Reporting 2.0 Permissions

There are two reporting models: Reporting 2.0 Granular Permission Model and Reporting 2.0 Report Level Permission Model. The granular model is more complex and can sometimes be confusing, as it can be difficult to understand which permissions and constraints apply to which reports, and which need to be assigned to users to allow them to see the appropriate reports and data. For customers with less complex reporting needs, the Reporting 2.0 Report Level Permission Model provides a simpler option. Customers can choose whether to keep the granular permission model, or to migrate to the report level permission model.

Granular Model vs. Report Level Model Overview

  • Reporting 2.0 Granular Permission Model
    • Provides customers a lot of flexibility 
    • Allows for complex permission configurations
    • Hundreds of permissions
  • Reporting 2.0 Report Level Permission Model
    • Two permissions per report type: View and Manage
    • Each Report type permission has its own set of constraints
    • A user having permission for a report type can see any reports shared with them that match the report type

Granular Permission Model

The granular model uses the Reporting 2.0 permissions to allow you to create more specific reports by report field. For this reason, permissions are at more of a granular level with this functionality.

The permissions are broken down by the main product level permission, section level, and then at the field level. For example, if you wanted to report on Instructor Led Training (ILT) in the system, you would need:

  • The Reporting - Manage permission to create reports.
  • The Reporting - View permission to preview reports and view reports.
  • The top-level product specific permission to create reports related to that product.
    • e.g. Reporting - Learning - Manage
  • The section specific permission to create reports for that feature within the product.
    • e.g. Reporting - Learning - ILT - Manage
  • The field level permissions to be able to create reports with the specific fields for that feature within the product.
    • e.g. Reporting - Learning - ILT - ILT Facility - Manage

If a user does not have each level of permission, then they may not have access to the report builder, or the section may not be visible, or the fields within the section may not be visible. Also, if a user does not have the top-level product permission, then none of the fields for that product will be visible, such as the fields for LMS reports.

The power of this granularity of permissions is that you can give access to as many or as few fields as necessary for your users. For example, you may give users access to the User section but not give them access to the User Identifier section if that contains sensitive data for your portal.

If a user has all relevant permissions, but the backend setting for a particular area is set to FALSE, any fields related to that section will still appear blank in a report. An example where this could occur is SCORM 2004 quiz data.

Note: When a user has a top-level, section, or field level permission, it is not necessary to also assign the Reporting - Manage or Reporting - View permissions since the more granular product specific permissions will give the user access to Reporting 2.0.

Note: Due to sensitivity, users who need to report on Gender, Ethnicity and Grade information, would need the following permissions in addition to the reporting permissions:

  • For Gender: User Upload - Gender
  • For Ethnicity: User Upload - Ethnicity
  • For Grades: View Grades

List of Permissions

For the full list of permissions and their relationships, see the permissions spreadsheet.

The Reporting - Apply Owner Constraints permission grants the ability to turn on the Apply Owner Constraints setting for reports in the Report Properties panel. This setting affects shared users, delivery, and reports published to dashboards.

When the setting is enabled, the report owner's constraints are applied to the report, and users that run the report will see the report with the report owner's constraints instead of their own. For reports published to dashboards the owner constraints are only applied if the underlying report is also shared with the user. If just the dashboard is shared, but not the report itself, the users own constraints are applied even though the toggle is set to apply owner constraints.

Due to the possibility of unintended user data becoming visible to a user viewing a report with the report owner's constraints, it is recommended that filters be added to the report to restrict data visibility. It is also recommended that the report owner test the report prior to sharing to ensure the data visibility is appropriate and intended.

The Reporting - Download permission grants users the ability to download Reporting 2.0 reports. This permission cannot be constrained; however, when users download a report, any Reporting - View constraints are applied. Users with the permission see the download option on the Report Home and the Report Viewer.

For clients that have already opted in and previously activated Reporting 2.0, this new permission is added automatically to the System Administrator role and to any security role that currently has at least one Reporting - View permission.

For clients that are opting in and activating Reporting 2.0 for the first time with the August ’18 Release, this new permission is available to administrators in the System Administrator role who can then add the permission to other roles at their discretion. Users without this permission will not see any download options in the Report Home or the while Viewing Reporting 2.0 reports.

