School Personnel Profile Permission Access
- Jhetah Mae Leornas
- Danica Ceballos
Log-in as a Staff Member.
We need to give permission access to some specific objects and fields so the teacher can execute some of the necessary features, just as Session, Cohort Session, Events, etc.
There are specific permissions that should be granted to each role, ensuring proper access control and functionality. See https://posimente.atlassian.net/wiki/spaces/~641d437d407493675d47acc3/pages/497385473 for the full details.
In order to give permission access, follow the necessary steps below.
Setup Permission:
Profile Setups
School Personnel; This will be the base profile for all users except for System Administrators.
Go to Set up
In the Quick Find box search for Profiles.
Click New Profile or select any Profile that has user license to whom clone you want to create (Saleforce License).
Click Save.
Go to Set up > Profile > School Personnel > Object Settings > Select the PosiEd objects > Edit the permission access of the Object and fields (Remove the Read, Create, Edit, and Delete access to the PosiEd Objects)
Update the User’s profile to School Personnel. See the details below.
Admin Staff Role
Update the User’s profile to School Personnel
Add the user to the permission-set group
Go to Setup > Users > click the user > click permission set assignment > look for the permission set group assignment> Edit Assignement > drag the PosiEd Admin Staff to the right > click Save.
Add the user to the Public Group
Go to Setup > Public Group >click the edit button beside School: ACC Marsden Park > set the Search to Public Groups and look for the Admin staff > drag the Admin staff to the right > click Save.
Admin Leader
Update the User’s profile to School Personnel
Add the user to the permission-set group
Go to Setup > Users > click the user > click permission set assignment > look for the permission set group assignment> Edit Assignement > drag the PosiEd Admin Leader to the right > click Save.
Add the user to the Public Group
Go to Setup > Public Group >click the edit button beside School: ACC Marsden Park > set the Search to Public Groups and look for the Admin Leader > drag the Admin leader to the right > click Save.
Teacher
Update the User’s profile to School Personnel
Add the teacher to the Public Group and to the Grade Level they’re handling.
Go to Setup > Public Group >click the edit button beside School: ACC Marsden Park > set the Search to Public Groups and look for the teacher > drag the teacher to the right > click Save.
Same process > look for the Grade Level and click the edit button beside it > look for the teacher > drag the teacher to the right > click Save.
Click the Assigned User and assign all users except for System Administrators by clicking the New Users/ Add Multiple Users.
Enable the Flow User to all users with School Personnel as Profile so they can use the Log an Observation Utility Bar and button Account.
Permission Sets
To extend permissions without changing the base profile, the following permission set must be created and grouped by its permission set group.
Go to Set up > Permission Sets > Click New > Enter a label > Click Save
Label = Enter a label following the labels provided below.
API Name = auto-populates once a label is entered.
[PosiEd] Log a Wellbeing Observation
Allows the user to create a wellbeing observation and other related objects
Grant Access to the Object and Field Permissions
Objects | Object Permissions | Field Permissions |
|---|---|---|
Wellbeing Observation | Read, Create, Edit, and View All Fields | Read and Edit |
Wellbeing Involvement | Read, Create, Edit, and View All Fields | Read and Edit |
Add and enable PosiEd.Wellbeing: Log an Observation in the Flow Access
Flow Access > Add PosiEd.Wellbeing: Log an Observation to Enabled Flows > Click Save.
[PosiEd] Mark a Roll
Allows the user to mark a roll of any class.
Grant Access to the Object and Field Permissions
Objects | Object Permissions | Field Permissions | Record Type |
|---|---|---|---|
Session | Read, Edit, and View All Fields | Read and Edit | N/A |
Account (Lookup) | Read and View All Fields | Read | None |
Bell Time (Lookup) | Read and View All Fields | Read | N/A |
Asset (Lookup) | Read and View All Fields | Read | Tick the Location only |
Event |
| Read and Edit | Tick the following:
|
Cohort Session | Read and View All Fields | Read | N/A |
Cohort | Read and View All Fields | Read | N/A |
Timetable Structures | Read and View All Fields | Read | N/A |
Timetable Periods | Read and View All Fields | Read | N/A |
Absence Submission | Read and View All Fields | Read | N/A |
Absence Reason | Read and View All Fields | Read | N/A |
[PosiEd] Read Day Attendance
Allows the user to view the day attendance of any class.
