TABLE OF CONTENTS

Overview

Users 

Add a New User

Groups

Field Level Permissions

Emulating a User

Overview

Aeries Web Security is configured in three different security areas; Users, Groups and Portal Groups

  • Users - User log-in accounts are non-teacher accounts (office staff, district staff, etc.)
  • Groups - Group permissions for User accounts
  • Portal Groups - Portal Group permissions for Parent, Student, Substitute Teacher and Teacher accounts

Permissions can be set up separately for each area and Field Level Security is available for the Student Data and Emergency Contacts pages.  Only an Admin login account has access to Security.


To set security permissions, click the mouse on the Security node on the Navigation tree. The three different security areas display under the Security node; UsersGroups and Portal Groups. 

 

Users 

The Users security form is used to create the login accounts for Aeries. Each User record must be associated with a valid Staff ID and an account Type which determines specific permissions and access.

  • Admin – An unrestricted user, without applied permissions, since access to all admin level functions, Aeries configurations, forms, and pages is automatic.
  • User - A standard user with specific permissions and access to schools.
  • Teacher - A teacher user with specific permissions and access to Teacher Portal, as determined in the Teachers Portal Group
  • Substitute Teacher - A substitute teacher user with specific permissions and access to Teacher Portal, as determined in the Substitute Teachers Portal Group, which is generated using the Create Substitute Aeries Web Teacher Accounts page
  • Active Directory Admin - Unrestricted user, without permissions, since access to all admin level functions, Aeries configurations, forms, and pages is automatic.   User name is entered manually and must match the user name specified in Active Directory. Ex: ABCUSD/username. 
  • Active Directory User - A standard user, with specific permissions and access to schools, that does not have a defined password.  The user name must be entered manually and must match the user name specified in Active Directory. Ex: ABCUSD/username.
  • Active Directory Teacher - A teacher user with specific permissions and access to Teacher Portal, as determined in the Teachers Portal Group. The user name must be entered manually and must match the user name specified in Active Directory. Ex: ABCUSD/username. 
  • Active Directory Substitute Teacher - A substitute teacher user with specific permissions and access to Teacher Portal, as determined in the Substitute Teachers Portal Group, which needs to be created manually.  The user name must be entered manually and must match the user name specified in Active Directory. Ex: ABCUSD/username.


Add a New User

To create a new User login account, navigate to Users under the Security node on the Navigation tree. To add a new account, click the mouse on the Add button.

 


The following form will display:


 

Select a Type from the Type dropdown list.  Enter the account information and then click on the Update button. 

  • ID - This number is automatically assigned 
  • Identity Provider - Aeries or Google
  • User Name - Unique name that is associated with an individual account
  • Password - Enter a unique password. You may also enter 'welcome' or 'changeme' which prompts the user to set a new Password.
  • Confirm Password - Re-enter the password to confirm
  • Must Change Password - Require the user to change their password after login
  • Password Last Changed - Date Password last changed
  • Login Count - Number of times user has logged in 
  • Date Created - Generated date and time of record creation
  • Expiration Date - Date set for account expiration.  Note:  If the user attempts to login after the expiration date, a message displays notifying the User that the account has expired.
  • Status - Account Status includes:  Active, Locked, Disabled or Pending. If an account Status is set (not blank), the User will be unable to login
  • Email Address - A valid email address is required 
  • First Name - Enter the user’s first name
  • Last Name - Enter the user’s last name
  •  Staff ID – A Staff ID is required on teacher accounts and is recommended for all users
  • Last Login Date/Time - Indicates last login and date
  • Last Login IP - Indicates last IP address used to login
  • IO Education ID, SchoolCityID, Google Account - Entering the email in this field allows Users Single-Sign-On access to these systems 
  • Comment - Optional comments on User account


After a login account is created, the Users form will show three additional icons: Permissions, School Access and Group Associations.  User access is based on permissions, and Users with permissions to a table have permissions to all associated tables.  Users only view pages and reports on the Navigation Tree associated with selected table permissions.  Permissions selected are saved automatically. 



Click on the School icon to give access to different schools. Checking Read Only limits Users to Read Only access on the designated school. If using Aeries Communications, check CommGroup to give access to Communications access on the designated School.  School access for Teacher Type accounts is determined by the Staff record and Teacher User accounts will only display Group Associations and Permissions. 



