.

System Roles

The system has three distinct roles that determine the types of operations a user can perform:

Viewer

• Description: Basic user role with limited permissions
• Primary Function: View data and submit training records for approval

Data Administrator

• Description: Administrative role with comprehensive data management capabilities
• Primary Function: Manage training data, records, and perform most administrative tasks

System Administrator

• Description: Highest level role with full system control
• Primary Function: Complete system administration including user management and system settings

Scopes

Scopes determine the breadth of data a user can access within the system:

Scope Name	Description
Individual	Access limited to individual user's own data
Company	Access to company-wide data
Group	Access to group-level data
Location	Access to location-specific data
Direct Reports	Access to data for direct reports

Permissions by System Role

Viewer Permissions

Users with the Viewer role can perform the following actions:

Basic Operations

• ✅ View their own Training Transcript
• ✅ Submit training records for approval

Dashboard Access (Scope-Dependent)

• ✅ View My Dashboard (all scopes)
• ✅ View Group Dashboard (Group and Company scopes only)
• ✅ View Location Dashboard (Location and Company scopes only)
• ✅ View Supervisor Dashboard (Company and Direct Reports scopes only)
• ✅ View Company Dashboard (Company scope only)

Data Viewing (Scope-Dependent)

• ✅ View Courses (all scopes)
• ✅ View Requirements (all scopes)
• ✅ View Reports (all scopes - filtered to scope level)

Data Administrator Permissions

Users with the Data Administrator role inherit all Viewer permissions plus:

Advanced Data Management

• ✅ Add, edit, trash, and restore records
• ✅ Upload and delete files
• ✅ Export lists
• ✅ Copy records
• ✅ Add, edit, and delete selection field values

Communication & Workflow

• ✅ Send email reminders
• ✅ Send overdue notices
• ✅ Approve training records
• ✅ Reassign direct reports

Additional Viewing Access (Company Scope Required)

• ✅ View Sessions
• ✅ View People
• ✅ View Options

System Administrator Permissions

Users with the System Administrator role have all Data Administrator permissions plus:

System-Level Administration

• ✅ Set user passwords
• ✅ Permanently delete records
• ✅ Save company settings
• ✅ Save report options
• ✅ Add new administrators
• ✅ Full export and download capabilities

Scope-Based Access Restrictions

Individual Scope

• Most restrictive scope
• Access limited to user's own data
• Can view "My Dashboard" only

Company Scope

• Broad access to company-wide data
• Required for viewing Sessions, People, and Options.
• Can view Group, Location, and Supervisor Dashboards

Group Scope

• Access to group-level data
• Can view Group Dashboard

Location Scope

• Access to location-specific data
• Can view Location Dashboard

Direct Reports Scope

• Access to direct reports' data
• Can view Supervisor Dashboard

Permission Matrix Summary

Action	Viewer	Data Admin	System Admin	Scope Requirements
View own dashboard	✅	✅	✅	All scopes
Submit training records	✅	✅	✅	Role-based
View courses/requirements/reports	✅	✅	✅	All scopes
Edit/delete records	❌	✅	✅	Role-based
Approve user submitted training	❌	✅	✅	Role-based
View sessions/people/options/contact	❌	✅	✅	Company scope required
Permanently delete records	❌	❌	✅	Role-based
System administration	❌	❌	✅	Role-based

Dashboard Access Rules

The following table shows which scopes can access specific dashboards:

Dashboard Type	Required Scopes
My Dashboard	All scopes
Company Dashboard	Company scope only
Group Dashboard	Group or Company scope
Location Dashboard	Location or Company scope
Supervisor Dashboard	Supervisors with Company, Group, or Location scope