Use Groups to assign users a consistent set of permissions (policies) across the platform, and combine them with Teams to scope what data those users can see.
- Collections of users that are assigned policies.
- Policies define what actions users can take (e.g., view analytics, enroll learners, create teams).
- Best for role-based access (e.g., account executives, enrollment managers).
- Collections of learners (e.g., Company A students).
- Used to scope data visibility so managers only see their own learners’ data.
- Best for data segmentation (Company A vs. Company B).
- Go to Tenant Settings → Management → Groups.
- Create a group by providing:
- Group name
- Description
- Group members (add or remove at any time as a tenant admin)
- Save the group.
Anyone added to the group automatically inherits the policies attached to it.
- Open Policies in Management.
- Each policy can have groups assigned to it.
- Add a group by searching for it and selecting it.
A group like SBA Corporate Account Executive may be assigned policies that include:
- Enrollment Manager
- Analytics Viewer / Reader
- List Users
- List Teams
- Create Teams
- Access to all user reports
This allows group members to:
- View users and teams.
- Create teams.
- View and download analytics.
- Enroll learners by sending invitations.
If you want someone to:
- Have a role like Analytics Viewer, but
- Only see data for a subset of learners (e.g., Company A only),
Then you should:
- Create a Team.
- Add the learners who belong to that company or cohort.
- Create or use a Group
- Example: Company A Analytics Viewer.
- Assign the Team to a Policy.
The policy links:
- The analytics role
- The specific team
- Add users (or a group) to that policy.
Company A managers:
- Can see only Company A’s analytics.
- Cannot see Company B’s data.
- Cannot invite users or manage content unless explicitly allowed.
Depending on assigned policies, group members can:
- View lists of users and teams.
- Access analytics dashboards and reports.
- Create and manage teams.
- Enroll users into content via invitations.
What they cannot do is determined entirely by the policies attached to their group.
Groups provide clean, role-based permission management, while Teams ensure data stays properly segmented. Together, they give you fine-grained control over who can do what and which learners’ data they can see.