Overview - Managing Roles
SS&E enables the creation of flexible security roles, representing groups of individuals at your institution designated to carry out specific tasks. For example, advisors, administrators, and disability services all represent roles that can be assigned in SS&E.
NOTE: When creating a new role in SS&E, the role's name can be anything*, however, the function must be selected from a list of pre-defined SS&E functions.
*For clarity, most roles will/should include the function name in the role name. For example:
-
The "Student" function is generally associated with only one role, namely the "Student" role.
- The "Administrator" function is generally tied to a single role: either the "SS&E Administrator" or "Administrator" role.
For an overview and complete list of SS&E Functions, see here.
Limited Profile View and Full Profile View Settings
The Profile View Configuration section controls whether and how a role can access student records, whether on or off caseload.
The Profile View settings can be configured to allow users to view the same information on ALL student records, whether the students are included in the logged-in user's caseload ("On caseload) or not ("Off caseload"). It indicates that the logged in user has a Full Profile View for all students.
Or
If the logged-in user can only view certain information on student records depending on whether the student is "on caseload" or "off caseload". This would indicate that the logged-in user has a Full Profile View of students that are included in their caseload, and a Limited Profile View of student records that are "off caseload".
For more detailed information about Limited Profile View and Full Profile View settings, click here.
How to create a new role:
- Navigate to the Administration section of SS&E.
- Go to People & Roles - Roles. A list of existing roles will display on this page.
- Click the New button in the upper right. The next screen will permit you to create a new role by entering a role name, a description and selecting the role function.
-
-
- It is very important to select the appropriate function since all individuals assigned this role will be associated with any "underlying" permissions associated with the specific function, further explained here.
- The function is what helps SS&E understand whether a role represents a student-based role (users only see a Student View) or a staff-based role (users see a Staff View).
-
-
- For each role, available permissions can be assigned to the role by being selected via checkboxes. Select the relevant permissions that you wish all users assigned this new role to have enabled.
- When complete, click the Save button.
The new role you have defined is now available throughout SS&E.
- Tags, Note Types, Analytics, Reports, Alerts, Achievements, Resource Guide, SMS Texting, and more are all configured by role.
- From the item's administration page, clicking on Edit will allow an SS&E Administrator to select which roles are associated with and allowed to use/view each item.
- When a new role is created, this will not be added automatically to any existing functionality configuration within SS&E.
- If needed, an SS&E Administrator will need to assign the new role manually to each item by visiting each pertinent section of the administrative screens in order to add the role.
How to Assign a Role
Roles can be assigned by one of the following methods:
- SIS Import Role - A role can be imported from the SIS on the Person data feed
- Manually Assigned Role - Roles can be assigned in People Administration
- People Administration Bulk Actions - Roles can be assigned in bulk from People Administration
SIS Person Import Role
When people records are imported from your SIS via the Person data feed, users may have a role setting included in their Person record.
- When a function/group name is passed in from the SIS, roles are assigned based on the "Person Import Role" Type.
- Role types are only applicable when a function/group name is passed in from the SIS on the Person data feed, which applies the function's associated "person import role" . If a function name is not passed in from the SIS, then the Integration ID is used to assign this role instead.
-
- Ancillary role types will not be assigned by the SIS if using function/group names. Since this would assign the role that is associated with the function/group name instead.
- Person Import role types may be assigned by the SIS if using function/group names or passing in the associated Integration ID.
-
- If the Person data feed "role" value is empty, then person roles are assigned manually by an administrator within the SS&E application.
Important Notes:
-
- Once a role has been set through the SIS import process, it will not be removed if the role is no longer present in the import for a user. It must be removed using the user interface.
- Once a role is removed using the user interface it cannot be re-added using an import. It must be re-added manually.
When a person record is imported from the SIS with a person import role, SS&E will automatically match the "role" included on the Person Data Feed to a specified "Function".
- Only one role associated with each "Function" type is marked with "Person Import Role".
- The Integration ID is case sensitive and must match between the Person data extract and Role Administration.
- To check the role in SS&E, go to Role Administration found here and click on the Person Import Role "Name" to view the Integration Id.
-
To assign/change the role integration id, select "Edit" and enter the exact role assignment (ROLE_xxxx) being imported on the Person data feed extract (person.json) from the SIS.
