Skip to main content
CollegeSource Support

uAchieve Self-Service Roles and Permissions


 

NOTE:
This document details uAchieve Self-Service (SS) roles and permissions. Or, see the master list across all apps here.


Roles

uAchieve Self-Service 
 
♦ New in 4.4 ♦

 

Actions

Read: Allows a user to view components in uAchieve Self-Service

Update: Allows a user to edit components in uAchieve Self-Service

Create: Allows a user to create components in uAchieve Self-Service

Delete: Allows a user to delete components in uAchieve Self-Service

Functions

uAchieve Self-Service
  • SS_AREA_AUDIT: Controls permissions for audits for a student's record
  • SS_AREA_AUDITEXCEPTION: Controls permission for creating exceptions from the audit (new in 4.3.0.4)
  • Has access to the exception from the audit area (exceptions from the audit button restrictions still apply (e.g., auth codes, missing pseudo)
  • Does not have access to exception xml form area ("Exceptions" menu option)
  • Does not have access to "More" button within exceptions from the audit
  • SS_AREA_BATCHES: Control permissions for batches
  • SS_AREA_BLACKOUTS: Controls permissions for blackout periods on batch runs
  • SS_AREA_COMMENTS: Controls permissions for comments
  • SS_AREA_COURSE: Controls permissions for courses on the student's record
  • SS_AREA_CROSSWALK: Controls permissions for mapping degree programs from a student information system to uAchieve degree programs
  • SS_AREA_DPROG: Controls permissions for degree programs on a student record
  • SS_AREA_EXCEPTION: Controls permissions for exceptions on a student record
  • Has access to exception xml form area ("Exceptions" menu option)
  • Has access to "More" button within exceptions from the audit
  • Does not have access to exceptions from the audit; the user/group MUST have the new SS_AREA_AUDITEXCEPTION app function to access exceptions from the audit
  • SS_AREA_PLANNEDCOURSE: Controls permissions for planned coursework on a student record

  • SS_AREA_PROGRAMMATCHER: Controls permissions for the Program Matcher
  • SS_AREA_RESULTS: Controls permissions for batch results
  • SS_AREA_STUDENT: Controls permissions for student profile information
  • SS_AREA_TRANSFERCOURSE: Controls permissions for transfer coursework on a student record
  • SS_AREA_TRANSFEREVAL: Controls permissions for student transfer evaluations
  • UPDATE and DELETE permissions for SS_AREA_TRANSFEREVAL will not allow user to export and/or lock transfer coursework
  • SS_AREA_TA_IREF: Controls permissions for IREFs in transfer articulation
  • SS_AREA_TA_RULE: Controls permissions for rules in transfer articulation
  • SS_ENCODING_TA_IREF: Controls who may acces IREFs in transfer articulation
  • SS_ENCODING_TA_RULE: Controls who may access rules in transfer articulation
  • SS_MISC_PWCHANGE: Controls permissions for who is allowed to change their password in Self-Service
  • SS_MISC_STUDENTSEARCH: Controls permissions for how users may use the Search for Students feature in uAchieve Self-Service, including the ability to search students other than their advisees.

 

New App Functions in 4.4
  • CS_ADMIN_FUNCTIONAL: Controls user access to all admin functions except the logging area
  • CS_ADMIN_TECHNICAL: Controls user access to only the logging area–no admin functions
  • CS_ROLE_ANONYMOUS: Controls user access to the "Access Denied" page. A user with CS_ROLE_ANONYMOUS with READ set to FULL can access the login screen without the "Access Denied" error.
  • CS_ROLE_STAFF*: Controls user access to the staff menu within the application
  • CS_ROLE_STUDENT*: Controls user access to the student menu within the application
  • CS_ROLE_USER*: Controls user entry into the application. Every user MUST have this role and must have CREATE set to FULL

NOTE:
The following functions are considered flags that must be set in order for other permissions to work:

  • CS_ROLE_STAFF: Must be set to FULL for everything if the role pertains to Staff of any sort
  • CS_ROLE_STUDENT: Must be set to FULL for everything if the role pertains to a Student of any sort
  • CS_ROLE_USER: Must have FULL permission across the board for all roles you create

 

Access

Three types of access in Self-Service include Full, Restricted, and None:

FULL: User has complete access
RESTRICTED: User has access that is restricted by either domain or advisee list

"Restricted" access is the same as "Full" access across all uAchieve web apps except the uAchieve Planner.

