User Group Processes

User Group Processes are used to control the level of access a user group has to specific areas and functionality within One. A group’s permissions can be assigned broadly against a Main Business Process or to any of the individual Business Processes that constitute a Main Business Process. Business Processes map to menu routes and links, which in turn are linked to a user group, rather than an individual. One contains the following Business Processes:

Assigning Permissions to a Business Process

Assigning permissions has three stages, selecting a group, selecting a main business process and assigning permissions to individual business processes.

  1. Select Tools | Permissions | User Group Processes | User Group Processes Editor to display the Select a Group panel.
  2. Enter at least one letter in the Looking For field.
  3. Click the Search By drop-down and select one of the options to display the group list.

  1. Highlight a record and click the Select button to display the Main Processes panel.
  2. Select a Main Business Process to display the related Business Processes list.

The name of the Main Business Process displays at the top of the list in bold.
The default option for all processes is set to Deny.

  1. Click a cell to assign Read, Read-Write or Read- Write-Delete permissions. Clicking the main business process cell, e.g. Administration, assigns that permission to all the individual processes below.

If a cell is greyed out, the options are restricted, and the permission is assigned to the next level down.

  1. Click the Save button to save the permissions.

Permit/Deny Permissions

Permit/Deny permissions (a tick and a cross in the same cell) occur if both permit and deny permissions have been assigned to the processes within the Main Business Process. When a change is made to the default Main Business Process level, the Permit/Deny icon displays in the column of the highest level permitted.

In this example, the Permit/Deny permission was reached by the following process:

  1. Click the Administration cell to assign Read-Write permissions to all processes, as in Step 6 above.
  2. Click the Deny cells to deny permissions to the three Attendance processes; the Permit/Deny icon displays in the Administration | Read-Write cell.
  3. Click the Communication Log cell to grant Read- Write -Delete permissions; the Permit/Deny icon displays in the Administration | Read-Write-Delete cell.

Invalid Requests

One does not allow a Deny selection if the denial invalidates another process. For example, if the user group already has Read- Write-Delete permissions to the Student Data business process, but then is denied access to the Bases business process, a message (similar to the following) displays:

Invalid Request

You cannot set this process as selected, because this will invalidate another process available to the User Group.

If you continue, the system will:

  1. Save the changed business processes that do not cause conflict.
  2. Set the remaining processes change requests to the minimum, so that the other affected processes are not invalidated.

Do you wish to continue?

Select No to return to the Permissions Editor screen and set different permissions.

Select Yes to save the changes as per the rules in the message.

Interdependencies

A number of processes within some of the main business processes require permissions to be assigned in another main business process.

The following areas contain interdependencies:

  • Bases and Student Data
  • Core Data and Student Data
  • Exclusions and StudentData
  • Results Administration and Student Data
  • Results Administration and Data Importing

Field Level Security

SEN Memos and sections of Children’s Social Care require Field Level Security to be set. This level of security must be set via Tools | Permissions | User Group Permissions | All Secured Data. Permissions assigned via User Group Processes do not override All Secured Data settings