+ Post New Thread
Page 2 of 2 FirstFirst 12
Results 16 to 28 of 28
MIS Systems Thread, non Capita Personnel Database in Technical; You should have a policy that shows the person running SIMS who should have access to what. I would start ...
  1. #16
    skunk's Avatar
    Join Date
    Mar 2006
    Location
    North West
    Posts
    311
    Thank Post
    88
    Thanked 40 Times in 33 Posts
    Rep Power
    30
    You should have a policy that shows the person running SIMS who should have access to what. I would start with saying no one has accesss to anything, then add the permissions that they require to perform their job.

    IIRC if you create your own permissions groups then with regards to Capita support, you are on your own.

  2. #17

    Join Date
    May 2009
    Location
    Sheffield
    Posts
    274
    Thank Post
    27
    Thanked 39 Times in 29 Posts
    Rep Power
    22

    Thumbs down

    Quote Originally Posted by User3204 View Post
    It's funny I bet no other industry stores its internal personnel data in the same software database as their sales/customer data... but anyway.
    No, only the ones with effective software for management do.

    Most business management software, ESPECIALLY where interactions between staff and customers are managed (e.g. sales management, support ticket systems), will link some of the personnel data to some of the customer data to some of the "interaction" data. The alternative is to have the same information stored in separate locations, which is a severe no-no for data integrity, and really does not work well in terms of scalability.

    The way to do it, is to have a sufficiently granular and sophisticated access control system that allows staff (and sometimes customers) to see what they *need* to see, to change what they *need* to change, and not to access what they do not need to.

    You could do this by implementing a second system, in parallel with SIMS: one major drawback to consider, is that you would need to update SIMS from the personnel system, or to update the personnel system from SIMS. How would you implement this? Obviously, having someone copy the data manually is unacceptable from the point of view of accuracy (as humans make mistakes quite frequently).

    Another solution would be some kind of import/export script that copied data out from one system and then into the other. If you went this route, then you'd have to restrict the access, so that the script was only allowed to output the data it needed to. How is this a better solution than making sure that the relevant staff can or cannot access the data directly from within SIMS?

    I'm assuming that you have students' work, internet email traffic, student assessment data, teachers' files, and administrative data (finance, personnel, etc) all on your network. Do you run each set of data on a separate set of physical wires, along with separate network cards on each machine, etc? I'm guessing the answer is "no", because you have access control measures in place instead.

    SIMS (and any other decent MIS) can do this as well. To be honest, to have completely separate personnel, finance and academic management software systems would be a severe backwards step, and is likely to raise far more issues of security and data protection: I'll bet large sums of money that staff will send sensitive data of various sorts around in things like excel files, emails, and printouts.

    Learn the permissions system in SIMS, consult to find out who needs to know what (you may want to change things from the defaults), and set up your permissions accordingly! It'll be a lot simpler, more effective, less painful, and also cheaper. If training or knowledge is an issue then get some training/consultancy/manuals. It's cheaper than trying to write an in-house system, and it's far better than trying to link a third-party solution. If you have trust issues with data management/admin/it staff then these should be addressed, and installing two software systems will not fix them.

  3. #18

    matt40k's Avatar
    Join Date
    Jun 2008
    Location
    Ipswich
    Posts
    4,489
    Thank Post
    372
    Thanked 657 Times in 537 Posts
    Rep Power
    162
    Totally agree. Part of SIMS's biggest problem is the fact they make it too easy to export data, I know someone's going to argue with me, but if actually think about it, any technical person with enough time on there hands could setup a "text parents" or whatever company without getting any checks etc and get a number of schools to buy into it.

    At least Capita cares even if the Government doesn't about checking out providers, you think they have a partner scheme for software developers and for photographers.

  4. #19

    Ric_'s Avatar
    Join Date
    Jun 2005
    Location
    Boston, MA
    Posts
    7,597
    Thank Post
    109
    Thanked 770 Times in 598 Posts
    Rep Power
    183
    Quote Originally Posted by matt40k View Post
    Totally agree. Part of SIMS's biggest problem is the fact they make it too easy to export data, I know someone's going to argue with me, but if actually think about it, any technical person with enough time on there hands could setup a "text parents" or whatever company without getting any checks etc and get a number of schools to buy into it.

    At least Capita cares even if the Government doesn't about checking out providers, you think they have a partner scheme for software developers and for photographers.
    Totally agree with you on the export thing... I've thought for some time that it should be possible to audit who's exported/printed what. Surely it would be good to know that Mrs X or Mr Y has exported a list of all the kids in the school for instance?

  5. #20

    matt40k's Avatar
    Join Date
    Jun 2008
    Location
    Ipswich
    Posts
    4,489
    Thank Post
    372
    Thanked 657 Times in 537 Posts
    Rep Power
    162
    I like the idea of using API keys, just think Capita can't do it as others would moan.

