- Property Names
A property is an attribute that can be assigned to a User or Group to limit permissions. Similar to a Domain, a Property can limit permissions more narrowly than a Role can because Properties can be combined to create more specific sets of limitations that are independent of a database view.
By default, ten unique Properties may be configured in Security:
|School Code||text explaining the property you are setting|
|Exception Code||text explaining the property you are setting|
|Degree Program||text explaining the property you are setting|
|Requirement||text explaining the property you are setting|
|Authorization Code||text explaining the property you are setting|
|Institution Code||text explaining the property you are setting|
|Secure Update Pin|
Each unique property is detailed below, with information on setting the property and how it affects the application.
The School Code property assigns the institution code combination to a user when logging in to Self-Service.
|The School Code property is similar to the Institution Code property, but is only used by Self-Service to determine institution code (INSTCD) value.|
The Exception Code property affects CRUD permissions on exception types.
- In the Value field, enter "Control Code : Permissions" in the four-letter format of AB:CD. See examples below:
- CS:CR means a control code of Course Substitution with permissions to Create and Read
- RM:CU means a control code of Requirement Modification with permission to Create and Update
- CS means a control code Requirement Modification with permission to all: create, update and delete.
The Degree Program property defines degree programs.
The Degree Program property affects exceptions by restricting what degree programs a user can define an exception against, if its an exception type that applies to a degree program.
The Requirements property defines requirements.
The Requirement property affects exceptions by restricting what requirements a user can define an exception against, if its an exception type that applies to requirements.
The Authorization Code ("Auth Code") property defines the Authorization Code on a requirement, allowing access to specific exceptions. The default value is "1."
The user may define one Authorization Code per exception.
A detailed page on Auth Codes and how to configure them is located here.
|The Institution Code property is similar to the School Code property, but is used by Self-Service and u.direct to determine institution code combination (INSTIDQ, INSTID, and INSTCD).|
Institution Code identifies the school for which the student may build roadmaps in u.direct. Only one Institution Code per student is supported. In Self-Service, Institution Code identifies the logged in institution code values for a user.
The Secure Import property controls what information existing on the database is available to the specific user to import, but does not limit the user's connection access from the u.achieve login screen.
INSTIDQ, INSTID, and INSTCD
Import functionality is limited to the INSTIDQ, INSTID, and INSTCD values defined for the Secure Import Property. You do not need access restrictions (Secure Login Property) to implement import restrictions (Secure Import Property), or even vice versa.
Using the ID "uachieve" with no user/group having the Secure Import Property set, we are not restricted to what combination of IDQ, ID, and CD values we can import from on the database. If we enter two Secure Import Property definitions for user "uachieve" with the following institution code combination (73, MIAMI, TST AND 73, MIAMI, WSH) when we go to import something from within u.achieve, we would only have the option to choose the IDQ 73, ID MIAMI, and CD TST or WSH. No matter what other combination of data may exist on the database, we would be restricted to the information for these combinations only.
An asterisk " * " may be used in any one of the INSTIDQ, INSTID, or INSTCD definitions. The use of it for the Secure Import Property is similar to what was described above for the Secure Login Property. An asterisk "*" indicates import functionality is not limited to any specific values for the field that contains it. Therefore, all values for that field that are included in the database will be available to choose in the drop-down.
The Secure SOPRID property controls what u.achieve audits a user may access. To implement, assign this property the same value for the users/groups you wish to be able to view one another's audits. Then, when each user runs an audit, the SOPRID is carried forward with the request and stored with the audit. Users can then only view audits that are stored with their matching SOPRID value. This is controlled down to the level of instidq, instid, and instcd. SOPRID property is particularly useful for a campus with multiple colleges, as several user IDs may be assigned to one college. If you would like all the user IDs for that college to view one another's audit but do not want other user IDs from another college to have access to them, then enter the same unique value in the SOPRID field for each of those user IDs for that individual college.
An asterisk " * " value assigned to the SOPRID property works the same as explained above in that the user would have no restrictions on what audits they can view.
The asterisk is currently the default value placed with audits when a SOPRID is not found for a user, or if no secure SOPRID property is yet defined for any user/group.
While assigning a single SOPRID (or S Operator ID) is not new, the ability to assign multiple SOPRIDs is a new config with the 4.3 release. SOPRID values can restrict those who can view the audits ran at the user level or the group level. Assign a SOPRID value to a specific user or group can view which audits–only those users or groups with matching SOPRIDs can view the audits. Power users have multiple Groups assigned to them can view all SOPRIDs and also let other power users see all.
In the Self-Service Admin area's Advanced Settings, the SOPRID field may now display multiple SOPRIDs via drop-down menu:
When users attempt to view an audit for which they do not have a matching SOPRID, a message is generated about the restriction:
Advanced Usage of SOPRID
Audit requests may be hidden from users with advanced usage of SOPRID and other settings as discussed here. <currently under construction...check back soon>
Secure Update Pin
The Secure Update Pin property determines what users should have the ability to update a student PIN in the student area within the u.achieve Client. By default, editing PINs will not be allowed unless specifically set to do so. To allow a user to edit the PIN field, you must add the Secure Update PIN Property to a user or group and set the value to "Y." This is controlled down to the level of instidq, instid, and instcd. Therefore, if you want to allow all INSTCDs to do so, place an asterisk " * " in INSTCD. If assigning No for this field, set the value to "N."
The Secure Login property restricts the users/groups that may login to u.achieve by ID. If the Secure Login property has not been defined for any user or group, then any valid database User ID can access the u.achieve Client.
Security Properties provides an area to manage properties at four different levels:
Global Properties limit the properties that all Applications can have access to. A User may have Properties directly applied to his/her User account or they may be globally inherited.
Add/Delete Global Properties
- View existing global properties, if applicable.
- Add a new Global Property by selecting a Property from the drop-down menu and completing relevant fields. Click Add Property.
- The newly created Global Property populates the table in blue highlight.
- To Delete a Global Property, click anywhere within the row in the table to select it, and then click the Delete Property button.
Application Properties limit the properties an Application can have access to. A User may have Properties directly applied to their User account or they may be inherited from the application.
Add/Delete Application Properties
- From the Application drop-down, select the Application that you wish to set up a Property for.
- SS: Self-Service
- BARS: Batch
- SEC: Security
- DASH: Dashboard
- UDIR: u.direct
SB: Schedule Builder
Selecting an application may take a few seconds to load because the page display loads only those options specific to the chosen application.
View existing Application Properties, if applicable, in the table; managed properties for the selected Application are displayed here.
- Add a new Application Property by selecting a Property from the drop-down menu and completing relevant fields. Click Add Property.
- The newly created Application Property populates the table in blue highlight.
- To Delete an Application Property, click anywhere within the row in the table to select it, and then click the Delete Property button.