Properties
Remember: For setting changes and updates to take effect, the user must logout and log back in again. The change will then be applied. (This is especially useful during the testing phase.) |
A property is an attribute that can be assigned to a User or Group to limit permissions. Similar to a Domain, a Property can limit permissions more narrowly than a Role. For example, use Properties to:
- Restrict access to certain elements of data
- Restrict access to certain parts of the application
Unlike a Domain, Properties can be combined to create more specific sets of limitations that are independent of defined levels of hierarchy and database views.
Just like App Functions in Dashboard Security, Properties are also predefined by the Product Development team at CollegeSource.
By default, ten unique Properties may be configured in Security:
- Exception Code
- Degree Program
- Requirement
- Authorization Code
- Institution Code (formerly called School Code)
- Secure Import
- Secure SOPRID
- Secure Update Pin
- Secure Login
PROPERTY | VALUE | INSTIDQ | INSTID | INSTCD | DESCRIPTION |
<Blank> | |||||
Institution Code | --- | Assigns an INSTCD to a user upon logging into uAchieve Self-Service | |||
Exception Code | Allows a user to user a certain exception type | ||||
Degree Program | --- | --- | --- | Controls which dprogs a user can add exceptions to | |
Requirement | --- | --- | --- | Controls which requirements a user can add expcetions to | |
Authorization Code | --- | --- | --- | Defines a code a user must know to access a requirement/exception to edit | |
Institution Code | --- | Assigns institution identifiers (INSTIDQ/INSTID/INSTCD combo) to a user | |||
Secure Import | --- | Controls what data a user is allowed to import in the uAchieve Client | |||
Secure SOPRID | --- | Controls which audits a user can see in the uAchieve Client according to which Operator ID (OPRID) ran it | |||
Secure Update Pin | Controls permissions to edit a student's PIN in the uAchieve Client | ||||
Secure Login | --- | Controls permissions to log in to an institution's area in the uAchieve Client | |||
NOTE: Dashed (---) cells are not configurable. |
Property Names
Each unique property is detailed below, with information on setting the property and how it affects the application.
Exception Code
The Exception Code property affects CRUD permissions on exception types.
- In the Value field, enter "Control Code : Permissions" in the four-letter format of AB:CD. See examples below:
- CS:CR means a control code of Course Substitution with permissions to Create and Read
- RM:CU means a control code of Requirement Modification with permission to Create and Update
- CS means a control code Requirement Modification with permission to all: create, update and delete.
Degree Program
The Degree Program property defines degree programs.
The Degree Program property affects exceptions by restricting what degree programs a user can define an exception against, if its an exception type that applies to degree program.
Requirement
The Requirements property defines requirements.
The Requirement property affects exceptions by restricting what requirements a user can define an exception against, if its an exception type that applies to requirements.
Authorization Code
The Authorization Code ("Auth Code") property defines the Authorization Code on a requirement, allowing access to specific exceptions.
The user may define one Authorization Code per exception. |
A detailed page on Auth Codes and how to configure them is located here.
Institution Code
The Institution Code property is used by Self-Service and uAchieve Planner to determine institution code combination (INSTIDQ, INSTID, and INSTCD). |
Institution Code identifies the school for which the student may build roadmaps in uAchieve Planner. Only one Institution Code per student is supported. In Self-Service, Institution Code identifies the logged in institution code values for a user.
The Institution Code property assigns the institution code combination to a user when logging in to Self-Service.
Secure Import
The Secure Import property controls what information existing on the database is available to the specific user to import, but does not limit the user's connection access from the uAchieve login screen.
INSTIDQ, INSTID, and INSTCD
Import functionality is limited to the INSTIDQ, INSTID, and INSTCD values defined for the Secure Import Property. You do not need access restrictions (Secure Login Property) to implement import restrictions (Secure Import Property), or even vice versa.
Using the ID "uachieve" with no user/group having the Secure Import Property set, there is no restriction as far as what combination of IDQ, ID, and CD values may be imported from on the database. If entering two Secure Import Property definitions for user "uachieve" with the following institution code combination (73, MIAMI, TST AND 73, MIAMI, WSH) when we go to import something from within uAchieve, the option to choose the IDQ 73, ID MIAMI, and CD TST or WSH will be the only option. No matter what other combination of data may exist on the database, we would be restricted to the information for these combinations only.
An asterisk ( * ) may be used in any one of the INSTIDQ, INSTID, or INSTCD definitions. The use of it for the Secure Import Property is similar to what was described above for the Secure Login Property. An asterisk ( * ) indicates import functionality is not limited to any specific values for the field that contains it. Therefore, all values for that field that are included in the database will be available to choose in the drop-down.
NOTE: "Included in the database" means those institution codes currently defined in the MASTREF table. |
Secure SOPRID
The Secure SOPRID property controls what uAchieve audits a user may access. To implement, assign this property the same value for the users/groups you wish to be able to view one another's audits. Then, when each user runs an audit, the SOPRID is carried forward with the request and stored with the audit. Users can then only view audits that are stored with their matching SOPRID value. This is controlled down to the level of instidq, instid, and instcd. SOPRID property is particularly useful for a campus with multiple colleges, as several user IDs may be assigned to one college. If you would like all the user IDs for that college to view one another's audit but do not want other user IDs from another college to have access to them, then enter the same unique value in the SOPRID field for each of those user IDs for that individual college.
