eSchoolPlus Security Overview
On this page:
This topic provides information related to security for eSchoolPlus users. For more information on security for staff members, guardians, and students, refer to About Security for Users, Staff, Guardians, and Students.
About user profiles
A user profile stores the login ID, email addresses, and security resources for eSchoolPlus users. Only users who access pages from the eSchoolPlus menu need a user profile.
About security resources
Assigned resources grant users permission to features within an eSchoolPlus package and subpackage. Resources can be assigned at the package and subpackage level, as well as the feature level.
Package is a software application within eSchoolPlus, such as Registration. A user with package access has security to all pages and features for that package.
Subpackage is a group of pages and features within a package. A user with subpackage access has security to the features under the associated package, such as the Maintenance features in Registration.
Feature applies to a specific page, group of pages, specific function, report, calculation, or a specific field. For example, security resources are available for the following features:
- Maintain the Personal Page
- Maintain Meal Status field
- Delete Entry/Withdrawal Records
Some resources control a user's ability to access a specific page and to filter or sort on related data. For example, a user will not be able to filter reports using fields on the Personal page unless the user has at least Read access to the Personal page.
About Read and Read Or Write access
For each resource, specify the access level to grant the user. For most resources, access is granted by building so users can update information in one building and view information for others. For example, a counselor at a high school may be able to edit Registration information for high school students, but only view it for middle school students.
The image below illustrates how Read and Read/Write access display on the Security Profile page. To change access, click the Edit icon for the resource.
Read access grants the user the ability to view but not edit data. Note that users can generate reports with either Read or Read/Write access for the resource.
Read/Write access grants the user the ability to add, change, or delete information.
A user's security access is based on the highest level granted for a specific building. So if the user has REG MAINT DEMOGRAPH (Maintain Demographic Information) with Read access for all buildings but Read/Write access for building 2, then the user will have Read/Write access to building 2 and Read access to all other buildings.
Resources allow you to grant Read and Read/Write access, but for some it does not matter whether you grant Read or Read/Write access. For example, a user will be able to run a report with either Read or Read/Write access.
About district-wide resources
Some resources are considered district-wide resources. These resources typically relate to pages not limited by building. For example, REG SETUP DISTRICT is a district-wide resource that allows the user to access the District Definition page. To view a list of the district resources, refer to District Level Resources (in the online help).
On the Security Profile page, district resources display checkboxes instead of a building list in the Read and Read/Write columns.
Note
Users will only have security for a district resource that is granted by the package or subpackage if the user has access to all buildings. If the user only has access for some buildings, then the district resource will not be granted to the user. For example, if a user has REG SETUP ALL with access for only buildings 2 and 3, then the user will not be able to access the District Definition page.
Add the resource as a separate row if the user should have access for the district resource.
About granting access for a package or subpackage
When you grant resources by selecting a package or subpackage, the user will have the same access to all of the related resources. This is a useful way of assigning security when a user has the same Read or Read/Write access for all pages and features in a specific area. For example, if a user should be able to enter all Registration information for building 1, grant the user REG MAINT ALL with Read/Write access for building 1.
However, granting access at the package or subpackage level may not be appropriate for a user. Consider the following:
- Some notifications use a security resource to determine the buildings for which the user should receive notifications. For more information on how notifications use security, refer to the Notification Grid in Additional Resources.
- The Attendance, Attendance Chart, Behavior, Behavior Chart, Enrollment, and Enrollment Chart widgets on the Home page display building data based on the user's access for the security resource for the widget. For more information, refer to Managing Home Page Widgets for Your Users.
- If a user needs access for a district-level resource, you may need to grant the user that resource in addition to the package or subpackage security. For example, a user who will edit Registration validation tables and all Registration setups for building 1 needs both REG SETUP ALL with Read/Write for building 1 and REG SETUP VALTAB with Read/Write access. For more information, refer to District Level Resources.
About roles
Roles allow you to grant multiple users the same group of resources, reducing the need to manually assign security resources to individual users.
Defining a role
To define a role, create a role profile. A role profile contains general information about the role, such as Role ID and description, a group of security resources and access levels, and default building settings.
For each resource, select the buildings that users will be able to access. You can grant access to one of the following:
- the user's default building
- the user's default building list
- a building list to assign to all users who are assigned to this role.
Assigning roles to users
When you assign a role to a user, the user is granted security resources required to perform the role's functions in the specified buildings.
For role resources that must be performed in a building not in the user's default building list, you may be able to override default building assignments and enter buildings in which the user should have the security resources specified in the role profile. For more information, refer to the "Overriding user's access for a role" section of this topic.
Users may be assigned to multiple role profiles. The higher access level for a resource will override any lower-level access restrictions.
For example, if a user's has REG MAINT DEMOGRAPH (Maintain Demographic Information) with Read/Write and a role that has REG MAINT DEMOGRAPH with Read, the user will have Read/Write access.
Overriding user's access for a role
In some cases, you may need to override a user's default building list for a resource granted as part of a role. Use the Override field in the Default Building and Default Building List columns to override the building assignments for the role.
Note
When you override the role's building for a user, you are not changing the building list for any resource that is set to use specific buildings instead of the user's defaults. You cannot override these building assignments for a role. If this building access is not correct for a user, remove the role from the user, or modify the role. Changes to the role will affect all users assigned to it.