![logolimanobkg-1.png]](https://help.easyllama.com/hs-fs/hubfs/logolimanobkg-1.png?height=40&name=logolimanobkg-1.png){kind=small}
Dashboard Admin Roles & Role Based Permissions Guide
Learn about role-based access controls and best practices for creating admin users.
Helpful Tip: Click to learn how to Add or Remove Dashboard Admins or view the Dashboard Admin Roles Chart
Delegate management responsibilities securely with role-based access controls designed for different team members’ needs. From full administrators to specialized managers, learn how to configure access levels that maintain security while empowering teams to manage their areas of responsibility effectively.
Key takeaways
- Implement the principle of least privilege by granting only the access needed for each role, reducing risk and simplifying the admin experience.
- Streamline team collaboration by enabling HR, managers, IT, and training coordinators to work simultaneously in the same platform with appropriate boundaries.
- Maintain security and compliance by protecting sensitive data, like anonymous reports and billing information, by restricting access to authorized personnel only.
Understanding Role-Based Access Control
Role-Based Access Control (RBAC) is a security model that assigns system permissions based on job functions rather than individual users. Think of it like a building's security: Full Admins have master keys to every room, while specialized roles have keys only to the areas they need, like managers access their team's offices, IT accesses server rooms, and finance accesses accounting.
Why this matters:
- Reduces Administrative Burden: Delegates tasks such as learner management or course creation without giving up full system control.
- Enhances Data Privacy: Ensures sensitive information, such as anonymous reports or billing details, is visible only to those who truly need it.
- Improves Team Efficiency: Allows multiple people to work side by side on training initiatives without stepping on each other's work.
How Admin Roles Work
The Permission Matrix
A structured system that maps specific data capabilities (like “edit courses” or “view reports”) to predefined roles. Each role is a bundle of permissions designed for common job functions.
What can be done with this:
- Assign the right role to each team member based on their responsibilities
- Quickly understand what any role can and cannot do using the permission matrix
- Mix and match roles when someone needs capabilities from multiple areas.
Scoped Access & Data Segregation
The system automatically filters data based on role. For example, a Manager sees only their direct reports, while a Learner Admin sees all Learners, but can't access billing.
Common uses:
- Managers tracking their team's progress without seeing other departments.
- Training coordinators creating content without accessing sensitive anonymous report data.
- IT configuring integrations without being able to modify training content.
Best Practices for Assigning Admin Roles
Strategic Assignment
Align roles with actual job functions rather than job titles to ensure efficient and secure operations.
How to implement:
- Map responsibilities first: List what each person needs to do within the system.
- Use the Quick Reference Guide: Match those needs to the predefined role that best fits.
- Document assignments: Keep a simple spreadsheet of who has which role and why for auditing purposes.
- Review Quarterly: As responsibilities change, update roles accordingly.
Secure Sensitive Functions
Protect high-risk areas like billing, anonymous reporting, and company settings with specialized, limited-access roles.
How to implement:
- Use the “Billing Access” role exclusively for finance team members, as no one else needs access to payment methods.
- Reserve “Anonymous Reporting Access” for ethics/compliance officers only, as this is highly sensitive data.
- Never share credentials: Each person should have their own account with their appropriate role.
Common Questions About Admin Roles
Can I create custom roles or modify the existing ones?
Roles are predefined based on common organizational needs. If your requirements don’t fit existing roles, contact your Customer Success Manager to discuss options. You can assign multiple roles to a single user if they need capabilities from different areas.
What happens if someone tries to access a feature they don’t have permission for?
Typically, features are hidden or disabled in their interface, so they cannot access them. However, if they have permission to view, but not take an action, they may see a “You don’t have permission to access this feature” error message.
How does Leader Access work with organizational hierarchy?
Manager roles are tied to the company’s reporting structure. These admins can see and manage only their direct reports (and their reports' direct reports, if applicable) and/or the Locations or Departments they manage. This is based on the manager relationships defined in the Learner profiles or imported via HRIS integration.
Troubleshooting
A user cannot perform an action they need for their job.
First, verify their current role in ⚙️Settings > User Permissions. Check the permission matrix to confirm their role includes the needed capability. If not, upgrade their role to one that includes it.
A Manager cannot see all the team members they should.
Ensure the reporting structure is set up correctly by navigating to the Learners tab and checking that each team member has the correct manager assigned in their Learners Profile. Manager access is automatically applied based on these relationships.
Real World Examples
The following are examples of how admin permissions may be used for each role, and why the specific admin permissions were chosen, which may differ from your organizational needs. The example assumes that the company is using EasyLlama for Training, Security, and LMS.
