Skip to main content
All CollectionsBest Practices
Staff Roles and Permissions Best Practices
Staff Roles and Permissions Best Practices
Nicholas Hillier avatar
Written by Nicholas Hillier
Updated over a year ago

Maintaining user privileges & data access

To ensure schools have the tools to appropriately manage access to Orah software functions and the student data within it, Orah has developed four key building blocks that can be used to create an access model that works for each school.

User roles

Administrators can create multiple ‘roles’ which can be used to assign functions and data access to multiple users.

Additional permissions

Should specific users require custom access, additional permissions can be set for each staff user. These permissions can be used alongside, or separate to, user roles.

Assigned students

For both user roles and additional permissions, administrators can assign students record access also. Access to student records is dependent on the specific product privileges assigned the user, and the students assigned to the user.

Student assignment is constructed by using three primary options:

  • All students: the users can access all student records for active students

  • Specific students: users can access students matching specific access criteria

  • None: no student records can be accessed

Specific student access criteria

When users are assigned specific user access criteria, this can be be based on one or more of the following:

  • Houses: if checked, this option ensures that users will have access to the students that are linked to the same houses that the user has also been assigned to

  • SIS groups: if the integration of groups or classes is supported by your student information system integration, staff users can access the student records of students assigned to the same SIS groups that they are commonly linked to.

  • Tags: staff roles or user permissions can be assigned to specific tags representing a group of users in Orah

Recommended best practice

  • User roles as preferred access control
    Where possible, we recommend adopting user roles as the most effective way to ensure appropriate levels of access to software features and student data is maintained. As multiple user roles can be assigned to users to build up a set of privileges, it should be possible to create the appropriate access levels for all users, while still maintaining good visibility and control without having to configure each user permissions.

  • Migrate from access / additional permissions settings
    To ensure the introduction of user roles did not inhibit existing users, the previous ‘access’ settings were migrated to staff user level ‘additional permissions’. We recommend reviewing these settings and where possible, migrating to user roles by:

    • Creating and assigning the appropriate user roles to staff users

    • Editing ‘additional permissions’ and removing the existing additional permissions

By creating and assigning roles in advance of removing existing additional permissions, users should continue to have the required access levels.

  • Sync groups / classes / assignments where possible - SIS Groups
    If supported by your school information system (SIS) integration, we recommend syncing groups from your school SIS as a scalable way of maintaining access control to student records, using staff and teacher assignments from the primary school information system.

If you have any questions after reading through, click the blue chat icon at the bottom right-hand corner of this page. This will start a conversation with one of Orah's Team.

Did this answer your question?