Articles in this section

Core/Security - User access in MySchool - User groups

Rich Slater
  • Updated
Follow

In MySchool user access to data and modules is controlled by their membership of a user group. A user can inherit a role such as a student or teacher, or be placed directly into a fixed membership user group designed to give access to certain areas. 

This is an advanced feature and we invite you to contact our support team or your CSM for advice when dealing with security and access. 

How do users access their relevant portals?

1) Students gain access to the student user group when they are enrolled in any class within the current scholastic year. This allows them to access your student portal. This group is a system default, and our support team will help you build the access as required. Please note that the student group is for your whole student population. You may wish to disable access to the student portal for class levels during certain periods of the year. Please contact our support team for assistance in this.

  • You cannot add users to the student user group; the student must be enrolled in a class.

  • If the student is enrolled in a course and not a class, then they will not have access to the student group permissions.

  • Students who lose their enrolment in the class are not searchable using Quick search. You can reinstate them in a class by using the advanced search

2) Users inherit the role of guardian when they are attached to a student's profile using the contact tabs.

mceclip0.png

To have access to the parent portal, they must have permission (Per.) ticked. Certain functionalities (e.g., permissions and questionnaires are linked to the guardian being classed as the main. The guardian user group is a system default, and we will work with you to configure the required access during your onboarding.

  • Guardians can access all their dependent students in one portal. They can switch between the students to whom they are attached, and the screens will adapt accordingly.

  • If the student is no longer enrolled in a class, then the guardians will also lose access rights until the student is correctly re-enrolled.

  • Guardians who are staff members will use their staff credentials to log into the system, but can switch between staff and guardian views.

  • The relationship type must also be direct to allow for interaction with certain features (questionnaires, permissions, etc).

3) If a user is a staff member or should have access to the staff functionalities, then they must be enrolled as an employee of the school. The staff access group gives minimum access to the MySchool portal. It is a default group.

mceclip1.png

4) Users become Teachers when they are enrolled as a course or class Teacher within the current scholastic year. Certain functionality (attendance, lists etc) can be restricted to their class or course view. Some functionality cannot. Speak with your CSM for further details on access rights for your educators.

  • The course and class Teacher groups can be different. 
  • A teacher's employment does not have to be rolled over; however, their enrolment needs to be updated on a yearly basis to make sure they are attached to an active class.

5) Users who are Mentors (LSE's, SEN educators) gain access to the mentor UI when they are attached to a specific student. They must also be staff members, so set as employed by the school. The mentor user group is another default inherent group.

mceclip2.png

6) Ad hoc user groups are called fixed member groups; users must be manually enrolled into these groups. They can be designed to give specialists access to certain departments. Some of the most common groups we have are finance, discipline, admissions, and curriculum. A user is manually added to these groups either via the user group member tab or within the security tab of their profile.

mceclip3.png
mceclip4.png

How to access

Go to Administer, then Advanced options, then look down to the bottom of the list and find User Group. The permission to edit security user groups would be allocated to Superusers. Talk to your CSM before changing any settings.

User groups

mceclip5.png

Click to open and edit any of the existing groups, or create a new user group. Let's look at the main info tab.

1. Group name

Choose a name which is descriptive and within your own naming conventions. If you wish to classify the user groups in the list view page, then why not use a number or a special character to group inherent groups together? Otherwise, the list page will be in alphabetical order. 

2. Active/Deactivated

Determine whether the group is active or not.

3. Schools

If you have a multi-school system, user groups and their settings can be shared across all schools or customised for certain.

4. User selection

mceclip7.png

 

There are three main ways to become a member of a user group: Inherently (via a role), SQL query (Custom group creation), or Fixed members only (Manual). Determine how users gain access to the user group settings.

  • Inherent
    • Course Teachers - When a user is added as a course teacher to an active course
    • Class Teacher - When a user is added as a class Teacher
    • Active students - When a student is enrolled in a course/class.
    • Staff - When the user is selected as an active employee in their employment tab
    • Guardian - When a user has a relationship set with a student dependent. (Added as a contact to a parent).
    • Mentors - When a user has an attached mentored student.
    • Donor - When the user is activated as a donor in the donor tab of their profile.

    • Subject Administrator - When the user is added as an administrator within a subject.

       

  • Fixed members only

Users can be manually added to the group using the people picker. In the case of a distribution group, both students and users can be added. For security groups, you must keep students/users separated.

Don't forget to add an access context (member tab) when you have added members to the group.

5. Type

mceclip8.png

There are two types of groups: Security and Distribution. Security is for access purposes, whereas distribution is adapted so that communications can be sent to the members via the people picker. Distribution groups can also be used in admissions and behaviour modules for automated emails. You can create distribution groups for billing purposes as well.

6. Information panel

A great way to keep track of permissions and changes. Make sure you log the basics for your team to follow. You can also outline the permission level for GDPR audits.

7. Group editors

This feature is used for a larger scale level of operations where user group access permissions are set centrally. Entering a user group in this field will stop any other user groups from editing the permissions. They can still add members, but not change permissions.

If no user group is entered here, then anyone with Manage Groups Advanced permission can change permissions.

Setting up a User Group

If you have created a fixed member group, you can add the users directly in the members tab. For inherent groups, this is not possible as explained previously. Select People, and use the people picker to select your members. 

mceclip9.png

You can then choose the level of access appropriate for the users. This is also known as Context. 

mceclip10.png

Use the pen icon to determine the level of access they should have. The orange triangle shows that even though the user is a member, they have no context set. Select the levels. If you select the top-level, then the user will have access to all the child levels below. In a multi-school instance, you need to add the same access levels for all the relevant schools if the user can access them.

mceclip11.png

User Roles and Context

The user roles are an advanced feature within MySchool, which allows our schools to configure their user's access based on their functional needs. Each role permits users to access information based on security restrictions and context.

mceclip1.png

The options available for access are:

  • No - This is no access.

  • Yes - Access depends on the role (Guardian UI for guardians, Yes/No, view appointments, etc)

  • All - Access to all levels within the security tree, irrespective of context. For multi-school instances, this allows users to access this information across schools as well.

  • Restrict to school levels of classes/courses taught - This means that course/class Teachers will access the school-level information (Primary, Middle, Secondary, etc.). Certain functionalities and reports have this level as mandatory.

  • Restrict to courses/classes taught - This is the minimum level for a course or class Teachers. This will allow them to see only the courses/classes in which they are enrolled. There is no distinction between the main Teacher and a secondary Teacher. 

  • Restrict to school level of mentored students - The mentor function works with slightly different access, as in certain functionalities, the mentor will only be able to see their mentored student, so they will not be able to access other profiles.

  • Restrict to security context - This will appear in fixed member groups. It allows access based on the level set in the Members tab when creating a user group and adding users.

mceclip2.png

Please contact our support team to discuss your security groups before amending any access rights. We are more than happy to assist with these. Certain functions are limited to certain security functions.

Was this article helpful?
10 out of 10 found this helpful
Return to top

Related articles

Comments

0 comments

Please sign in to leave a comment.