Recent Searches

No recent searches

    Popular Articles

      Articles
      View all
        Topics
        View all
          Tickets
          View all
            no results

            Sorry! nothing found for

            How and Where are Roles Used in Genesis?

            Modified on Sat, Oct 11 at 1:04 PM

            Role Use Overview


            The basic function of Roles is to grant access to screens, functions, fields, icons.


            Roles are added to a user login to give the user the access the Role specififes.   But roles are used in many more ways in Genesis to control access to objects such as reports, documents and assessments. 


            Primary Use of Roles:  Grant Access & Permissions to Users

            Roles primary use to grant access to screens and individual fields on screens.   Securable Locations grant access:  a Role grants the sum of all of its constituent Securable Locations:  a user's access permissions are a sum of all of the user's Roles.


            Securable Locations are not "negative":  they cannot be used to remove permissions, only grant them.



             


            Additional Uses: Grant Access to Various Objects & Facilities


            Reports

            Roles give users access to report and additionally control which users can write reports against the suite of "medical tables" - tables containing student's health related information.


            Report Role Security Settings

            • Run - Users with 'run' permission can run the report.
            • Modify - Users with 'modify' permission can alter the report, including its 'security' settings.
            • View Output - A user with 'view output' permission can view the report's output - whether its just been run or later.
            • Print - A user with 'print' permission can print the PDF of the Report.  
            • Delete - A user with 'Delete' permission can remove the Report.
            • Delete from Archive - Users with "Delete from Archive" permission can delete the output from prior runs of a report from the report's archive ("filing cabinet").
            • E-Mail - Users with "E-Mail" permission will be able to email the output to other users or to themself.


            Built-In Reports

            The built-in reports are those supplied by Genesis.  These built-in reports cannot be altered by end users, but the report security - specifying via Roles which users can access and run the reports - can be updated.   The built-in reports, when edited, have a "Report Info" page which allows the list of Roles to be updated:


            ReportWriter Report Access/Use

            ReportWriter reports are written and can be updated by users.   


            Access to Reports

            Access to reports - both built-in and ReportWriter local reports - is controlled by two levels of permission:

            1. The user must have a Role that gives access to running/viewing/printing the report.
            2. The user must a Role (either the same or any other) that gives access to the Reports tab on which the report is found.



            Medical ReportWriter Report Development/Table Access

            Access to reports that report on medical information are controlled by normal report permissions. In order to lock down access to medical information, the medical tables required to write those medical reports are controlled by a separate "Report Writer Security" setting. On the Setup.Security.Policy screen, towards the bottom, the Report Writer Security setting is found. This specifies a single Role that can access the "Medical" group of tables:

            This prevents users with any other Role from writing reports that access medical information.


            For a user to gain access to writing reports that use tables in the Medical table group two to three separate actions are required:

            • A Role must be selected in the Report Writer Security setting.
            • That Role or another must also have Securable Locations for at least one "Reports" screen (e.g. attendance.reports).
            • The user must have the Role specified in the Report Writer Security parameter and they must have a Role (the same or another) that grants access to at least one "Reports" screen.




            Document Types ("Document Folders")


            Access to the documents of a particular Document Type is controlled by the Roles linked to the DocType.   Role permissions are located at the bottom of the Documents.Setup.Modify Document Type screen:


            Document Role Security Settings

            • Add - Users can add documents (files) of the DocType - that is, upload new documents into this DocType on the student.
            • Change - Users can update a document of the DocType
            • Delete - Users can remove documents of the DocType to students' records.
            • Inquiry - 
            • Add Version - Users can upload a new version of an existing DocType into students' records.
            • Delete Version - Users can remove a version from an existing doc of this DocType from students' records.
            • Student/Teacher Filter -  If this is checked, if the user has this role but has no rights to the student (i.e. does not have the student in a class or homeroom, then the user will not have access to any of the student's documents of this type.  This trumps any rights granted by other roles.  It shuts off access for the user.


            To see the "Document Type" on the students' Student Data.Modify Student.Documents screen a user has to have a Role that has been added to the Document Type.   DocTypes are basically "folders" for Documents:  If a user does not have permission to access a Document Type, that doc type's entire section - its 'folder' - is simply missing from that user's view of students' Documents screen:


            Parent Forms

            Access to seeing the submitted parent forms is controlled by the Roles linked to the form.  Roles with access to a parent form are specified on the form's "Modify Template" screen:

            Unlike the usual "Add Role" control, a list of all Roles is displayed and all checked Roles are given access to the submitted forms linked to this template.


            Assessments

            Assessment Scores


            Data Views


            Search Result Views



            Mass Change of User Flags and User Text Fields

            Access to seeing the User Text and User Flag screens - and every user text field and user flag on those screens - is controlled exclusively by regular Role permissions, as is the ability to update those fields.   The Role permissions here only control the ability to mass change each field via the Student Data.Mass Change screen.


            It is not possible to prevent a user from seeing/updating an individual field - only from mass changing them.


            User Text Fields


            User Flag Fields

            User Flags control the icons that appear on the student information bars.



            Was this article helpful?

            That’s Great!

            Thank you for your feedback

            Sorry! We couldn't be helpful

            Thank you for your feedback

            Let us know how can we improve this article!

            Select at least one of the reasons
            CAPTCHA verification is required.

            Feedback sent

            We appreciate your effort and will try to fix the article

            Preview
            0 of 0