Using Delegated Administration

The Echo360 active learning platform allows for a three-tiered organizational hierarchy using the following levels: Institution > Organization > Department. The Institution (also referred to as a "tenant") is the top-most level of the hierarchy and  represents your Echo360 institutional account.

Within each institution there can be one or more organizations. Typically the organization identifies a school within the university, such as a Medical school or Business school or other entity. Each organization can then have one or more departments, such as the Nursing department or the Accounting department.

When you create courses, you have the option to assign those to an organization and/or a department. You don't have to group courses under an organization or department, but for larger deployments they can be useful for finding and categorizing courses and the sections that reside within them.

In addition, system features, such as content downloads or Q&A tab access, can be enabled or disabled at the institution, organization, and department levels.

To allow for distributed responsibilities for managing different items within the system, Echo360 allows you to turn on Delegated Administration, then select which Administrator users have access to objects at different hierarchical levels. You are able to delegate administration to different departments, organizations, or to the institution.

Delegated administration effectively allows or restricts access to objects and features based on their association with a level in the hierarchy. Meaning that an Admin who is given rights to only Department X and Y can enable or disable features for those departments, and create, edit, or delete courses, sections, and section schedules for only those courses associated with those departments.

BY DEFAULT, all administrators can access all aspects of the system. You must remove the default "institution level" access, which removes all lower-level administrative access. Then you can explicitly enable administrative access to the appropriate organizations and/or departments.

Delegating admin access to a particular organization or department limits that admin's access to the following:

If delegated administration is turned on for the institution, you will see an Administrators tab on the right side of the Institution Settings page. Clicking on an organization or department level to which you have admin privileges changes the right panel to show the options you have.

Click Administrators to edit which administrators have rights to that level. You will NOT see your own name; you cannot add or remove rights for yourself. Another admin must do that for you.

Institution settings page showing admin view who has rights at different levels along with Admins tab for editing admin rights for the level

If an organization or department is grayed out, you do not have administrative rights to that hierarchical level. If you click on a grayed org/dept, the panel on the right changes to show a message indicating that you do not have privileges to edit the information for that level.

Neither Rooms nor Users are subject to the organizational hierarchy except to the degree that an admin cannot create or grant rights to an admin above his/her own level of delegated access. Otherwise, these objects are visible and can be administered by all users with an admin role in the system. Rooms assignment to specific hierarchical levels is a feature to be implemented shortly.

To enable and set delegated administration:

  1. Log in as an administrator and click the Settings icon in the top right corner (it looks like a gear).
  2. Select Institution Settings.
    The Institution and all organizations and departments are listed on the left, with settings and options tabs shown on the right.
  3. If necessary, click the Institution at the top of the left panel to refresh the page.
  4. Depending on the number of users in your system as well as the number of Admin-role users, the system may take several seconds to display the options on the right side of the page. We are aware of this issue and are addressing it.

  5. Click Features from the right side of the page.
  6. Find and enable the Delegated Administration toggle.
  7. Review the confirmation message and click Yes.
  8. Click the Administrators tab that appears on the right side of the page after the page refreshes.
    All Admin role users in the system are listed, and initially all are checked. This means all administrators have access to all objects in the system.
  9. To restrict an Admin's access beyond a particular organization or department you must uncheck that admin at the institution level. This clears the checkbox for that user for all organizations and departments. Use the Search box at the top of the list to find the user if necessary.
  10. Navigate to and select the Department or Organization node from the left to which the user should have administrative rights.
  11. NOTE: Enabling access for an Organization automatically enables access to all departments. To enable rights for some departments but not others in the Organization, you must uncheck the user for the organization first, then enable the user for the individual departments. See Inherited vs. explicitly set permissions below.

  12. Select the Administrators tab on the right for the selected Department or Organization.
  13. Find the admin in the list and enable the checkbox next to their name.

You should never see your own name in an admin list; you cannot change your own permissions.

Inherited vs. explicitly set permissions

Understand that permissions are given from the top down, but not necessarily removed from the top down, once explicitly set at lower levels. The system assumes that if you have higher level administrative permissions, you can automatically administer all items below that in the hierarchy. Lower levels inherit access from upper levels.

The first time you configure administrative access, removing upper-level permissions automatically clears all lower level permissions for that user. But this is only true until you explicitly set admin access at a lower level. Once that is done, that node will inherit access but it will NOT inherit restriction or non-access (checkbox clearing) from the upper level. At this point, clearing the checkbox at the upper level only removes the check (access) for lower nodes that were never explicitly set.  Once explicitly set at a lower level node, administrative privileges must also be explicitly removed from the lower level node, if and when that is desired.

Basically, here is how it works:

IMPORTANT: If you have objects in the system that are not assigned to an organization or department, only administrators with Institution-level admin permissions will have access to those objects. You may need to assign or re-assign items within your system accordingly.