NONE: User has no permissions

Control Access

Permission must be set to use each separate function of uAchieve Self-Service.

A simple formula to remember for setting permissions is: Action + Function + Access Type = Permission Setting


For example:

Read + SS_AREA_COURSE +  FULL = Users able to view all coursework on a student record
Read + SS_AREA_COURSE + RESTRICTED = Users able to read coursework only for students specified in their Group domain settings (not applicable to Student role)
Read + SS_AREA_COURSE + NONE = Users cannot view coursework at all

NOTE:
Although each function in uAchieve Self-Service has a drop-down option for each action, it is inaccurate to say that you can control Read, Update, Create, and Delete access for each function. This is especially true since the Roles for the main users (Students and Advisors) have such different levels of access.

 

NOTE:
In general, Students only need to view Self-Service functions, i.e., they will have full Read permissions but little-to-no permissions to Update (or change) their information.

Student Role Settings

Some areas will most likely never need permissions on the part of the Student. For example, permissions are excluded–NONE–for exception processing (SS_AREA_EXCEPTIONS) and running transfer evaluations (SS_AREA_TRANSFEREVAL). 

The area that a student will need almost full permissions will be in audits (SS_AREA_AUDIT). Students must be able to read, update, and create audits as this corresponds to viewing audits, running new audits, and rerunning audits. Also, students will need full permission to experiment with "planned" coursework on an audit (SS_AREA_PLANNEDCOURSE), if a school allows, thereby enabling students to add, remove, and edit future coursework to view its effect on a degree program.

For other functions in Student roles settings, each component's permission can be altered based upon how a school chooses to define the roles. Some students may be permitted to plan courses; other students may only be allowed to view audits. In this case, two student roles must be defined in which permissions are set to reflect the different types of access to uAchieve Self-Service.

Advisor Role Settings

A typical Advisor set of Self-Service permissions will show most permissions set to FULL. At times, you may wish to change functionality to RESTRICTED or NONE at all. Since every permission is configurable, you can create multiple Advisor roles in which certain functions are restricted.

If permission is set to RESTRICTED, a specific domain is assigned to the Advisor (e.g., a college or department), or the Advisor is restricted to view only information for their advisees.

TIP:
Remember: All settings are configurable.

Any function listed in the security console can have its permissions changed. You can create any number of roles and assign different permissions to each.

NOTE:
Each user is assigned to a group that contains roles that contain the permissions.

Self-Service Properties

The Properties drop-down menu in Self-Service contains ten options:

For a detailed description of each of the properties, see the Properties page.

Configure Exceptions

Your school may have many exception types defined on the uAchieve Exception Table, but you may wish Advisors to have access to a limited number of types. The setup for which exceptions are accessible can be found in the configuration file documentation. Once you define which exceptions display in Security, you may wish to further define whether users can Create, Read, Update, or Delete individual exception types. This is also configurable from the security console, based upon individual Users or the Groups to which they belong.

To set up this functionality, you will need to be familiar with the exception control codes that are set up within your uAchieve Client:

You will also need to know that, as with defining Roles, there are four permissions you can give

  1. C: Create
  2. R: Read
  3. U: Update
  4. D: Delete

Set Exception Permissions

Exception permissions are set the same way at either the Group or User level on the Properties tab of the Group Management page or User Management page. On the screenshot below, two exceptions have already been set: CS (Course Substitution) and RM (Requirement Modification). 

At the bottom of the Group Management page, select Exception Code from the Property field drop-down:

 

The remaining fields are discussed below:

Field Description
Value

Format "control code" : "permission"

  • Control code for the exception for which you wish to set a permission
  • Starting letters of the desired permission (create, read, update, or delete) to set

For example, if a Group can only read a requirement modification exception, RM:R is entered in Value. If a User may create and read the same exception type, it is entered as RM:CR.

Instidq

 

All three further limit where the User/Group can access exceptions.

Instid
Instcd
Description Explains the property setting

 

Users must have read permissions for any exception to show up on the list screen. If no permissions are defined on the exception code (e.g., the Value of the exception code property has no permissions following the control code), the User will have full permissions for that exception type.

Need More?
For additional information on Self-Service and Security settings, see uAchieve Self-Service Security Definitions.
  • Was this article helpful?