Click the Groups icon to add Users to one or more Groups.  Adding Users to Groups based on role/position allows for easier permissions management.  For example, create a Group called Registrars with appropriate permissions and add all Registrars to the Group.  If a User with assigned Group permissions needs additional permissions, add those table permissions on the individual User account.   



Click on the Key icon to open the PermissionForm and set individual table permissions. 



The Permission form has the following options:

  • Read - Allows users to read the data on the page
  • Insert - Allows users to insert or add data on the page
  • Update - Allows users to update data on the page
  • Delete – Allows users to delete data on the page
  • Mass Update - Allows users to import data to the table
  • Administer - Allows users full admin rights to the table
  • Display Current Permissions (Uncheck to Show All Permissions) - Checking this box only displays a User's table permissions.  Unchecking this box displays all available permissions. 
  • The Last Year (20xx-202xx) and Before Last Year(20xx-20xx) tabs grant permissions to prior year databases. The years populate automatically.

User access is determined by the table selection on the Permissions form.  To give permissions to a table, click the corresponding Read box once, and a green checkmark will display.  To deny permissions to a table, do not select the table or click the mouse twice on the corresponding permissions box. A red "x" will display in the box. Once all permissions have been set for the User, you can check the Display Current Permission box to view the assigned User permissions.



Print Effective Permissions button located on the User account record generates a report that combines all the Users Permissions from Groups, Inherited Groups and User Permissions.




Groups

To add a new Group, click the mouse on the Add button. Populate all information and then click the mouse on the Update button.



  • ID - This number is automatically assigned 
  • Group Name - Add a name for the group
  • Date Created - Generated date and time of record
  • Expiration Date - Date set for the group expiration
  • Status - Group status includes:  Active Locked, Disabled or Pending.  In a group status is sent (not blank), the User will be unable to access the tables associated to this group.
  • Comment - Optional comments on the group record


Once a Group has been created, click on the Key icon to open the Permissions form and apply table permissions.  Group access is based on permissions, and Users with permissions to a table have permissions to all associated tables.  Users only view pages and reports on the Navigation Tree associated with selected table permissions.  Permissions selected are saved automatically.  


The Permission form has the following options:

  • Read - Allows users to read the data on the page
  • Insert - Allows users to insert or add data on the page
  • Update - Allows users to update data on the page
  • Delete – Allows users to delete data on the page
  • Mass Update - Allows users to import data to the table
  • Administer - Allows users full admin rights to the table
  • Display Current Permissions (Uncheck to Show All Permissions) - Checking this box only displays a User's table permissions.  Unchecking this box displays all available permissions. 
  • The Last Year (20xx-202xx) and Before Last Year(20xx-20xx) tabs grant permissions to prior year databases. The years populate automatically.

Group access is determined by the table selection on the Permissions form.  To give permissions to a table, click the corresponding Read box once, and a green checkmark will display.  To deny permissions to a table, do not select the table or click the mouse twice on the corresponding permissions box. A red "x" will display in the box. Once all permissions have been set for the Group, you can check the Display Current Permission box to view the assigned User permissions.



 

Group Members are shown under the Group Members. Users can be added to a Group by searching for the User and clicking the name to add to the Group.  Added Users are displayed in the Group Members column.



Group Inheritance displays the inherited Group permissions that are included in a Group. For example, an Office Staff Group with needed permissions can be created.  The Office Staff Group may include permissions such as Read and Update to Student Data and Emergency Contacts and Read to most other areas. Then, a Registrars Group can inherit the permissions from Office Staff, with additional permissions to other tables such as:  Update Transcripts, Grades, etc.   Selecting a Group to add in the Group Inheritance tab adds the permissions to inherit.


 

NOTE: For information on Security for Teacher, Parent and Student Portal Groups see:  Aeries Security - Portal Groups


Field Level Permissions

Field Level permissions allows a district to limit which fields are displayed and which fields may be edited.  Student Data and Emergency Contacts tables have an added Table Field Security available on Groups or Portal Groups.  If Groups or Portal Groups are given Update permissions, Field Level permissions may be applied to these tables.



Emulating a User

Once Users and Groups are created, permissions can be verified by Emulating a User.. To Emulate a User, navigate to the Users page and select the User to emulate by clicking the Log In As button.




Click Return to My Login to exit the emulation process.