The Dashboard serves as the area for configuring security settings the same way across all uAchieve applications.
The way security settings are configured affect the UI of the uAchieve applications (e.g., the display or absence of different button, icons, and menu options).
NOTE: For setting changes and updates to take effect, the user must log out and back in again for the change to be applied. This is especially useful during the testing phase.
Because of the powerful security controls housed within the Dashboard, institutions must be extremely selective with regards to who they allow access to Dashboard Security. After installing the database, a User designated as a "superuser" gains first access in order to set up the Dashboard at your institution. Application Admins are then set up. Generally speaking, these Admins are the only users allowed access to this area, with few exceptions. If user permissions allow, a Security option appears on the coral-colored menu bar on the Dashboard Home page.
Security roles and permissions were streamlined in 4.4 to make setting of these values easier to control. Application-specific security settings for users (e.g., advisor, student, user, and anonymous) have been replaced with simple CollegeSource (CS_) equivalents.
|CS_ROLE_ANONYMOUS||Allows the user access to the "Access Denied" page. A user with CS_ROLE_ANONYMOUS with READ set to FULL can access the login screen without the "Access Denied" error.|
|CS_ROLE_USER||Allows the user to gain entry into the application. Every user MUST have this role and role must have CREATE set to FULL.|
|CS_ROLE_STUDENT||Allows the user to access the student menu within the application|
|CS_ROLE_STAFF||Allows the user to access the staff menu within the application|
|CS_ADMIN_FUNCTIONAL||Allows the user to access all admin functions except the logging area|
|CS_ADMIN_TECHNICAL||Allows the user to access only the logging area–no admin functions|
You must have CS_USER AND CS_STUDENT or CS_STAFF or an "Access Denied" message will display on the screen.
How Security Component Relate
The components of security include Roles, Users, Groups, and Properties. The illustration below demonstrates how the security components are interrelated:
- On their own, app functions and permissions are not useful–they only have meaning when combined together to form a Role
- Users are never directly assigned to a Role. Instead, both Users and Roles are placed into Groups, which serve as placeholders for associating Roles with Users
- Domains and Properties are used to restrict permissions rather than grant more permissions
Security Component Terminology
A predefined area available in uAchieve web applications where the level of user access can be controlled. App functions are determined by the Product Development team at CollegeSource.
The level of access granted for a specific application function, in terms of four types:
A functional grouping of permissions that apply to application functions that simulate a real life capacity (e.g., Advisor, Student)
|Group||A bucket where roles and users can be assigned together|
|Domain||A hierarchy that defines an institution; can be used to limit user permissions to specific levels of the hierarchy|
|Property||An attribute that can be assigned to a user or group to limit permissions|
|User||An individual given permissions to use certain application functions within the uAchieve web applications|
In designing your security, we suggest the following order:
- Start first with Roles
- Then, define the Groups for those Roles to fit within
- Lastly, assign Domains to certain Groups (where applicable)
Other Important Considerations
- Groups and Roles are generally set up only once: initially during Dashboard Security installation and configuration. Groups and Roles may be revisited when upgrading or if installing again.
- Domains are only acknowledged by the uAchieve Planner application and only when building Roadmaps.
- For setting changes and updates to take effect, log out and log back in again. The change will then be applied. (This is especially useful during the testing phase.)