Permissions within Instilled are extremely flexible to accommodate any scenario that you may need. Whether it's opening up the platform for all of your users to be able to view, record, share, etc. or if you need to lock down containers to certain individuals, this article will go over everything. Keep in mind that permissions can become complex depending on the level of granularity that is needed, so it may be best to reach out to your Instilled representative to work through them together.
Permissions are controlled by a combination of Users, Groups, and Containers. Users are any registered users in the platform. Groups are a collection of users. There can be as many Groups on the platform that are needed. Permissions are then granted to Groups which give permission to the group to a certain container.
Groups are created by Admins on the Manage Groups page in the Menu. If you do not see the Manage Groups page, then you do not have permission and you will have to work with an Admin to be granted permission. From the Groups page, you can create a new group by clicking Create Group in the top right. Or by clicking the (+) icon in the bottom right. Simply give your Group a name and description, then enroll users into the group by filtering for their name and applying a check mark next to their name. This is all it takes to set up new manual groups.
Important Note for System Groups: There are system groups that are automatically created on the platform and users are automatically enrolled into a few of these groups. One of which is called the 'All Regular Users' group. Any user that is created on the platform will automatically be enrolled into this group. Essentially it contains every user and users cannot be removed from the group. So when setting up permissions, it is imperative that you grant this group permissions to containers that you would want EVERYONE who has access to the platform to be able to see/do. Of course, you could grant no permissions to this group so they do not have any permissions off the start but it is convenient for cases where you want all your users to be able to see certain content. There is also an All Administrators group. Users enrolled in this group will have full access to the entire platform. There are other system groups for authentication methods as well. For example, if your platform has Single Sign On through SAML, there will be a system group called SAML users and all users who authenticate via SSO will be enrolled into this group automatically. These groups are for your convenience but you may choose to not give them any permissions to any containers. Lastly, there are individual groups. Each user is automatically created and enrolled in its own individual group. These are convenient if you just want to give one person specific permissions so that you don't have to create a new group, enroll the one user into that group, and assign permissions. The creation and enrollment has already been created for the individual.
Assigning Permissions to Groups
Once you have your groups created, it is now time to give them permissions. Permissions can be granted at the root level or at nested individual container levels. To understand content structure, please visit our 'Navigating the Content Structure of Instilled' article. It is important to note that permissions are granted at the container level -- not the individual video/resource level. These permissions will flow down to all nested containers within.
A basic example:
If our content structure looks like below and a group is given the Content Viewer permission at the HR container level, all the users within that group will be able to see all the content living within the Onboarding container & Policy container as well since the permissions flow down.
Assigning Permissions from the Manage Groups page
Permissions can be assigned from the Manage Groups page by clicking on the active group and clicking on the Permissions tab. From here, you will see a list of all the root level containers. Again, keep in mind that if you assign permissions at this level, users enrolled in that group will be able to view all the content within the nested root level containers as well. There is also an option at the top of the page for Platform Permissions. Permissions can be applied here which encompass the entire platform. For example, if you give the group the Content Viewer permission at the Platform Permission level, all the users in the group will be able to see all of the content that lives on the platform.
Assigning Permissions from the individual Container page
Instead of assigning permissions at the root level, permissions can be assigned at an individual container level. Navigate to the container, click on Manage, then click on the Permissions tab. From here, you will see a list of all the Groups that have been created and you can apply the permission to the group for that container. Click the image below to make larger.
The Permissions at the container or group level
Some permissions encompass others. For example, if the group is assigned the Content Deleter permission, this includes the ability to view content so the Content Viewer permission is not needed as well. It doesn't hurt to add it but it's not necessary. The descriptions below will help in identifying which permissions include others.
Content Viewer -- Can simply view the content.
Content Deleter -- Can view all the content and can delete existing content. Cannot add new content.
Access Manager -- Can view the content and also apply permissions to existing groups for that container.
Content Manager -- Can view, create, update, and delete all content within the container. Essentially an "admin" of the content within that container.
Content Updater -- Can view and update content. Update means that they can access the Content Editor for a piece of content to add chapters, synchronize slides, or edit Closed Caption files to existing content. They can also access the 'Manage' section of the container and content to change the title, descriptions, etc. They cannot create new content within the container.
Commentator -- Can comment on videos/resources within the container. This does not give them permission to view.
Content Creator -- Can view content and create content in any way by uploading, recording, or copying from a container they also have permission to view. Can also edit existing content (see content updater above) but not delete content that they or others create. If the user creates a new nested container within that container, the user will have full access to the nested container including deleting content within the newly created nested container.
Content Creator Upload Media -- Can view and create content strictly through uploading (both video and eLearning). Cannot delete content
Content Creator Record Media -- Can view and create content strictly through recording a video with webcam and screen capture. Cannot delete content.
Content Creator Containers -- Can view and create new nested containers within. If the user creates a new nested container within that container, the user will have full access to the nested container including deleting content within the newly created nested container.
Content Creator Copy Media -- Can view content and copy videos/resources that live in existing containers that the user has access to view.
Authorship Manager -- Can view content and specify authors of resources.
Integration Visitor Access Manager -- This is a specific permission strictly used for a sales prospecting tool. If you're using the platform in a sales prospecting fashion, please reach out to your Instilled Administrator to learn more about this permission. Otherwise, it can be ignored.
Platform Permissions at the Group Level
Permissions can also be applied at a platform level. Many of the same permissions above apply to the platform level (take effect on all containers) but there are added permissions that are needed at the platform level to do more advanced functionality. These permissions are applied by going to the Manage Groups in the Menu, selecting the Group and going to the Permissions tab. Platform permissions will be found at the top above the list of containers.
Content Routes Browser -- An unnecessary permission used for a sales prospecting tool. Similar to the Integration Visitor Access Manager permission mentioned above, if you are using Instilled for this use case, please contact your Administrator.
Own Custom Attributes Value Manager -- A permission that is strictly used by Administrators. Contact your Instilled Admin for more information.
Support Role -- Cannot be set by normal users. Contact Instilled Admin for more information.
Top Level Container Creator -- Can create containers on the root or top level only.
Access Manager -- Can view all content on the platform and manage access to existing containers and groups. Cannot enroll users into groups.
Identity Viewer -- Can view user details on the platform. This permission is extremely important. It is required for a user to be able to see metrics on the platform. The user will need to be enrolled in a group that has the Identity Viewer permission and then a permission on the container that allows them to view the Metrics button to viewer metrics. The lowest level permission that allows for the metrics button is Content Updater.
Identity Manager -- Can see users, create users, create groups, enroll users into existing groups, and create new groups. Without the Access Manager permission above, these users cannot grant permissions to groups -- simply enroll. They cannot enroll themselves or others into the All Administrators group. Also gives access to WS reporting analytics.
As noted above, permissions were built to be able to accommodate any scenario. Please feel free to reach out to your Instilled representative to walk through these together on your Instilled platform if you require assistance.