Cal State Training Resources

Updating Security Roles

Updated on

This article covers how to update security roles in CSU Learn.


  • Users are automatically given security roles through the data import of CSU-Learner or CSU-Manager based upon their role on campus.
  • More advanced LMS administrator security roles can be assigned at the campus level which will allow for assigning, reporting, or managing learning activities.
  • Granting a security role (other than the default) is synonymous with a user becoming an LMS administrator or having LMS administrator in SumTotal.
  • Users will need to be manually adjusted from one role to another. 
  • Security roles should be requested through the campus domain administrator and applicable training should be provided for anyone who needs LMS administrator access.
  • A list of security roles can be found here (link to where we host all the security roles on LMS SharePoint site).

Security Role Definitions

The following provides simple definitions for security roles within SumTotal. The following should be reviewed prior to assigning rights to employees on campus.

Security Administrative Rights Chart that includes: CSU – Domain Administrator, CSU – Campus Administrator, CSU – Training Administrator, CSU – Instructor, CSU – Activity Builder, CSU – Reports Administrator, CSU – Support Administrator, and CSU – Manager (Default), CSU – Learner Default). More Editing Ability at the top and less editing ability at the bottom.
Security Role Definition
CSU - Domain Administrator

The domain administrator role is the highest role a person on campus can hold. This role should be limited to 1-2 people at the campus level. The domain administrator role serves as the point of contact on campus and main contact with the Chancellor’s Office systemwide LMS team. This role will be able to field questions and assist those security roles below them. This role holds all the functionality of the roles beneath them and can also customize notification templates, dashboards, and diplomas. Rule of thumb is the fewer admins at this level, the better. 

CSU - Campus Administrator

The campus administrator role can do everything a training coordinator can do plus it can manage proxy settings. This should be limited to those who will be power admins in the system and have an expanded role with online learning, ILT, reporting, and managing content at a department level or higher.

CSU - Training Administrator

The training coordinator role for those who manage mostly online assignments of courses and have access to reporting. The role mainly has access to viewing and some editing capabilities. This role usually assigns users to audiences, organizations, and jobs. Most administrators should fall into this category, especially if they only oversee one or two online course assignments and reporting.

CSU - Instructor

The instructor role is assigned to those instructors of ILTs who would like to build and manage their own ILTs in SumTotal. This role has access to build and edit activities along with managing the roster for learning activities. This is more of an advanced role for instructors who don't want to rely on an admin to build their learning activities and have the knowledge to be self-sufficient.

CSU - Activity Builder

The activity builder role focuses on building learning activities in the LMS. This role was specifically designed for those who might come in specifically to build ILTs, curriculums, or other learning activities in high volume. The role could be assigned to student assistants or employees with a temporary assignment.

CSU - Reports Administrator

The reports administrator role is for administrators who solely focus on building reports in the Advanced Reporting area of SumTotal. The reports administrator role is limited and cannot build or edit in other areas such as audiences, organizations, and learning activities.

CSU - Support Administrator

The support administrator is a view-only role designated to view the properties of users and activities but not edit them. This role is best suited for Help Desks to assist in end user support or auditors who need to view the properties / information on users and activities. 

CSU - Manager

The manager role is a default role assigned based upon data received from PeopleSoft. Those with direct report and have been associated as a manager, will (by default) have this role. This role does not have any advanced security rights but can view and assign training to their direct reports. This role also has access to the manager dashboard which is a summary of their direct reports and their training status.

CSU - Learner

The learner role is the foundational role within the SumTotal LMS. Any user who has not been assigned to a security role or is not a manager will receive this role by default. This role is determined by PeopleSoft data stating the user does not have any direct reports. This role does not have any security rights and can only search, register and launch training. 

How to Assign / Update a Security Role

Step 1: Go to Administration > Quick Links > All Users.

Green step one is to click on Administration. Green step two is to click on Quick Links. Green step three is to click on All Users.

Step 2: Search for the user you would like assign / update their security role.

Search criteria can be: First name, last name, CEPID, e-mail address or partial name as the system will start populating as you type.

Search for the user.

Step 3: Locate the user and click on the search results. A mini-profile will slide out from the right hand side of the screen.

Green step one is to click on the user. Green step two is the mini-profile.

Step 4: Click on the name of the user hyperlinked in blue to see their profile details.

Green highlight box showing the location of the name that is hyperlinked.

Step 5: Click on Personal > User Account and Personal Details.

Green step one is to click on the Personal tab. Green step two is to click on User Account and Personal Details.

Step 6: Locate the User Security Role drop down.

Green highlight box showing the location of the User Security Role.

Step 7: Assign or update the security role to appropriate security permission.

Assign a security role.

Step 8: Check the box Can view domain users.

Green highlight box showing the location of the Can view domain users checkbox.

Step 9: Scroll down to the bottom of the page and click on the Save button.

Green highlight box showing the location of the Save button.

If you are updating a security role from an admin role to a default role or CSU-Manager or CSU-Learner, please make sure to check if they have direct reports before changing this role (instruction to verify are below).

How to Validate a User as a Manager or Learner

Step 1: Follow steps 1-5 above and once you have landed on the Account Overview page, click on the Learning > Users.

Green step one is to click on Learning tab. Green step two is to click on Users.

Step 2: Verify if any Direct Reports are listed.  

  • If a user does not have any direct reports, change their role to CSU-Learner.
  • If a user does have direct reports, change their role to CSU-Manager.
Direct Reports will display.

Step 3:  Once verified go to Personal > User Account and Personal Details.

Green step one is to click on the Personal tab. Green step two is to click on User Account and Personal Details.

Step 4: Change security role and click on the Save button at the bottom of the page.

These steps should only be taken if you are removing a more advanced security / administrator role to a default role. You should never change a user’s role from manager to learner or vice versa. This is determined by the information received from PeopleSoft.

Green step one is to update the user secuirty role. Green step two is to click on the save button.

This concludes how to update security roles.

Previous Article Training Transcripts
Next Article Retiring Activities
Still Need Help? Contact Us