  6. #21

    localzuk's Avatar
    Join Date
    Dec 2006
    Location
    Minehead
    Posts
    18,377
    Thank Post
    525
    Thanked 2,613 Times in 2,019 Posts
    Blog Entries
    24
    Rep Power
    891
    Quote Originally Posted by matt40k View Post
    I like the idea of using API keys, just think Capita can't do it as others would moan.
    The issue is this - if users can't access their data via MS SQL, they need access in some other way. There are many legitimate packages that require this access, regardless of whether you think they should have access or not. If Capita introduced some form of API key requirement etc... then all that would do is force companies to fiddle with the MSSQL database instead.

    Also, we all know that such a scheme, were it implemented, would inevitably incurr a charge of some form. This would not be acceptable to anyone who is doing open source coding.

    It potentially would even mean that they'd end up in trouble for anti-competitive behaviour.

    You can't have it both ways.

  7. #22

    Join Date
    May 2009
    Location
    Sheffield
    Posts
    274
    Thank Post
    27
    Thanked 39 Times in 29 Posts
    Rep Power
    22
    Audited exports is probably the best way - although it's always possible to get round that by accessing the backend RBDMS directly. There will be times when it's reasonable and necessary for someone to export a list of contact addresses to other software, or get a contact list for a school trip; maybe the trick is to make sure that if you don't feel you can trust someone with that kind of information, then they aren't allowed access to it/a school/children...

  8. #23

    matt40k's Avatar
    Join Date
    Jun 2008
    Location
    Ipswich
    Posts
    4,489
    Thank Post
    372
    Thanked 657 Times in 537 Posts
    Rep Power
    162
    Be nice to have the API key, I mean WordPress does it, at least then you have a list of companies that can access SIMS and some basic details, even if the process was an online form. Pulling out stuff like Staff bank details ofcourse would need a special key, unlike getting firstname\surname.

    Solving the accessing the database issue is quite simple actually, depends how evil you want to be about it. Best way would be to encrypt the database... isn't that an option is MSSQL2008... oh wait, that's enterprise ed.

  9. #24
    User3204's Avatar
    Join Date
    Aug 2006
    Location
    Wirral
    Posts
    769
    Thank Post
    55
    Thanked 66 Times in 62 Posts
    Rep Power
    34
    Oh dear, I seem to have upset a lot of people, infamy, in-for-me, they've all got it infamy....


    Still, the problem is the scale of the permissions spreadsheet and the fact that Capita are due to upgrade the System Manager soon, I'd have to check the timeline to know when. So I'm not overly keen on learning how the old system works only for them to change it. Especially when Phil Neal (the Man himself) has a comment in another thread saying how it is not something they are proud of - check the phrasing but this was the gist.

    Currently we have all the SIMS accounts integrated with our domain accounts, which I have managed to match up so that staff in finance are in the "finance" group and receptionists are in the "reception" group etc. So I can give finance access to the finance shares/sage based on this reception staff have access to the late sheets. The trouble is, I don't know what they do within SIMS, the only way to find this is to check with the Admin Manager who has to spend a lot of the time micro managing them (because some of them need it - you know what I mean).

    I'm also not in charge of SIMS, the main SIMS coordinator also has to do timetabling (and we've made his job harder by introducing the IB - which has caused more grumbling by people). So between them two and myself trying to arrange when to get together for a long time to work out what staff need to access and then how to give them access.


    So really, what is the simple and quickest solution.. really.. ignore it and wait for Capita to catch up with Sysman ? I was working on this plan, until the Bursar mentioned her concern.


    Yes, yes, security by obscurity, well it works for the systems you have. One of the things that came up in the little meeting we (our internal ICT support) had was, if you want to find the details of a staff member who has a child (or even just used to) at the school, all the details are there to all staff, as it is acceptable for the teachers to be able to see the pupils/parents home details (but not apparently the other staff). If this is not a concern of your SLT/Bursar then okay.


    I can't see any reason why anyone would use the same database for the personnel and whatnot, as most people use different accounts for paying salary an invoicing, we all must have different databases for SIMS .net, SIMS FMS, Tucasi (for invoicing students), Sage (or whatever payroll package is used) and then we have another software for contacting the bank. I know this as there is no single package to do all this. Ideally it would be all clever enough to map it all together so it all knew that person1 on X package was also person1 on Y package - but it doesn't all map into the LDAP domain like that yet.


    As to the auditing, I would like to be able to see who made changes etc, as it would have shown up which muppet decided to change a students forename back and forth between 3 different names (and not just spellings, but completely different names) about 10 times.








    ....and this is the longest post I've ever written... I'm off for a nap...

  10. #25

    matt40k's Avatar
    Join Date
    Jun 2008
    Location
    Ipswich
    Posts
    4,489
    Thank Post
    372
    Thanked 657 Times in 537 Posts
    Rep Power
    162
    Right, SysMan 7 should have been out by now, or at least the beta. No such luck. I did comment to the SIMS release manager that they are planning rather a lot for August and bucket loads for Autumn.

    I keep hearing mix things about SysMan 7, I know it's a pain to do, not sure why, but then again, I'm not a programmer. I've heard, not until everything is .net, i've heard not until silverlight, no idea why you would need silverlight for SysMan 7.

