Skip to main content
CollegeSource Support

Properties


 

Remember:
For setting changes and updates to take effect, the user must logout and log back in again. The change will then be applied. (This is especially useful during the testing phase.)

A property is an attribute that can be assigned to a User or Group to limit permissions. Similar to a Domain, a Property can limit permissions more narrowly than a Role. For example, use Properties to:

  • Restrict access to certain elements of data
  • Restrict access to certain parts of the application

Unlike a Domain, Properties can be combined to create more specific sets of limitations that are independent of defined levels of hierarchy and database views. 

Just like App Functions in Dashboard Security, Properties are also predefined by the Product Development team at CollegeSource.

By default, ten unique Properties may be configured in Security:

  1. Exception Code
  2. Degree Program
  3. Requirement
  4. Authorization Code
  5. Institution Code (formerly called School Code)
  6. Secure Import
  7. Secure SOPRID
  8. Secure Update Pin
  9. Secure Login
PROPERTY VALUE INSTIDQ INSTID INSTCD DESCRIPTION
<Blank>          

Institution Code

        Assigns an INSTCD to a user upon logging into uAchieve Self-Service
Exception Code         Allows a user to use a certain exception type
Degree Program         Controls which dprogs a use can add exceptions to
Requirement         Controls which requirements can add exceptions to
Authorization Code         Defines a code a user must know to access a requirement/exception to edit
Institution Code         Assigns institution identifiers (INSTIDQ/INSTID/INSTCD combo) to a user
Secure Import         Controls what data a user is allowed to import in the uAchieve Client
Secure SOPRID         Controls which audits a user can see in the uAchieve Client according to which Operator ID (OPRID) ran it
Secure Update Pin         Controls permissions to edit a student's PIN in the uAchieve Client
Secure Login         Controls permissions to log in to an institution's area in the uAchieve Client

 

NOTE:
Gray shaded cells are not configurable.

Property Names

Each unique property is detailed below, with information on setting the property and how it affects the application.

Exception Code

The Exception Code property affects CRUD permissions on exception types.

  • In the Value field, enter "Control Code : Permissions" in the four-letter format of AB:CD. See examples below:
    • CS:CR means a control code of Course Substitution with permissions to Create and Read
    • RM:CU means a control code of Requirement Modification with permission to Create and Update
    • CS means a control code Requirement Modification with permission to all: create, update and delete.

Degree Program

The Degree Program property defines degree programs.

The Degree Program property affects exceptions by restricting what degree programs a user can define an exception against, if its an exception type that applies to degree program.

Requirement

The Requirements property defines requirements.

The Requirement property affects exceptions by restricting what requirements a user can define an exception against, if its an exception type that applies to requirements.

Authorization Code

The Authorization Code ("Auth Code") property defines the Authorization Code on a requirement, allowing access to specific exceptions.

The user may define one Authorization Code per exception.

A detailed page on Auth Codes and how to configure them is located here.

Institution Code

The Institution Code property is used by Self-Service and uAchieve Planner to determine institution code combination (INSTIDQ, INSTID, and INSTCD).

Institution Code identifies the school for which the student may build roadmaps in uAchieve Planner. Only one Institution Code per student is supported. In Self-Service, Institution Code identifies the logged in institution code values for a user.

The Institution Code property assigns the institution code combination to a user when logging in to Self-Service.

Secure Import

The Secure Import property controls what information existing on the database is available to the specific user to import, but does not limit the user's connection access from the uAchieve login screen.

INSTIDQ, INSTID, and INSTCD

Import functionality is limited to the INSTIDQ, INSTID, and INSTCD values defined for the Secure Import Property. You do not need access restrictions (Secure Login Property) to implement import restrictions (Secure Import Property), or even vice versa.

Using the ID "uachieve" with no user/group having the Secure Import Property set, there is no restriction as far as what combination of IDQ, ID, and CD values may be imported from on the database. If entering two Secure Import Property definitions for user "uachieve" with the following institution code combination (73, MIAMI, TST AND 73, MIAMI, WSH) when we go to import something from within uAchieve, the option to choose the IDQ 73, ID MIAMI, and CD TST or WSH will be the only option. No matter what other combination of data may exist on the database, we would be restricted to the information for these combinations only.

An asterisk ( * ) may be used in any one of the INSTIDQ, INSTID, or INSTCD definitions. The use of it for the Secure Import Property is similar to what was described above for the Secure Login Property. An asterisk ( * ) indicates import functionality is not limited to any specific values for the field that contains it. Therefore, all values for that field that are included in the database will be available to choose in the drop-down.

NOTE:
"Included in the database" means those institution codes currently defined in the MASTREF table.

 

Secure SOPRID

The Secure SOPRID property controls what uAchieve audits a user may access. To implement, assign this property the same value for the users/groups you wish to be able to view one another's audits. Then, when each user runs an audit, the SOPRID is carried forward with the request and stored with the audit. Users can then only view audits that are stored with their matching SOPRID value. This is controlled down to the level of instidq, instid, and instcd. SOPRID property is particularly useful for a campus with multiple colleges, as several user IDs may be assigned to one college. If you would like all the user IDs for that college to view one another's audit but do not want other user IDs from another college to have access to them, then enter the same unique value in the SOPRID field for each of those user IDs for that individual college.