Tech Company
A tech company is operating with Agile teams, rapid scaling, and significant cybersecurity requirements. They aim to enable HR to build a dynamic workforce that empowers engineering and product managers to track team-specific compliance, while allowing the security team to run specialized awareness campaigns. They must protect sensitive financial data and create a separation between ethics and day-to-day operations.
| Role | Permissions | Why |
|---|---|---|
| HR Director | All Access | Gives complete visibility and control over content, compliance, reporting, and budget to ensure alignment with organizational goals and regulatory requirements |
| HR Coordinator | Learners access | Handle the day-to-day employee lifecycle management (onboarding, offboarding, role changes) and need to manage Learner profiles, groups, and departments without accessing financial or sensitive data. |
| Department Manager | Leader/Manager Access | Accountable for their team’s development and compliance, but shouldn’t see or manage employees outside of their reporting hierarchy. Scoped access empowers them to track progress and provide coaching. |
| Security Team | Phishing Simulator access & IT access | Accountable for creating and managing security awareness campaigns (phishing simulations) and configuring technical integrations (SSO, HRIS, API) without getting involved in general training content or employee management. |
| Finance Manager | Billing Access | Responsible for budget management, subscription renewals, and payment processing, but does not have an operational need to access training content, employee data, or anonymous reports. |
| Ethics Officer | Anonymous Reporting access | They must have exclusive access to sensitive anonymous reports to ensure proper investigation and protect whistleblower identities, separate from training operations. |
Manufacturing Company with Compliance Requirements
A manufacturing company needs to educate on OSHA regulations, quality control standards, and rigorous safety compliance requirements while separating safety training management and incident investigation. They are looking to manage plant-level supervision of team certifications while maintaining oversight of employee records for audit readiness, regulatory compliance, and to create a safe production environment. They also want to protect whistleblowers' confidentiality and the integrity of investigations.
| Role | Permissions | Why |
|---|---|---|
| Training Manager | All Access excluding Anonymous Reporting | Oversees all training operations, content, and assignments, but should not have access to anonymous reports to maintain investigation integrity and comply with confidentiality regulations. |
| Compliance Officer | Anonymous Reporting access only | Require exclusive, auditable access to anonymous reports to ensure proper handling, prevent conflicts of interest, and meet strict regulatory requirements for whistleblower protection and independent investigations. |
| Plant Supervisor | Leader access | Must monitor and drive completion for their direct production teams on safety and procedural training, but shouldn’t access corporate HR data, other plants’ employees, or company-wide settings. |
| Corporate HR | Learners access | Must manage employee records across all locations, handle organizational structure (departments/locations), and ensure data consistency without needing to create training content or access specialized compliance functions. |
Healthcare Organization (Hospitals/Clinics)
A hospital requires strict compliance with regulations (such as HIPAA, OSHA, etc.), clinical training, patient privacy investigations, and mandatory credentialing while also maintaining confidentiality between operational training and incident reporting.
| Role | Permissions | Why |
|---|---|---|
| Chief Compliance Officer | All access | Oversees regulatory training (HIPAA, OSHA, patient safety) and needs complete visibility for audit preparation and reporting to boards/regulators. |
| Clinical Education Director | Course management & Learners access | Develops and manages clinical training content for nursing and medical staff while maintaining accurate Learner records for credentialing purposes. |
| Department Nurse Manager | Leader access | Monitors a nursing team's completion of mandatory certifications (BLS, infection control) and provides remediation without accessing other departments. |
| Privacy Officer | Anonymous Reporting access + Learners access | Investigate HIPAA violation reports confidentially while managing access controls for sensitive patient data, and provide training. |
| Medical Records Supervisor | Learners access only | Ensures all staff complete HIPAA and records management training, but doesn't require content creation or financial permissions. |
| Finance Director | Billing access | Manages training budget and subscription costs without accessing protected health information or clinical training content. |
Construction/Contracting Company
A construction company requires prioritizing job site safety, OSHA compliance, and equipment certification tracking. Must separate safety program management from incident investigation, empower project managers to verify crew certifications, and allow equipment specialists to focus on technical training without accessing HR or Financial data.
| Role | Permissions | Why |
|---|---|---|
| Safety Director | All access excluding Anonymous Reporting | Manages all OSHA, site safety, and equipment training with full oversight, but shouldn't investigate safety incident reports they might be involved in. |
| Project Managers | Leader access | Ensures their crew completes job-specific safety certifications and toolbox talks before site access, scoped only to their project teams. |
| HR Manager | Learners & Course Management access | Handles employee onboarding, manages licenses/certifications, and creates company policy training without accessing job site safety investigations. |
| Safety Investigator | Anonymous Reporting access only | Independently investigates safety incidents and near-miss reports without conflict from those managing the safety training programs. |
| Equipment Manager | Course Management access | Creates and manages equipment-specific training (crane, forklift, PPE) but doesn't need access to employee records or financial data. |
| Controller | Billing access | Manages training budget and equipment certification costs across multiple job sites without operational involvement in safety programs. |
Education (University/School Districts)
A school needs to balance faculty development, student safety training, and confidential Title IX reporting, allowing each respective department to manage its own areas while maintaining federally mandated confidentiality for sensitive student and staff reports.
