This functionality is available for Item Bank Managers.

This article will guide you through the new advanced permissions feature for Item Banks. You will learn how to use a Three-Part Access Model involving the Item Bank, Access Groups and Author user roles (including Custom User Roles (CURs)) to achieve more granular control over content, along with best practices for implementation

How to Control Access

The Item Bank permissions functionality introduces a powerful way to control access to your content by combining Access Groups and user roles/Author Custom User Roles (CURs). Crucially, a user's access to an Item Bank is granted solely by the combination of their membership in an Access Group and being granted the user role that is linked to that group. This relationship allows you to specify exactly which users can access a particular Item Bank and what actions they can perform within it. If a user does not have this specific combination, they will only gain access if they possess the overarching Extended Access role.

Think of the relationship as a Three-Part Access Model:

• The Content: The specific Item Bank (what is being accessed).
• The Actors: The Access Group(s) assigned to that Item Bank (who has access).
• The Actions: The Author user role(s) associated with those Access Groups (what they can do).

To create an Item Bank, it must have at least one Access Group assigned to it.

All Planners who are member of the Access Group have access to add the Item Bank content to tests, and manually sharing content with the Planner is no longer required.

Visualising the Access Models

The diagrams below illustrate how the Three-Part Access Model is applied to both granular and simplified access scenarios across multiple Item Banks. You can configure the model in whichever way best serves the needs of your institution.

• Granular access controls

  This may suit an institution who has a decentralised approach to Authoring - i.e. each module or subject area has its own Authors, so variations in access are required across Item Banks.

  This granular access example only displays two Access Groups, although you will be able to add up to five Access Groups per Item Bank (see the Best Practice Recommendations section below for more details). 

  

• Simplified access controls

  This may suit an institution that has a more centralised approach to Authoring - i.e. Authoring activities are managed by a central team for all Item Banks. 

  

Setting up Access Groups and Author user roles

When managing an Item Bank (via the Properties tab), you will associate one or more Access Groups with one or more Author user roles. As illustrated in the screenshot below, this association defines the permissions for the users within that group.

You can assign up to five distinct Access Groups to a single Item Bank, and each of those groups can be linked to one or multiple CURs. If you anticipate needing more than five Access Groups for a single bank, please reach out to our Service Desk for assistance.

We strongly recommend that you carefully consider the level of access control required. While increasing the number of Access Groups offers highly precise permissions, it also increases the administrative effort needed to keep the member lists updated.

Nested Access Groups

Please note: If Access Groups are nested (featuring a parent and child hierarchy) and the Item Bank is associated with the child Access Group, the members of the parent Access Group do not currently receive access automatically.

Users must be explicitly added to the child group to gain access to the Item Bank.

Note on Blank Custom User Roles

It is possible to keep the Custom user role(s) field blank for an Access Group. In the case where only one Access Group is defined for an Item Bank and the CURs field is left blank, only users who are members who possess the Author system role will gain access to that Item Bank. This is an intentional mechanism to restrict access to certain Item Banks to only your existing Author users.

Best Practice Recommendations for Granular Access

If you require a complex or granular approach to permissions—meaning different users need different levels of access across various Item Banks—we recommend a formulaic approach:

1. CUR Setup (Reusable and Static): We advise creating and publishing your required Author CURs (e.g., View Only, Edit Only, Full Access) upfront. Since these roles define the actions users can take, they can be reused across multiple Item Banks and should therefore remain static. You can use the Starter CURs we provide (Author View Only CUR, Author View and Edit Only CUR, Author Full Access CUR), or edit the Starter CURs to meet your needs, or entirely create your own CURs (see Author Custom User Roles (CURs): create, edit, delete, and assign to users for more details).
2. Formulaic Naming: Create Access Groups specific to the Item Bank and level of access. For example, for an Item Bank named 'Civil Engineering' you might create:
   • Access Group: 'Engineering Authors', linked to the Author Full Access CUR.
   • Access Group: 'Engineering Viewers', linked to the Author View-only CUR.

Linking a specific Author CUR is the key to completing the Three-Part Access Model and defining the exact level of access (e.g., View, Edit, or Full) for the users in that Access Group. Otherwise you could leave the Custom user role(s) field blank and assign those users the Author system role (see section above)

Recommendation: We suggest starting with only a few Access Groups per Item Bank initially and trialling this configuration to assess its effectiveness. Keeping to a formulaic approach for all Item Banks will also help with tracking which access controls are required each time an Item Bank is created, reducing administrative burden.

Simple Access Model

If a simpler access model is sufficient, you can follow these steps:

1. Create one Access Group and assign all your Authors to it.
2. Link this Access Group to the Author Full Access CUR. Alternatively, if you want all Authors to have full access to all Item Banks, you can simply grant them the Author system role and leave the CUR field as blank. This will override the need for CURs entirely (see next section).

The Author System Role and Default Access

It is important to understand the difference between CURs and system roles:

• Author System Role: Adding a user to an Access Group, associating that group with an Item Bank and then granting the user the Author system role gives that user full access to the Item Bank. This is particularly useful if you do not require more granular permissions.
• Custom User Roles (CURs): If you wish to restrict access to specific content, use Author CURs instead. Access is granted solely through the Item Bank/Access Group/CUR relationship defined in the Item Bank's Properties tab.
• Author System Role + Extended Access: Granting a user the Author system role plus Extended Access gives them access to ALL content across ALL Item Banks. This acts as a super user role. Use this role only for users who require a broad, system-wide content overview.
• Planners: Planners can see any of the question set content in preview form when attaching a question set to a test in Deliver. All users with default, system-wide access (Authors, Planners, Extended Access users) are listed in the 'All' view within the Access tab for Item Banks.

Next steps

Now that you understand the Three-Part Access Model for setting up Item Bank permissions, take a look at the Access tab for Item Banks. This article will guide you through managing and monitoring exactly who has access to the content within the Item Bank.