Set up record-level security for a reference table and reference code

Note: Record-level security lets you restrict user roles from using or viewing a record, based on a field associated with a reference table. This is the last step in a multi-step process to enable record-level security.

Set up record-level security for the reference table associated with the specified Data Dictionary system table field, using the Record Level Security sub-tab for a reference code. On the Record Level Security sub-tab, you include or exclude the user roles that can access records associated with the secured reference code.

When you exclude user roles from a secured reference code, those users can no longer use or view records flagged with the secured code, and it will not appear in drop-downs in their view.

Example: You might want the school nurse and guidance counselors to know which students participate in the free- or reduced-lunch program, but want to block this information from other staff members. The Student Programs reference table has a Free/Reduced Lunch code, from which you exclude the staff role.

Staff members with access to the Student Programs reference table can still access records associated with unsecured codes from the reference table. Alternatively, you could include access to this code for the school nurse and guidance counselor roles, which excludes all other roles from accessing records that use the secured code.

Note: When you exclude roles, the other roles that are associated with the reference table and code are included by default (meaning they have access to records flagged with the secured reference code). When you include roles, the other roles associated with the reference table and code are excluded by default (meaning they do not have access to records flagged with the secured reference code).

Note: If a user is associated with more than one security role and you want to restrict their access, exclude all of their user roles.

To set up a reference table and reference code for record-level security:

  1. Log on to the District view.
  2. Click the Admin tab, Data Dictionary side-tab.
  3. On the side-tab, click Reference.
  4. Select the reference table associated with the Data Dictionary system table field.
  5. On the Reference side-tab, click Codes.
  6. Select and open the reference code to enable. To add a new code, select Options > Add.
  7. Click the Record Level Security sub-tab. The Record Level Security details page appears:

  1. At Role visibility type, use the drop-down to exclude or include the user roles you specify at the next field.

  2. Note: You can decide whether to Exclude or Include roles based on the number of user roles affected. If a list of roles allowed access is shorter than the list of roles denied access, then include those roles, which automatically excludes all other roles. If the list of roles to exclude is shorter, it is easier to set the Role visibility type to Exclude.
  1. Click Multi-Add. From the Security Role pick list, select the user roles you want to include or exclude.

    Notes:

    • If you selected Exclude, Aspen hides the records from the user role(s). Do not select Create, Update or Delete since they do not apply.
    • If you selected Include, the user role(s) can view the record. Select Create for the user to also create new records, Update to edit the records, and/or Delete to delete records:

  1. Click Save.