-
- From SS&E help text: "This ID can be passed in the Person data feed to automatically assign this role to a person. It must be prefixed with "ROLE_".
-
- Once a user is assigned a role via the SIS Import, a future SIS Import Job cannot remove that role from the user, and the role would need to be removed manually.
Manually Assigning a Role within SS&E
Once new roles are created in SS&E, they are ready to be assigned to the appropriate individuals.
When a role is manually assigned within People & Roles Administration, it will not be overwritten or removed by the SIS Import.
To manually assign a role in SS&E:
- Navigate to Administration - People & Roles - People page found here.
- Search for the appropriate person by name or ID, then click on their Institution Id.
- From "Security Roles", click on +Add.
- Select the appropriate Role from the Security Roles dropdown.
- Select Save.
- Refresh the student/staff record to view the new role permissions associated with the individual.
NOTE: It is recommended to create a spreadsheet as a helpful tool for institutions to use when thinking through the additional security role groups you would like to deploy. This spreadsheet will better prepare you to see what all permissions, features, and functionality will be impacted by each role that is created.
Please keep in mind that if you build your own dynamic security role(s), you will need to manually assign each role to the appropriate individuals from their User Detail Security Tab.
Going through all of the items listed on the spreadsheet will help ensure that the appropriate role has been given access to the desired features, functionality, and permissions within SS&E Administration.
Bulk Actions - Add/Remove Roles
Roles may also be associated with or removed from user(s) in bulk from the People Administration page action menu using the Bulk Actions Add/Remove function.
For more information about People Administration bulk actions, see here.
- Once a role is removed manually from a person record in SS&E, a future SIS import Job will not be able to add the same role back to the user record.
- If needed, any manually removed role must be manually reassigned in SS&E (either via the person record - security roles - add or via people admin - add - role).
The Role Function
The role function is what determines if a user role is associated with a Student View or a Staff View when using SS&E.
- If a user is assigned multiple roles that includes at least one non-student function, they will have a Staff View when accessing SS&E.
- Only users assigned a role(s) that are only associated with Student function have a Student View.
-
- If a student does not have any assigned roles, their student profile view will not include the student success team, and "Follow" on the top menu bar is inaccessible.
- To fix this, the student role must be assigned either be manually adding it to their User Detail record in People Administration or importing it from the SIS via the Person data feed.
- Students that are also staff/faculty will NOT see a student view as they only have a staff view.
-
- All non-Student functions (except New Registrant and External API) will give users a Staff View.
- If a user has multiple roles that are all associated with staff functions, the user will have a staff view when logging into SS&E. The permissions displayed on the User Permissions tab are gathered from all roles that display on the User Details tab.
-
- If one of the user roles/function is "Adjunct Faculty", this function can remove permissions otherwise assigned from other user roles. If this is not the intention, the adjunct faculty function role should be removed.
- In addition, the Manager, Analyst, and LMS Administrator roles/functions also have built-in/limited permissions and should only be assigned when needed.
-
- If a user has multiple roles, and at least one role has a staff function and at least one role has a student function, this user will only have a Staff View when logging into SS&E even though they are also assigned the "student" function.
-
- Since this student-staff user sees a staff view when accessing SS&E, it is very important to pay attention when setting permissions on all assigned roles, so that when permissions are "combined", the student-staff user does not have permissions granted on items they should not be allowed to access, especially from the "student" function role.
- Currently, each user is only allowed one "view" type after logging into SS&E. However, we are planning to eventually allow users the ability to switch between different views. For example, once users are able to access both student and staff view types, then administrators can set different permissions on the Student function role that only apply to the logged-in user's Student view and will not apply to the logged-in user's Staff view.
-
- In order for staff to display on the Student's Success Team as the student's Primary Advisor, they must be assigned a role that is associated with the Advisor function.
- In order for staff to display on the Student's Success Team as the student's Primary Coach (second position), they must be assigned a role that is associated with the Coach function.
For more information on how to remove and delete a role and role usage, please click on the below articles:
How to remove and delete a role
Role Usage information
Student/Staff Users
Users that are assigned multiple roles that are associated both with student and staff functions require special attention when setting up Role permissions.
For more information about student-staff roles, see here.
Role(s) Permissions
To view the permissions applied in SS&E from all user assigned roles, from People & Roles - People, select the user and click on the Read-Only "Permissions" tab.