| Role | Permissions | Why |
|---|---|---|
| Director of HR & Compliance | All access | Oversees all employee training (mandatory reporter, safety, FERPA) across faculty and staff with full accountability for district/state reporting. |
| Curriculum Development Manager | Course Management access | Creates and updates district-specific training content (teaching methodologies, IEP training) without needing access to individual employee records. |
| School Principal or Dean | Leader access | Monitors their school staff's completion of mandatory training (child safety, emergency procedures) and provides support to their direct reports. |
| Title IX Coordinator | Anonymous Reporting access only | Confidential handling of sensitive student and staff reports as required by federal regulations, completely separate from general training management. |
| IT Director | IT Access & Phishing Simulator Access | Manages technology training and cybersecurity awareness for staff while configuring integrations with student information systems. |
| Department Chairs | Leader access (scoped to their department) | Tracks faculty compliance with training requirements specific to their academic department without accessing other departments' data. |
Food Service (Restaurant, Hospitality)
A restaurant chain must maintain food safety compliance, consistent customer service standards, and specialized training while separating front and back of house manager operations. They must maintain a separation between operational training and health/safety investigation to maintain multi-location brand consistency and regulatory compliance.
| Role | Permissions | Why |
|---|---|---|
| General Manager | All access excluding anonymous reports | Oversees all location operations, including food safety, customer service, and compliance training, but shouldn't investigate sensitive staff reports they might be involved in. |
| Assistant Manager | Leader access | Monitors front/back-of-house team completion of food handler certifications, alcohol service training, and safety procedures for their shifts only. |
| Corporate Safety Director | Anonymous reporting access only | Independently investigates health code violations, safety incidents, and harassment reports across locations without operational conflict of interest. |
| Corporate Training Manager | Course Management & Learners access | Develops and updates brand-standard training for new menus, service protocols, and POS systems across all franchise or corporate locations. |
| Kitchen Manager | Leader access (scoped to Back of House) | Ensures kitchen staff complete food safety, allergen, and equipment training specific to their culinary roles and certifications. |
| Corporate Finance | Billing access | Manages training budget, franchise training fees, and compliance fine tracking without accessing operational staff data or incident reports. |
Telecommunications
A telecommunication company operating with unionized field technicians, FCC-regulated compliance, and multi-channel customer service teams. They must enable specialized management of field safety training, call center quality standards, and technical certification programs while maintaining separation between union partnership functions, safety investigations, and customer-facing training development.
| Role | Permissions | Why |
|---|---|---|
| Director of Field Operations | All access | Oversees nationwide technician training for safety (pole climbing, fiber optics), FCC compliance, and customer installation standards across all regions. |
| Regional Field Manager | Leader access | Tracks their region's technician completion of safety recertifications and new technology training without accessing corporate strategy or other regions' data. |
| Customer Service Training Manager | Course Management & Learners access | Develops and manages call center training for customer service reps, technical support protocols, and sales compliance across all contact centers. |
| Safety Compliance Officer | Anonymous reporting access only | Independently investigates field safety incidents and near-misses without conflict from operations managers who oversee the same teams. |
| Network Security Director | IT access & Phishing Simulator access | Manages cybersecurity training for all employees and conducts phishing simulations specific to telecom fraud threats without accessing customer service content. |
| Union Training Coordinator | Course management only | Collaborates with union leadership to develop and manage apprenticeship programs and journeyman training without accessing management reporting or disciplinary data. |
Personal Training & Coaching
A coaching practice needs to protect its proprietary methodologies while delivering measurable client results. They need to balance coaches’ content development with appropriate client data protection, ensure the secure financial management of client engagements, and maintain separation between business development and content creation functions for both intellectual property protection and client trust.
