I'm wondering if you'll be able to help me out, and let me know what you might be doing in your school?
I am in the process of reviewing the roles of users within a couple of schools so they get access to the correct functions and pages within the school MIS.
We are looking at creating groups with the correct access rights, but as you may know not everyone in every school fits into the correct group. We might have an attendance officer who just does attendance but then an assistant who would also assist with timetable.
Most of the schools allow a lot of open access, but with data becoming more and more an issue we want to lock down the systems without annoying the user (this'll be fun).
Has anyone else took on this challenge - and how did you go about all the different levels and roles. Did you run into any problems or restrictions from the users?
Thanks in advanced,
Apologies I don't have the time to explain everything here, but suffice to say yes I have, yes it worked, yes there is work involved, and yes it is a better system as a result...
The gist was reviewing all of the SIMS security groups, creating my own (not recommended but as long as you keep on top of it with updates it is fine), putting people into the correct group or set of groups, and done...
I created groups based on tasks, and people fitted into several groups (or levels as I called them) whichgave them increased access from the bog standard 'teaching staff' group I created.
I can dig out all my old work on that if you are interested?
One of the issues that we ran into was hidden permissions. The assessment coordinator role has permissions that you cannot assign to other/custom groups.
Originally Posted by GREED
The workaround we had to do was to empty this group out of it's permissions, and give it to everyone (all staff) to get access to certain areas of Sims. We then created a custom assessment coordinator groups with the Sims default permissions to give to the select few in SMT.
Exams Organiser and System Manager has those too.
Should all be null and void next year with SM7 coming out. But yes completely agree it takes careful testing to get it right, I did have a document that mapped all the permissions to all the features of SIMS, but mostly out of date now.
if you go to SupportNet and enter 'perm' (i think - corrected no s) into the search bar, you'll get the permissions spreadsheet, you can use this as a basis, even without making your own custom groups. there are advantages to custom groups, but as graham said, you have to keep on top and the solution isn't always clear. For example when student teacher view came out, or missing registers home page panel, they were automatically added to the default groups, but not to my custom ones, so i had to go rooting around to find what was missing.
really, sims have got a good system in place and each group can do the correct roles, and has the right permissions, sometimes it's a little too much, but then it might be easier to tell people not to do some things. i know that's hard. we have some people that have extra permissions but don't know it, as they haven't been told to do certain tasks, so they stick to what they are told to do, they don't really have time to mess or play around and experiment. :o
some of my work arounds have been custom groups to allow all uses access to next of kin details (they can't see them, but needed it to print timetables or something!), to allow reading of all report aspects created by anyone ( not for direct am7 access but so proof reading reports work), timetable printing function.
it's a shame you can't make deny groups, but perhaps with the new system manager 7 you can. it'll be worth waiting for that before you embark on a large scale customisation yourself as things could change a lot.
EDIT: put "perm" into support net, "perms" gives only mobile permissions, haven't tried any other permutations ;)
You need to log this with Capita, SysMan7 won't be changing any of the groups.
Originally Posted by Banjo