Maintaining user privileges & data access
To ensure schools have the tools to appropriately manage access to Orah software functions and the student data within it, Orah has developed four key building blocks that can be used to create an access model that works for each school.
Administrators can create multiple ‘roles’ which can be used to assign functions and data access to multiple users.
Should specific users require custom access, additional permissions can be set for each staff user. These permissions can be used alongside, or separate to, user roles.
For both user roles and additional permissions, administrators can assign students record access also. Access to student records is dependent on the specific product privileges assigned the user, and the students assigned to the user.
Student assignment is constructed by using three primary options:
All students: the users can access all student records for active students
Specific students: users can access students matching specific access criteria
None: no student records can be accessed
Specific student access criteria
When users are assigned specific user access criteria, this can be be based on one or more of the following:
Houses: if checked, this option ensures that users will have access to the students that are linked to the same houses that the user has also been assigned to
SIS groups: if the integration of groups or classes is supported by your student information system integration, staff users can access the student records of students assigned to the same SIS groups that they are commonly linked to.
Tags: staff roles or user permissions can be assigned to specific tags representing a group of users in Orah
Recommended best practice
User roles as preferred access control
Where possible, we recommend adopting user roles as the most effective way to ensure appropriate levels of access to software features and student data is maintained. As multiple user roles can be assigned to users to build up a set of privileges, it should be possible to create the appropriate access levels for all users, while still maintaining good visibility and control without having to configure each user permissions.
Migrate from access / additional permissions settings
To ensure the introduction of user roles did not inhibit existing users, the previous ‘access’ settings were migrated to staff user level ‘additional permissions’. We recommend reviewing these settings and where possible, migrating to user roles by:
Creating and assigning the appropriate user roles to staff users
Editing ‘additional permissions’ and removing the existing additional permissions
By creating and assigning roles in advance of removing existing additional permissions, users should continue to have the required access levels.
Sync groups / classes / assignments where possible - SIS Groups
If supported by your school information system (SIS) integration, we recommend syncing groups from your school SIS as a scalable way of maintaining access control to student records, using staff and teacher assignments from the primary school information system.