The Reporting - Email Delivery permission grants the ability to deliver reports in Reporting 2.0. Users must also have permission to view reports. The permission can be used in conjunction with the various product, section, and field level permissions. Users must have permission to view Reporting 2.0 in order to have access to a report that is delivered to them. If they do not have view access, then the Reporting 2.0 navigation sublink will not display for them.

Users who have permission to manage Reporting 2.0 can edit a report that is delivered to them. They can also copy the delivered report.

The following constraints are available for this permission:

  • OU
  • User’s OU
  • User Self and Subordinates
  • User
  • User's Self
  • User's Manager
  • User's Superiors
  • User’s Subordinates
  • User’s Direct Subordinates
  • Employee Relationship

The Reporting - FTP Delivery permission grants the ability to schedule delivery of Reporting 2.0 reports to an FTP directory. This permission cannot be constrained.

This permission is used in conjunction with the view permission for Reporting 2.0 and can also be used in conjunction with the various product, section, and field level permissions. Users must have permission to view Reporting 2.0 in order to have access to a report that is delivered to them. If they do not have view access, then the Reporting 2.0 navigation sublink will not display for them.

Users who have permission to manage Reporting 2.0 can edit a report that is delivered to them. They can also copy the delivered report.

The Reporting - Manage Global Calculated Fields permission grants the ability to publish calculated fields to all users. This permission cannot be constrained.

Note: Calculated fields can be created by all users who have permission to create reports in Reporting 2.0. However, in order to publish the calculated field globally, a user needs permission to manage global calculated fields.

The Reporting - Recruiting - Custom Integrations - Manage permission grants access to build and manage reports in the Custom Integrations section. This permission cannot be constrained.

The Reporting - Recruiting - Custom Integrations - View permission grants access to view the Custom Integrations section in reporting. This permission cannot be constrained.

The option for sharing reports is only visible to users who have the Reporting - Share permission. Users without the permission can still receive shared reports, but constraints (for other permissions, such as Reporting - Core permissions) will be respected. For example, if you share a report that contains data around Location A and the user receiving the report is constrained to only see data for Location B, the report would not contain any records.

The following constraints are available for this permission:

  • OU
  • User’s OU
  • User Self and Subordinates
  • User’s Direct Report
  • User
  • User's Self
  • User's Manager
  • User's Superiors
  • User’s Subordinates
  • User’s Direct Subordinates
  • Relationship

The Reporting - System Templates permission grants users the ability to use all system templates. System templates are available for generating certain Learning, Core, and Performance data.

This permission works in conjunction with other Reporting 2.0 permissions. For example, users without the Reporting - Learning - View permission will not see any templates for Learning.

This permission is automatically added to the Cornerstone Administrator and System Administrator security roles in all portals that have self-enabled Reporting 2.0.

Sharing Reports Created with a System Template

When you share a report that was created using a template, the shared users will be able to view the report without needing to be granted the Reporting - System Templates permission. The permission is only needed for administrators who should distribute templates to their users.

Permission Constraints

Constraints exist at the section level for permissions. The following constraints are available:

  • OU
  • User’s OU
  • User Self and Subordinates
  • User’s Direct Report
  • User
  • Learning-specific constraints:
    • Provider
    • Training Item
    • Training Type
  • Requisition-specific constraints:
    • User's Division
    • User's Position
    • User's Location
    • Division
    • Position
    • Location

Note: Constraints are applied differently for Recruiting reports. Multiple criteria for the same OU type use the OR logic (e.g., only constraints for Location OU), while inter-OU type criteria use AND logic (e.g., a constraint for Location OU and a constraint for Division OU).

For all other reports, the regular constraint logic is applied. See this Knowledge Article for more details about the general constraint logic: https://csod-external.force.com/supportcentral/s/article/Several-constraints-added-to-permission-work-as-OR-statements.

Report Level Permission Model

The report level permission model is ideal for customers with less complex reporting needs, and allows the ability to quickly grant access by report type.    

