User Roles and Permissions

Overview

The User Roles module allows Superusers to create standardized permission templates. By grouping access rights into roles (e.g., "Aftercare Staff" or "Pre-Primary Teachers"), administrators can manage system security for entire departments simultaneously rather than configuring each staff member's profile individually.

Navigation Path

My School > Staff > User Roles

Purpose of Feature

The primary goal of User Roles is to ensure administrative efficiency and data security.

• Efficiency: Apply global changes to a role that immediately update all linked staff members.

• Security: Ensure that staff only have access to the specific modules required for their job function.

• Consistency: Standardize what different levels of staff can see or edit across the school.

Step-by-Step Instructions

1. Creating a New User Role

The system includes six default role titles. You can edit these or create new ones from scratch.

1. Click the Add New button.

2. Title: Enter the role title in both English and Afrikaans (e.g., "Educator / Opvoeder").

3. Status: Ensure the status is set to Active.

2. Configuring Access Tabs

Complete the four configuration tabs to define the role's boundaries:

• Program Access: Define the level of interaction for each module:

  • None: The module is hidden from the user.

  • View: The user can see data but cannot edit, add, or delete anything.

  • View and Change: The user has full administrative control within that module.

• Direct Message Options: Select specific communication permissions (e.g., "May use email function").

  • Note: Email is free, but the school is billed for all SMS communications.

• Group Message Options: If d6 Connect is active, assign a communication role (e.g., "Group Administrator") and specific rights for public/private channels.

• d6+ Finance Add-ons and Exporting: Select Yes or No for specialized tools.

  • Important: Granting "Export to Excel" allows users to take data offline; use this right judiciously.

4. Click Save to finalize the role.

3. Assigning Roles to Staff

Once the role is created, you must link it to individuals:

1. Go to My School > Staff > Staff.

2. Edit a staff member's profile and select the created User Role from the dropdown menu.

Frequently Asked Questions (FAQ)

Can I temporarily stop teachers from editing marks? Yes. Instead of editing every teacher, go to the "Teacher" User Role, navigate to Program Access, and change option 2.2 Learner Marks to "View." All staff linked to that role will immediately lose the ability to add or change marks until you switch it back to "View and Change."

What happens if I edit an existing role? Any changes made to a User Role are global. For example, if you add "Email Rights" to the "Admin" role, every staff member assigned to that role will instantly receive those rights.

How do I handle a staff member who needs unique rights not in a role? It is best practice to create a specific role for that unique position (e.g., "Librarian") rather than managing them individually, as this maintains a cleaner audit trail.

Restrictions & Reasons

1. Superuser Exclusive

• Restriction: Only the designated Superuser can access the User Roles module.

• Reason: This prevents staff from granting themselves elevated permissions, ensuring that sensitive financial and academic data remains protected.

2. Exporting Data

• Restriction: Access to Excel exports is a separate, explicit toggle.

• Reason: Exporting data removes it from the secure d6 environment. Limiting this right is a key part of POPIA and GDPR compliance for school data protection.

3. Active vs. Inactive Roles

• Restriction: You cannot delete a User Role that is currently assigned to staff; you must set it to "Inactive."

• Reason: This prevents "orphaned" user profiles where a staff member might lose all access or retain ghost permissions because their assigned role was deleted.