Industry: QSR
Challenge I am facing today: We have external partners who use our instance of Absorb (franchise restaurant locations). We maintain accounts for users who are leaders (e.g. store managers), but the team members that work at the store are not managed by us. Those users use enrollment keys to create accounts. Our external partners are incented to meet training completion goals, measured as a percentage of their users. In order to not get penalized for enrollment key users who are no longer employed bringing down their training completion averages, we need a way for them to remove those accounts, WITHOUT modifying the accounts. If they modify the accounts, they could change user profile data that would cause course enrollment and resource availability rules to show them content they should not see. Ideally, I could give these external store managers the ability to delete users - the only users they can admin are these enrollment key users, so they would only be able to delete those accounts, preserving the data integrity of the users managed by integrations. However, in order to give them the ability to delete users, they need the delete user AND modify user permission.
Proposed solutions:
Isolate the modify users and delete users permissions so they can be assigned to roles independently.
Create the ability to deactivate ONLY users that were created with an enrollment key.
Who needs this functionality: As an admin, I need the ability to assign discreet permissions to users. I need to be able to allow some users to only delete users, others to modify and/or delete users, and (for the vast majority of users) the ability to not allow either modify or delete user. Ultimately, this is to manage the end of an enrollment key user lifecycle; the enrollment key provides an elegant way to create a user account without oversight, but without the ability to isolate the delete permission, there is no way to remove or deactivate those accounts.
The impact of this change would be a reduction in unneccesary calls to our internal service desk to delete user accounts for users who are not our employees.