An asterisk " * " value assigned to the SOPRID property works the same as explained above in that the user would have no restrictions on what audits they can view.
SOPRID Default The asterisk is currently the default value placed with audits when a SOPRID is not found for a user, or if no secure SOPRID property is yet defined for any user/group. |
Multiple SOPRIDsWhile assigning a single SOPRID (or S Operator ID) is not new, the ability to assign multiple SOPRIDs is a new config that was introduced in 4.3. SOPRID values can restrict those who can view the audits ran at the user level or the group level. Assign a SOPRID value to a specific user or group can view which audits–only those users or groups with matching SOPRIDs can view the audits. Power users have multiple Groups assigned to them can view all SOPRIDs and also let other power users see all.
In the Self-Service Admin area's Advanced Settings, the SOPRID field may now display multiple SOPRIDs via drop-down menu:
When users attempt to view an audit for which they do not have a matching SOPRID, a message is generated about the restriction: |
Advanced Usage of SOPRID
Audit requests may be hidden from users with advanced usage of SOPRID and other settings as discussed here.
Secure Update Pin
The Secure Update Pin property determines what users should have the ability to update a student PIN in the student area within the uAchieve Client. By default, editing PINs will not be allowed unless specifically set to do so. To allow a user to edit the PIN field, you must add the Secure Update PIN Property to a user or group and set the value to "Y." This is controlled down to the level of instidq, instid, and instcd. Therefore, if you want to allow all INSTCDs to do so, place an asterisk ( * ) in INSTCD. If assigning No for this field, set the value to "N."
Secure Login
The Secure Login property restricts the users/groups that may login to uAchieve by ID. If the Secure Login property has not been defined for any user or group, then any valid database User ID can access the uAchieve client.
Levels
Security Properties provides an area to manage properties at four different levels:
- Global: applies to all users in all applications
- Application: applies to all users in a specified application
- Group: applies to all users assigned to a group
- User: applies to an individual user
Global Level
Global Properties limit the properties that all applications can access. A user may have properties directly applied to his/her user account or they may be globally inherited. From Security<Property:
Add/Delete Global Properties
- View existing global properties, if applicable.
- Add a new Global Property by selecting a Property from the drop-down menu and completing relevant fields.
- Click the Add button (
) to add the selected property.
- The newly created Global Property populates the table:
- To Delete a Global Property, click anywhere within the row in the table to select it, and then click the Delete button:
Application Level
Application Properties limit the properties an application can have access to. A user may have properties directly applied to their user account or they may be inherited from the application. From Security<Property<Application tab:
Add/Delete Application Properties
- From the application drop-down, select the application that you wish to set up a property for.
- SS: Self-Service
- BARS: Batch
- SEC: Security
- DASH: Dashboard
- UDIR: uAchieve Planner (formerly u.direct)
-
SB: uAchieve Schedule Builder
NOTE:
Selecting an application may take a few seconds to load because the page display loads only those options specific to the chosen application.
-
View existing application properties, if applicable, in the table; managed properties for the selected application are displayed here.
- Add a new application property by selecting a property from the drop-down menu and completing relevant fields. Click Add Property.
- The newly created application property populates the table in blue highlight.
- To delete an application property, click anywhere within the row in the table to select it, and then click the Delete Property button.
Group Level
Roles
The Roles tab is where Group Roles are managed by allowing users to map application roles to their institution's groups.
- Select a Group. A list of available roles will display.
- Choose from this list of available roles to add to the Group, as well as existing Roles set on the Group.
- Make associations by selecting the roles and clicking on the appropriate button.
Changes take effect immediately after clicking the Add/Remove buttons. |
Group Members
To add users to groups, this must be enabled at your institution. |
Search for group members by last name (all or put), username or Student ID.
Domains
Domains limit the permission scope to a certain level of your institution's hierarchical structure. Use asterisks ( * ) to indicate that the group has permissions for any of the values for that level. A user may have domain permissions directly applied to their user acount or inherited from groups to which they belong.
Properties
Limit the properties that a group may have access to. A user may have properties directly applied to their user account or inherited from groups to which they belong.
User Level
Click the View button to see the group membership, user domains, advisees, and properties tabs associated with the selected user:
Group Membership
Groups are assigned by your institution. Users are assigned to groups and groups are then mapped to internal "roles."
NOTE: |
User Domains
Domains limit the permission scope to a certain level of your institution's hierarchical structure. Use asterisks ( * ) to indicate that the user has permissions for any of the values for that level. A user may have domain permissions directly applied to their user account or inherited from groups to which they belong:
Advisees
On the Advisees tab, you can assign advisees to an advisor user:
Properties
On a user's Properties tab, you may limit the properties a user may have access to: