Understanding User Roles

Aspen contains several default user security roles with pre-defined privileges that cover most user functions in a district. Security access is controlled both by data and navigation. A role is granted access to data via privileges. At their core, roles are data-centric -- meaning they grant access to all records in a particular table no matter where or how that table is displayed.

In the District view, navigate to the Admin tab, Security side-tab to view default roles and any other roles you may have created. In the details of a role, in the General sub-tab, define log on preferences and available views.

In the Security Access section of the page, the Category column displays categories from the Data Dictionary. To filter the table list to tables in a specific category, select a category from the Category drop-down at the top right-hand corner of the list. The System Table column displays Data Dictionary tables within the category. For example, for the Grades category, Data Dictionary tables such as Grade Scale, Grade Term, and Transcript Definition appear. In the Navigation sub-tab, define accessible tabs and sub-tabs.

To make changes to a default role and adjust security access, we suggest copying the default role, then editing it before creating new roles.

Navigating the User Role Details Page

Privileges

Privilege Users with this role can...

C = Create

Create new records in this Data Dictionary table. This privilege determines if the Add option appears on the Options menu.

R = Read

View information in this Data Dictionary table. This privilege determines if a page is even visible.

U = Update

Update existing records in this Data Dictionary table. This privilege determines if the Save button appears on pages.

D = Delete

Delete records in this Data Dictionary table. This privilege determines if the Delete option appears on the Options menu.

G = Global Access

Gives user access to an unfiltered list of records for any table in the Aspen database that they have privileges for.

M = Mass Update

Update several records on a list. This determines if the Mass Update option appears on the Options menu.

Other

Certain roles need to perform tasks that require extra privileges. For example, an enrollment manager needs to be able to override enrollment restrictions.

User Role Types

To create the desired access to Aspen, it is best to keep roles simple and assign multiple roles to a user as needed. Roles should be organized around specific tasks or functions rather than a user’s overall responsibility. Many smaller roles are easier to maintain than a few larger roles.

  • Main role: A main role is for users who only need one role, such as family and student users.
  • Add-on role: This role is not to be used as the sole role for users. Users with this role usually have a base role and an add-on role for additional privileges.
  • Stand-alone role: This role can be the user’s sole role, but it is usually combined with other roles for additional privileges.