uAchieve Self-Service Roles and Permissions
NOTE: This document details uAchieve Self-Service (SS) roles and permissions. Or, see the master list across all apps here. |
Roles
uAchieve Self-Service |
---|
![]() |
♦ New in 4.4 ♦ |
|
Actions
Read: Allows a user to view components in uAchieve Self-Service
Update: Allows a user to edit components in uAchieve Self-Service
Create: Allows a user to create components in uAchieve Self-Service
Delete: Allows a user to delete components in uAchieve Self-Service
Functions
uAchieve Self-Service | |||
---|---|---|---|
|
|||
New App Functions in 4.4 | |||
|
Access
Three types of access in Self-Service include Full, Restricted, and None:
FULL: User has complete access
RESTRICTED: User has access that is restricted by either domain or advisee list
"Restricted" access is the same as "Full" access across all uAchieve web apps except the uAchieve Planner. |
NONE: User has no permissions
Control Access
Permission must be set to use each separate function of uAchieve Self-Service.
A simple formula to remember for setting permissions is: Action + Function + Access Type = Permission Setting |
For example:
Read + SS_AREA_COURSE + FULL = Users able to view all coursework on a student record
Read + SS_AREA_COURSE + RESTRICTED = Users able to read coursework only for students specified in their Group domain settings (not applicable to Student role)
Read + SS_AREA_COURSE + NONE = Users cannot view coursework at all
NOTE: |
NOTE: |
Student Role Settings
Some areas will most likely never need permissions on the part of the Student. For example, permissions are excluded–NONE–for exception processing (SS_AREA_EXCEPTIONS) and running transfer evaluations (SS_AREA_TRANSFEREVAL).
The area that a student will need almost full permissions will be in audits (SS_AREA_AUDIT). Students must be able to read, update, and create audits as this corresponds to viewing audits, running new audits, and rerunning audits. Also, students will need full permission to experiment with "planned" coursework on an audit (SS_AREA_PLANNEDCOURSE), if a school allows, thereby enabling students to add, remove, and edit future coursework to view its effect on a degree program.
For other functions in Student roles settings, each component's permission can be altered based upon how a school chooses to define the roles. Some students may be permitted to plan courses; other students may only be allowed to view audits. In this case, two student roles must be defined in which permissions are set to reflect the different types of access to uAchieve Self-Service.
Advisor Role Settings
A typical Advisor set of Self-Service permissions will show most permissions set to FULL. At times, you may wish to change functionality to RESTRICTED or NONE at all. Since every permission is configurable, you can create multiple Advisor roles in which certain functions are restricted.
If permission is set to RESTRICTED, a specific domain is assigned to the Advisor (e.g., a college or department), or the Advisor is restricted to view only information for their advisees.
TIP: Remember: All settings are configurable. |
Any function listed in the security console can have its permissions changed. You can create any number of roles and assign different permissions to each.
NOTE: |
Self-Service Properties
The Properties drop-down menu in Self-Service contains ten options:
For a detailed description of each of the properties, see the Properties page.
Configure Exceptions
Your school may have many exception types defined on the uAchieve Exception Table, but you may wish Advisors to have access to a limited number of types. The setup for which exceptions are accessible can be found in the configuration file documentation. Once you define which exceptions display in Security, you may wish to further define whether users can Create, Read, Update, or Delete individual exception types. This is also configurable from the security console, based upon individual Users or the Groups to which they belong.
To set up this functionality, you will need to be familiar with the exception control codes that are set up within your uAchieve Client:
You will also need to know that, as with defining Roles, there are four permissions you can give
- C: Create
- R: Read
- U: Update
- D: Delete
Set Exception Permissions
Exception permissions are set the same way at either the Group or User level on the Properties tab of the Group Management page or User Management page. On the screenshot below, two exceptions have already been set: CS (Course Substitution) and RM (Requirement Modification).
At the bottom of the Group Management page, select Exception Code from the Property field drop-down:
The remaining fields are discussed below:
Field | Description |
---|---|
Value |
Format "control code" : "permission"
For example, if a Group can only read a requirement modification exception, RM:R is entered in Value. If a User may create and read the same exception type, it is entered as RM:CR. |
Instidq |
All three further limit where the User/Group can access exceptions. |
Instid | |
Instcd | |
Description | Explains the property setting |
Users must have read permissions for any exception to show up on the list screen. If no permissions are defined on the exception code (e.g., the Value of the exception code property has no permissions following the control code), the User will have full permissions for that exception type.
Need More? For additional information on Self-Service and Security settings, see uAchieve Self-Service Security Definitions. |