Understanding User Security in Aspen

Aspen has many types of users with different needs for access to data. As Aspen system administrator, you can ensure that they can access all of the information necessary to perform their jobs, while restricting access to other data.

Aspen contains three branches of user security:

• Roles. Create roles based on user duties, such as guidance counselors, grading managers, and attendance managers. Within these roles, you grant access to certain Data Dictionary organizes the tables and fields that house all of your district's administrative information tables, such as grades, student information, and district data. For each table, you determine the privileges users with that role have to that data, such as read-only, or the ability to create and update records. You also determine which views users with this role can access (for example, the School view and the Health view).

• You can assign multiple roles to each user. Adding roles to a user may increase the user's privileges. For example, if you assign a guidance counselor to the Guidance Counselor role, and then to the Nurse role, the user has access to all data allowed by each of those roles.

  However, you can limit a user's role to a school. For example, if a user teaches in the middle school and is a principal at the high school, she has the Staff role in the middle school and only has access to students in her class. She has the School Administrator role in the high school and has access to all data for all students in the high school.

  Roles also determine which views a user can access.

• Security tags. For each role, you can create security tags, which limit the fields users with a specific role can access.
• Schools. You determine which school's data a user has access to when you create a user account.