Reference: Rights and Roles

**Click the link to access a step-by-step guide: Changing Staff Rights and Roles

Focus

This article is about understanding the concept of rights and roles in SchoolsPLP.

What Are Roles?

Different staff members need different access within your school district. How do you grant access to those who need it, and limit access for those who don't? In SchoolsPLP, you do it by assigning roles to your school staff.

Definition: A role grants one staff member a specific level of permission over a specific site within SchoolsPLP.

So to understand how roles work, you need to understand what sites they can control, and what levels of permission they can grant. First, let's talk about sites.

Sites: Districts, Schools, Courses

Within SchoolsPLP, your data is organized in a school-district structure that can contain schools and course sections; each school can also contain course sections. These are the areas where roles can be granted, and they are organized one within another as a hierarchy – schools in districts, courses in schools or districts. 

Each staff member can have a separate role for each district, school, and course. This makes it possible for the same login account to have full administrative permission over some schools in a district, but not access others at all. However, roles aren't completely independent, permissions flow down the hierarchy. Roles granted at a district flow down to the schools and courses inside. Roles granted at a school flow down to the courses inside.

Key Concept: Granting a role over a site, gives a staffer at least that level of permission over every site inside. Put another way, roles only give permissions, they never take them away.

If you give a person high-level privileges at a school, they can't have fewer privileges on any course section inside that school. In the same way, if you grant high-level permissions on a district, you can't remove any of those permissions at the school level.

This means the roles you grant at the district or school levels should grant the minimum permission you want that person to have over everything inside the district or school. To know what those permissions are, you need to understand the role levels.

The Levels: From The Top Down

There are nine different roles you can assign at a school or district. Only four of those can be assigned on individual courses.

Key Concept: Each higher-level role has all the privileges of every role below it.

So rather than talk about what privileges are granted at each level, we'll start at the top and then list the privileges that are taken away as you lower a role's level.

Role Level: Super Admin

Super Admins have all privileges. Anything that can be done in SchoolsPLP, this person can do in the site where this role is granted. This role can only be granted at a school or district, not on individual courses.

Role Level: Admin

Compared with Super Admin, the Admin loses these abilities:

  • Cannot add or remove schools from the district.
  • Cannot use the bulk-editing spreadsheet tools.
  • Cannot directly read the message history of other Admins or Super Admins, but can read messages of lower-level staff.

This role can only be granted at a school or district, not on individual courses.

Role Level: Registrar

The Registrar role is intended for someone who manages rostering, enrollment, and reporting. Compared with Admin, the Registrar loses these abilities:

  • Cannot directly read the message history or any other staff members.
  • Cannot add, remove, or edit other staff members.

This role can only be granted at a school or district, not on individual courses.

Role Level: Teacher/Author

This is the highest role that can be assigned on an individual course. When assigned at the school or district level, it is called School-Wide or District-Wide Teacher/Author and applies to all courses. Compared with Registrar, the School-Wide Teacher/Author loses these abilities:

  • Cannot edit school settings.
  • Cannot add or remove students.
  • Cannot add or remove course sections.
  • Cannot enroll new students in courses, but can edit existing enrollments.
Note: District/School-Wide Teacher/Author can edit existing student profiles at the school. This is so they can adjust student passwords and accommodations.

Role Level: Instructor

Compared with Teacher/Author, an Instructor loses these abilities:

  • Cannot change course content or settings.
NoteDistrict/School-Wide Instructors can edit existing student profiles at the school, this is so they can adjust student passwords and accommodations.

Role Level: Grader

Compared with Instructor, a Grader loses these abilities:

  • Cannot edit course enrollments.
  • Cannot edit student profiles.

Role Level: Viewer

Viewers can see everything and change nothing in a site. Compared with Grader, a Viewer loses these abilities:

  • Cannot set course grades.
  • Cannot grade assignments.

Role Level: Enroller

Enroller is a combination of “only assigned courses” (next) and “viewer” rights (previous): enrollers can only see the courses assigned to them, but they can also see all students in the school, even those who are not assigned to them. They cannot see other courses or schools that are not assigned to them. The Enroller needs at least “teacher/author” rights at the course level to enroll students. 

Compared with Viewer, a Enroller loses these abilities:

  • Cannot read all courses for a district
  • Cannot read all schools for a district
  • Cannot read sections in a school
  • Cannot read gradebook for a course or section
  • Cannot run reports on the course
  • Cannot run reports on the user
  • Cannot read data, including grades, that is associated with the other user's enrollment.
  • Cannot read all course content data, including assessment questions and hidden-from-student content, regardless of their other enrollment rights on the course.
  • Cannot read objectives and objective maps from an objective set.

Role Level: Only Assigned Courses

Only Assigned Courses is not so much a role as the indicator of no school-wide or district-wide role. This role can only be granted at a school or district. A staffer with this role has no direct rights on the school or district, but can still be granted roles on courses or schools within it. It is common for teachers to have no school rights, but still have access to their own courses. Please note: If teachers need the ability to enroll existing students in their own course sections, they will need to be granted at least School Viewer rights. 

Custom Rights

While it is possible to adjust rights in a more granular way via the API or Buzz interfaces, we recommend against it. Custom API-level rights are more complicated to manage and can have unintended effects. If you need more flexibility than the role system provides, please talk to us.

Summary

  • School staff are granted permissions by assigning roles that grant a specific level of access in a specific site.
  • Districts, schools, and courses are the sites where roles are assigned.
  • Roles add privileges in a site, they cannot take away privileges, so a staff-member's privileges on a school cannot be lower than their privileges on the district.
  • Role levels are ordered, with each higher level including all the privileges of levels below.
  • Rights assignments outside this role system are possible via API or Buzz, but not recommended.

**Click the link to access a step-by-step guide: Changing Staff Rights and Roles