| Role | Permissions | Why |
|---|---|---|
| Chief Learning Officer | All access | Oversees all client training programs, facilitator certification, and content development with full visibility into business operations and client outcomes. |
| Lead Faciliator/Coach | Course management & Learners access | Creates and updates proprietary coaching methodologies and training materials while tracking client participant progress across multiple engagements. |
| Client Success Manager | Learners access only | Manages client Learner enrollments, progress reporting, and certification issuance without the ability to modify proprietary training content or pricing. |
| Business Development Director | Billing & Course management access | Manages client contracts, pricing, and subscription models while understanding available training offerings without accessing individual client participant data. |
| IT/Platform Manager | IT access | Manages the training delivery platform, client portal integrations, and system security without accessing proprietary coaching content or client relationships. |
| Compliance Manager | Anonymous Reporting access | Handles any internal ethics or client complaint reports separately from client service delivery and content development functions. |
Consumer Services
A repair company needs to maintain consistent quality execution and regulatory compliance. They are looking to enable their regional managers to verify tech certifications, allow quality teams to develop improvement training based on customer feedback, and conduct independent investigations of service complaints. They must also maintain brand standards and protect against conflicts while resolving customer issues.
| Role | Permissions | Why |
|---|---|---|
| Service Delivery Director | All Access excluding anonymous reports | Manages all customer-facing team training for quality standards, service protocols, and safety while remaining separate from customer complaint investigations. |
| Regional Service Manager | Leader/Manager Access | Oversees their territory's technician or service team's completion of certification requirements, customer interaction training, and brand standards. |
| Quality Assurance Manager | Course management + Learners access | Develops and updates service quality training based on customer feedback and mystery shop results while tracking team compliance. |
| Customer Relations Director | Anonymous Reporting access only | Investigate escalated customer complaints and service failure reports independently from the teams delivering the training and service. |
| Scheduling/Dispatch Manager | Learners access only | Ensures technicians have current certifications before scheduling service calls without accessing training content development or quality metrics. |
| Marketing Compliance Manager | Course Management only | Creates and manages FTC/regulatory training for sales and marketing teams on proper consumer communication and disclosure requirements. |
Legal Services
A law firm must operate under the strict bar association rules, separating ethics oversight and firm management. They must enforce mandatory walls between professional responsibility investigations, track continuing legal education, and provide practice development training while also ensuring that client confidentiality and data security protocols are properly maintained across all firm members.
| Role | Permissions | Why |
|---|---|---|
| Managing Partner | All Access | Has ultimate responsibility for all firm training on ethics, confidentiality, continuing legal education (CLE), and professional development compliance. |
| Professional Responsibility Partner | Anonymous Reporting access only | Exclusively handles ethics complaints, conflict of interest reports, and confidentiality breaches as required by bar association rules, completely separate from training management. |
| Practice Group Chairs | Leader access | Tracks their attorney team's completion of required CLE credits and practice-specific training without accessing other practice groups' data or firm financials. |
| Legal Training Director | Course Management & Learners access | Develops and manages internal training programs, mock trials, and research methodology training while tracking CLE compliance across the firm. |
| HR Director | Learners access only | Manages staff training requirements, new hire onboarding, and employment law compliance without accessing attorney CLE tracking or client-related training. |
| IT/Data Security Manager | IT access & Phishing Simulator access | Manages confidentiality and data security training specific to legal client protections and conducts phishing simulations targeting legal industry threats. |
Real Estate
A brokerage needs to maintain strict compliance with state licensing boards, fair housing regulations, and continuing education requirements. They are looking to allow managing brokers to oversee agent compliance within their office, while maintaining crucial separation between ethics investigations and training operations, and ensuring technology adoption keeps pace with industry-specific platforms and tools.
| Role | Permissions | Why |
|---|---|---|
| Broker of Record | All access | Ultimately responsible for all agent licensing compliance, ethics training, and regulatory requirements across the entire brokerage. |
| Office Managing Broker | Leader access | Ensures agents in their offices complete required continuing education, fair housing training, and transaction compliance specific to their market area. |
| Training & Development Director | Course management & Learners access | Creates and updates sales training, market-specific certification programs, and technology platform training for agents across multiple offices. |
| Ethics & Compliance Officer | Anonymous Reporting access only | Independently investigates ethics complaints, fair housing violations, and commission disputes as required by real estate commission regulations. |
| Transaction Coordinator Supervisor | Learners access only | Verifies agent certifications and training completion before allowing transaction processing without accessing training content development. |
| Technology Adoption Manager | IT access & Course management | Manages training for multiple listing systems, transaction platforms, and digital marketing tools specific to real estate technology ecosystems. |
Next Steps
- Audit current users and their roles against the permission matrix.
- Identify 2-3 team members who could benefit from delegated access with appropriate roles.
- Test a Manager role with one of your supervisors to see the scoped access in action.
- Review sensitive access (Billing, Anonymous Reporting) to ensure it's appropriately restricted.
🐪 Llama Fact: Llamas live in structured herds with clear social roles—there are dominant leaders, alert sentries, and nurturing caretakers, each with specific responsibilities that contribute to the herd's success. Similarly, well-defined admin roles help to operate smoothly and securely!