An asterisk " * " value assigned to the SOPRID property works the same as explained above in that the user would have no restrictions on what audits they can view.

SOPRID Default
The asterisk is currently the default value placed with audits when a SOPRID is not found for a user, or if no secure SOPRID property is yet defined for any user/group.

 

Multiple SOPRIDs

While assigning a single SOPRID (or S Operator ID) is not new, the ability to assign multiple SOPRIDs is a new config that was introduced in 4.3. SOPRID values can restrict those who can view the audits ran at the user level or the group level. Assign a SOPRID value to a specific user or group can view which audits–only those users or groups with matching SOPRIDs can view the audits. Power users have multiple Groups assigned to them can view all SOPRIDs and also let other power users see all.

 

In the Self-Service Admin area's Advanced Settings, the SOPRID field may now display multiple SOPRIDs via drop-down menu:

NOTE:
If only one SOPRID is assigned, then this SOPRID is automatically assigned by default.

 

When users attempt to view an audit for which they do not have a matching SOPRID, a message is generated about the restriction:

Advanced Usage of SOPRID

Audit requests may be hidden from users with advanced usage of SOPRID and other settings as discussed here. <currently under construction...check back soon>

Secure Update Pin

The Secure Update Pin property determines what users should have the ability to update a student PIN in the student area within the uAchieve Client. By default, editing PINs will not be allowed unless specifically set to do so. To allow a user to edit the PIN field, you must add the Secure Update PIN Property to a user or group and set the value to "Y." This is controlled down to the level of instidq, instid, and instcd. Therefore, if you want to allow all INSTCDs to do so, place an asterisk ( * ) in INSTCD. If assigning No for this field, set the value to "N."

Secure Login

The Secure Login property restricts the users/groups that may login to uAchieve by ID. If the Secure Login property has not been defined for any user or group, then any valid database User ID can access the uAchieve client.

 


Levels

Security Properties provides an area to manage properties at four different levels:

  • Global: applies to all users in all applications
  • Application: applies to all users in a specified application
  • Group: applies to all users assigned to a group
  • User: applies to an individual user

Global Level

Global Properties limit the properties that all applications can access. A user may have properties directly applied to his/her user account or they may be globally inherited. From Security<Property:

 

Add/Delete Global Properties

  1. View existing global properties, if applicable.

     
  2. Add a new Global Property by selecting a Property from the drop-down menu and completing relevant fields. 

     
  3. Click the Add button () to add the selected property.
     
  4. The newly created Global Property populates the table:

     
  5. To Delete a Global Property, click anywhere within the row in the table to select it, and then click the Delete button:

 

Application Level

Application Properties limit the properties an application can have access to. A user may have properties directly applied to their user account or they may be inherited from the application. From Security<Property<Application tab:

Add/Delete Application Properties

  1. From the application drop-down, select the application that you wish to set up a property for.
    1. SS: Self-Service
    2. BARS: Batch
    3. SEC: Security
    4. DASH: Dashboard
    5. UDIR: uAchieve Planner (formerly u.direct)
    6. SB: uAchieve Schedule Builder

      NOTE:
      Selecting an application may take a few seconds to load because the page display loads only those options specific to the chosen application.

       

  2.  View existing application properties, if applicable, in the table; managed properties for the selected application are displayed here.


     

  3. Add a new application property by selecting a property from the drop-down menu and completing relevant fields. Click Add Property.

     
  4. The newly created application property populates the table in blue highlight.

     
  5. To delete an application property, click anywhere within the row in the table to select it, and then click the Delete Property button.

Group Level

Roles

The Roles tab is where Group Roles are managed by allowing users to map application roles to their institution's groups. 

  1. Select a Group. A list of available roles will display.
  2. Choose from this list of available roles to add to the Group, as well as existing Roles set on the Group.
  3. Make associations by selecting the roles and clicking on the appropriate button. 

Changes take effect immediately after clicking the Add/Remove buttons.


Group Members

To add users to groups, this must be enabled at your institution.

Search for group members by last name (all or put), username or Student ID.

Domains

Domains limit the permission scope to a certain level of your institution's hierarchical structure. Use asterisks ( * ) to indicate that the group has permissions for any of the values for that level. A user may have domain permissions directly applied to their user acount or inherited from groups to which they belong.

Properties

Limit the properties that a group may have access to. A user may have properties directly applied to their user account or inherited from groups to which they belong.

User Level

 

 

Click the View button to see the group membership, user domains, advisees, and properties tabs associated with the selected user:

Group Membership

Groups are assigned by your institution. Users are assigned to groups and groups are then mapped to internal "roles." 

NOTE:
If your institution has not implemented a way to update groups through uAchieve Planner, this section may not be available.

User Domains

Domains limit the permission scope to a certain level of your institution's hierarchical structure. Use asterisks ( * ) to indicate that the user has permissions for any of the values for that level. A user may have domain permissions directly applied to their user account or inherited from groups to which they belong:

Advisees

On the Advisees tab, you can assign advisees to an advisor user:

Properties

On a user's Properties tab, you may limit the properties a user may have access to:

 

  • Was this article helpful?