    I really can't see how SIMS permissions is that much of a problem, I know there are bugs etc, but generally it's alright. I personally give everyone Classroom teacher access then go from there. This gives them access to most pupil data, there own staff record (i believe) and not much else.

    Who ever does timetabling, gets timetabler, whoever does census gets school administrator (believe this gives you import lookups), personnel officer for the person who adds staff and does the workforce census.

    Finance stuff we use FMS, which pulls the staff details from SIMS to work out pay commitments.

    People may moan about Capita, but it's the biggest for a reason, it's the best... 99% of the time anyway.

  11. #26

    Join Date
    May 2009
    Location
    Sheffield
    Posts
    274
    Thank Post
    27
    Thanked 39 Times in 29 Posts
    Rep Power
    22
    Most of the permissions setups are fairly logical - it's just a question of working out who needs to do what, and adding the roles to their account as needed. It's no more complex than the process of setting up an external set of access rules.

  12. #27
    User3204's Avatar
    Join Date
    Aug 2006
    Location
    Wirral
    Posts
    769
    Thank Post
    55
    Thanked 66 Times in 62 Posts
    Rep Power
    34
    Quote Originally Posted by MattMitchell View Post
    Most of the permissions setups are fairly logical - it's just a question of working out who needs to do what, and adding the roles to their account as needed. It's no more complex than the process of setting up an external set of access rules.
    Logical... Well maybe to you, but I find the fact that access is based on the menu location NOT on the task required confusing as

    anyway

    The problem we have is not with the Teachers - who are all class teachers, obviously (nor the magical way SIMS knows who are Dept heads/pastoral tutors).

    It's all the support staff we have, of the clerical, there's over 20 who are full time, and they all require slightly different access, some work reception too, which requires the lowest level of access (according to the admin Manager). The easy ones are the Exams officer and the Cover arrangers. We also have another half a dozen part timers/seasonal workers. The most irritating (permissions wise) are the Key Stage support who either get the full "school administrators" or they end up calling us every day to say they can't do X and then Y and then Z and then A thru W - which they need to do for their job.

    And this is all just to stop staff having access to other staff home details...


    I think I will go back to the Bursar, with a report that states that "... after consultation with educational experts, the general conclusion is that it would be best to keep to a single software vendor (IE Capita) and make some changes to the customisable System Manager module when it is upgraded in the near future..."


    After all one the ICT targets I have is "..to reduce administrative workloads.." and waiting for Capita to upgrade to Sysman 7 - rather than trying to fiddle the old systems - sounds like this to me. Oh and the "educational experts" that's all you lot, stick it on yer CV, it looks cool.

  13. #28

    Join Date
    May 2009
    Location
    Sheffield
    Posts
    274
    Thank Post
    27
    Thanked 39 Times in 29 Posts
    Rep Power
    22
    Quote Originally Posted by User3204 View Post
    The most irritating (permissions wise) are the Key Stage support who either get the full "school administrators" or they end up calling us every day to say they can't do X and then Y and then Z and then A thru W - which they need to do for their job.

    And this is all just to stop staff having access to other staff home details...
    One way round this, and I know it doesn't always work, is to insist on a written description (in English, rather than in SIMS/computer-speak) of who needs to be able to see (and/or to edit) what. THEN set up the permissions based on it. You won't get away with refusing to change stuff afterwards, but it will usually allow you a bit of lead time for future changes ("It'll take a day to set that one up for you").

    Quote Originally Posted by User3204 View Post
    and make some changes to the customisable System Manager module when it is upgraded in the near future..."
    It's probably owrth doing this straight away - upgrades to this kind of thing generally transfer over the previous setup (otherwise no-one would be able to use SIMS after the upgrade!).

    Quote Originally Posted by User3204 View Post
    After all one the ICT targets I have is "..to reduce administrative workloads.."
    Not having a team of admin people have to copy-type data all over the place, and correct the inevitable mistakes, wrong addresses, phone numbers, etc will be a major reduction in workload!



SHARE:
+ Post New Thread
Page 2 of 2 FirstFirst 12

Similar Threads

  1. Sims.Net Personnel Permissions
    By tech_guy in forum MIS Systems
    Replies: 1
    Last Post: 13th November 2008, 04:08 PM
  2. Old SIMS Launcher Personnel Exe
    By moggy in forum MIS Systems
    Replies: 6
    Last Post: 3rd October 2008, 01:43 PM
  3. Personnel info not being updated in FMS
    By Oops_my_bad in forum MIS Systems
    Replies: 5
    Last Post: 23rd November 2007, 01:34 PM
  4. Disaster recovery - loss of key personnel
    By Oops_my_bad in forum School ICT Policies
    Replies: 15
    Last Post: 26th September 2007, 09:09 AM
  5. Personnel 5.1 on Terminal Services
    By SteveMC in forum MIS Systems
    Replies: 2
    Last Post: 6th June 2007, 10:44 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •