In MySchool user access to data and modules is controlled by their membership of a user group. A user can inherit a role such as a student, Teacher, or be placed directly into a fixed membership user group designed to give access to certain areas.
This is an advanced feature and we invite you to contact our support team or your CSM for advice when dealing with security and access.
How do users access their relevant portals?
1) Students gain access to the student user group when they are enrolled in any class within the current scholastic year. This allows them to access your student portal. This group is a system default, and our support team will help you build the access as required. Please note that the student group is for your whole student population. You may wish to disable access to the student portal for class levels during certain periods of the year. Please contact our support team for assistance in this.
- You cannot add users to the student user group, the student must be enrolled in a class.
- If the student is enrolled in a course and not a class, then they will not have access to the student group permissions.
- Students who lose their enrolment to the class are not searchable using Quick search. You can reinstate them in a class by using the advanced search.
2) Users inherit the role of guardian when they are attached to a student's profile using the contact tabs.
To have access to the parent portal, then they must have permission (Per.) ticked. Certain functionalities (e.g permissions, and questionnaires are linked to the guardian being classed as main). The guardian user group is a system default, and we will work with you to configure the required access during your onboarding.
- Guardians can access all their dependant students in one portal. They can switch between the students to which they are attached and the screens will adapt accordingly.
- If the student is no longer enrolled in a class, then the guardians will also lose access rights until the student is correctly re-enrolled.
- Guardians who are staff members will use their staff credentials to log into the system but can switch between staff and guardian views.
3) If a user is a staff member or should have access to the staff functionalities, then they must be enrolled as an employee of the school. The staff access-group gives minimum access to the MySchool portal. It is a default group.
4) Users become Teachers when they are enrolled as a course or class Teacher within the current scholastic year. Certain functionality (attendance, lists etc) can be restricted to their class or course view. Some functionality cannot. Speak with your CSM for further details on access rights for your educators.
- The course and class Teacher groups can be different.
- A Teachers employment does not have to be rolled over, however, their enrolment needs to be updated on a yearly basis to make sure they are attached to an active class.
5) Users who are Mentors (LSE's, SEN educators) gain access to the mentor UI when they are attached to a specific student. They must also be staff members so set as employed by the school. the mentor user group is another default inherent group.
6) Ad hoc user groups are called fixed member groups, users must manually be enrolled into these groups. They can be designed to give specialists access to certain departments. Some of the most common groups we have are finance, discipline, admissions, and curriculum. A user is manually added to these groups either via the user group member tab or within the security tab of their profile.
How to access
Go to Administer, then Advanced options, then look down to the bottom of the list and find User Group. The permission to edit security user groups would be allocated to Superusers. talk to your CSM before changing any settings.
Click to open and edit any of the existing groups, or create a new user group. Let's look at the main info tab.
1. Group name
Choose a name which is descriptive and within your own naming conventions. if you wish to class the user groups in the list view page, then why not use a number or a special character to group inherent groups together. Otherwise, the list page will be in alphabetical order.
2. Is restricted?
This is used to not show the group within the security tree of the profile. We advise you to keep your system default groups restricted, and also the super key user group.
In a multi-school system, then user groups can differentiate between schools. Select the appropriate school from the options.
4. User selection
There are three main ways to become a member of a user group, Inherently (via a role), SQL query (Custom group creation), or Fixed members only (Manual). Determine how users gain access to the user group settings.
- Course Teachers - When a user is added as a course teacher to an active course
- Class Teacher - When a user is added as a class Teacher
- Active students - When a student is enrolled in a course/class.
- Staff - When the user is selected as an active employee in their employment tab
- Guardian - When a user has a relationship set with a student dependant. (Added as a contact to a parent).
- Mentors - When a user has an attached mentored student.
- Donor - When the user is activated as a donor in the donor tab of their profile.
- Subject Administrator - When the user is added as an administrator within a subject.
- SQL query
If you need a very specific group of users/students then this can be created using the quick reports, View filter SQL. Please contact our support team for assistance with the set-up.
- Fixed members only
Users can be manually added to the group, using the people picker. In the case of a distribution group then both students and users can be added. For security groups then you must keep students/users separated.
There are two types of groups, Security and Distribution. Security is for access purposes, whereas distribution is adapted so that communication can be sent to the members via the people picker.
6. Information panel
A great way to keep track of permissions and changes. Make sure you log the basics for your team to follow.
Setting up a User Group
If you have created a fixed member group, you can add the users directly in the member's tab. For inherent groups, this is not possible as explained previously. Selected add People, and use the people picker to select your members.
You can then choose the level of access appropriate for the users. This is also known as Context.
Use the pen icon to determine the level of access they should have. the orange triangle shows that even though the user is a member they have no context set. Select the levels, if you select the top-level then the user will have access to all the child levels below. In a multi-school instance, you need to add the same access levels for all the relevant schools if the user can access these.
User Roles and context
The user roles are an advanced feature within MySchool, which allows our schools to configure their user's access based on their functional needs. Each role permits users to access information based on security restrictions and a context.
The options available for access are:
- No - This is no access.
- Yes - Access depends on the role (Guardian UI for guardians Yes/No, view appointments etc)
- All - Access to all levels within the security tree, irrespective of context. For multi-school instances this allows users to access this information across schools as well.
- Restrict to school levels of classes/courses taught - This means that course/class Teachers will access the school level information (Primary, Middle, Secondary etc). Certain functionalities and reports have this level as mandatory.
- Restrict to courses/classes taught - This is the minimum level for a course or class Teachers. This will allow them to see only the courses/classes in which they are enrolled. There is no distinction between the main Teacher and a secondary Teacher.
- Restrict to school level of mentored students - The mentor function works with slightly different access, as in certain functionalities, the mentor will only be able to see their mentored student, so will not be able to access other profiles.
- Restrict to security context - This will appear in fixed member groups. It allows access based on the level set in the Members tab when creating a user group and adding users.
Please contact our support team to discuss your security groups before amending any access rights. We are more than happy to assist with these. Certain functions are limited to certain security functions.
FAQ on user groups
My staff user group gives access to a blank portal, is this is normal?
Yes, in our default group settings, staff access is limited to announcements, personal details and nothing else. Your staff users gain context based on their inherent roles and their fixed member user group.
Why can't I see the Teacher, student, or guardian user groups in the user group list?
These are system user groups, and only users with the role Manage advanced groups can manage and view these sensitive groups. They are classed as restricted. Contact our support team to help understand how to change these.
Why can't I see Teacher, student, or guardians options in the security tab of a user profile?
To become a member of one of these groups, the profile needs to be either added as a Teacher to a course or class, enrolled in a class or course or added as a guardian to a student profile.
Can access be restricted so that nurses only see the medical tab of the student's profile?
Yes, in fixed member groups, you can create access for certain groups to only view information relative to their roles within your school.
Can Teachers only have access to their class or course students' profiles?
Yes, this can be restricted to class/courses taught. However, there are certain reports and functionalities that cannot be restricted to this level.
I want to create a distribution group for guardians in the middle school?
No need, before creating distribution groups, then make sure these are not available via the people picker. Distribution groups are really used for 'ad-hoc' groups such as Student Sports committee, School concert organisations, or PTA members. If you need help then contact our support team to discuss your needs.
How do I check my group membership?
The easiest way is to go to the profile icon in the quick action bar and select edit my account. Here you can see your security access and which roles you have access to. Users with the impersonate functionality can also verify access levels this way to help troubleshoot access problems.
Can security rights be customised for one user?
No, roles are set within a user group and not to an individual. However, you can create a user group and only have one member.
Can I test access before I make changes?
Yes, we can create a custom user group and test access using the generic roles. Please contact your CSM to organise a meeting.