Permissions for Report Level Permission Model

There are permissions for the report level model, listed here:

View Manage
Reporting - Compensation - CompensationReport - View Reporting - Compensation - CompensationReport - Manage
Reporting - Connect - CommunityReport - View Reporting - Connect - CommunityReport - Manage
Reporting - Connect - ConnectCommunitiesReport - View Reporting - Connect - ConnectCommunitiesReport - Manage
Reporting - Connect - ConnectReport - View Reporting - Connect - ConnectReport - Manage
Reporting - Connect - TopicReport - View Reporting - Connect - TopicReport - Manage
Reporting - Core - CapabilitiesReport - View Reporting - Core - CapabilitiesReport - Manage
Reporting - Core - MultiModuleReport - View Reporting - Core - MultiModuleReport - Manage
Reporting - Core - UserReport - View Reporting - Core - UserReport - Manage
Reporting - Engage - EngageResponseReport - View Reporting - Engage - EngageResponseReport - Manage
Reporting - Extended Enterprise - TrainingUnitDistributorReport - View Reporting - Extended Enterprise - TrainingUnitDistributorReport - Manage
Reporting - Forms - FormsReport - View Reporting - Forms - FormsReport - Manage
Reporting - Form Tasks - Form Tasks - View Reporting - Form Tasks - Form Tasks - Manage
Reporting - Learning - AssignmentReport - View Reporting - Learning - AssignmentReport - Manage
Reporting - Learning - CompetencyReport - View Reporting - Learning - CompetencyReport - Manage
Reporting - Learning - CurriculumTrainingReport - View Reporting - Learning - CurriculumTrainingReport - Manage
Reporting - Learning - CurriculumTranscriptReport - View Reporting - Learning - CurriculumTranscriptReport - Manage
Reporting - Learning - EvaluationsReport - View Reporting - Learning - EvaluationsReport - Manage
Reporting - Learning - PlaylistReport - View Reporting - Learning - PlaylistReport - Manage
Reporting - Learning - SubjectReport - View Reporting - Learning - SubjectReport - Manage
Reporting - Learning - TestReport - View Reporting - Learning - TestReport - Manage
Reporting - Learning - TrainingCapabilityReport - View Reporting - Learning - TrainingCapabilityReport - Manage
Reporting - Learning - TrainingFormManagementReport - View Reporting - Learning - TrainingFormManagementReport - Manage
Reporting - Learning - TrainingFormsCurriculaReport - View Reporting - Learning - TrainingFormsCurriculaReport - Manage
Reporting - Learning - TrainingPlanReport - View Reporting - Learning - TrainingPlanReport - Manage
Reporting - Learning - TrainingReport - View Reporting - Learning - TrainingReport - Manage
Reporting - Learning - TransactionReport - View Reporting - Learning - TransactionReport - Manage
Reporting - Learning - TranscriptReport - View Reporting - Learning - TranscriptReport - Manage
Reporting - NASD - NASDUserReport - View Reporting - NASD - NASDUserReport - Manage
Reporting - Observation Checklist - ObservationChecklistReport - View Reporting - Observation Checklist - ObservationChecklistReport - Manage
Reporting - Onboarding - OnboardingReport - View Reporting - Onboarding - OnboardingReport - Manage
Reporting - Performance - Check-InsReport - View Reporting - Performance - Check-InsReport - Manage
Reporting - Performance - GoalsReport - View Reporting - Performance - GoalsReport - Manage
Reporting - Performance - PerformanceReport - View Reporting - Performance - PerformanceReport - Manage
Reporting - Performance - PerformanceReviewReport - View Reporting - Performance - PerformanceReviewReport - Manage
Reporting - Performance - SharedGoalReport - View Reporting - Performance - SharedGoalReport - Manage
Reporting - Recruiting - RecruitingReport - View Reporting - Recruiting - RecruitingReport - Manage
Reporting - Resume - ResumeReport - View Reporting - Resume - ResumeReport - Manage
Reporting - Succession - JobPoolSuccessionReport - View Reporting - Succession - JobPoolSuccessionReport - Manage
Reporting - Succession - SuccessionReport - View Reporting - Succession - SuccessionReport - Manage
Reporting - Talent Pool - TalentPoolReport - View Reporting - Talent Pool - TalentPoolReport - Manage
Reporting - Development Plan - DevelopmentPlanReport - View Reporting - Development Plan - DevelopmentPlanReport - Manage
Reporting - Extended Enterprise - TrainingUnitKeyCodeReport - View Reporting - Extended Enterprise - TrainingUnitKeyCodeReport - Manage
Reporting - Learning - CertificationReport - View Reporting - Learning - CertificationReport - Manage

Resources

Reporting 2.0 - Permissions Guide