Grant Access to the Object and Field Permissions
Objects | Object Permissions | Field Permissions | Record Type |
|---|---|---|---|
Day Attendance | Read and View All Fields | Read | N/A |
Account (Lookup) | Read and View All Fields | Read | Tick the following:
|
Session | Read and View All Fields | Read | N/A |
Absence Submission | Read and View All Fields | Read | N/A |
[PosiEd] Read School Accounts
Allows the user to view all school accounts in the org.
Grant Access to the Object and Field Permissions
Objects | Object Permissions | Field Permissions | Record Type |
|---|---|---|---|
Account (School) | Read and View All Fields | Read | Tick the following:
|
Kiosk Definition (Lookup) | Read and View All Fields | Read | N/A |
[PosiEd] Read Student Accounts
Allows the user to view all student accounts in the org.
Grant Access to the Object and Field Permissions
Objects | Object Permissions | Field Permission | Record Type |
|---|---|---|---|
Account (Students) | Read and View All Fields | Read | Tick the Person Account only |
Student Attributes | Read and View All Fields | Read | Tick all record types |
Kiosk Definition | Read and View All Fields | Read | N/A |
[PosiEd] Edit Accounts
Allows the user to edit core student, teacher, and carer details in objects such as Person Account and Student Attributes, etc.
Grant Access to the Object and Field Permissions
Objects | Object Permissions | Field Permission | Record Type |
|---|---|---|---|
Account | Read, Edit, and View All Fields | Read and Edit | Tick the following:
|
Student Comms | Read, Edit, and View All Fields | Read and Edit | N/A |
Student Attribute | Read, Create, Edit, and View All Fields | Read and Edit | None |
Student Record | Read, Edit, and View All Fields | Read and Edit | N/A |
Employee Role | Read, Edit, and View All Fields | Read and Edit | N/A |
In the Account object, assign Household Account Record Type.
[PosiEd] Attendance Management
This permission set allows users to access the Attendance App and associated objects
Grant Access to the Object and Field Permissions
Objects | Object Permissions | Field Permission | Record Type |
|---|---|---|---|
Day Attendance | Read, Create, Edit, and View All Fields | Read and Edit | N/A |
Events | N/A | Read and Edit | Tick all record types |
Comms Template | Read, Create, Edit, and View All Field | Read and Edit | N/A |
Absence Submission | Read, Create, Edit, Delete, and View All Field | Read and Edit | N/A |
Absence Reason | Read, Create, Edit, and View All Field | Read and Edit | N/A |
Session | Read, Create, Edit, and View All Field | Read and Edit | N/A |
Cohort Session | Read and View All Fields | Read | N/A |
External System Connection | Read and View All Fields | Read | N/A |
[PosiEd] Create/Edit Cohorts
The ability to create and edit Cohorts and Cohort Members
Grant Access to the Object and Field Permissions
Objects | Object Permissions | Field Permission | Record Type |
|---|---|---|---|
Cohort | Read, Create, Edit, and View All Field | Read and Edit | N/A |
Cohort Member | Read, Create, Edit, and View All Field | Read and Edit | Tick all record types |
Cohort Schedule | Read, Create, Edit, and View All Field | Read and Edit | N/A |
Cohort Schedule Connection | Read, Create, Edit, and View All Field | Read and Edit | Tick all record types |
Cohort Session | Read, Create, Edit, and View All Field | Read and Edit | N/A |
School Calendar | Read, Create, Edit, and View All Field | Read and Edit | N/A |
School Calendar Cohort | Read, Create, Edit, and View All Field | Read and Edit | N/A |
Cohort Assessment | Read, Create, Edit, and View All Field | Read and Edit | N/A |
[PosiEd] Create/Edit Timetable Structure
The ability to create and edit timetable structure and other related objects
Grant Access to the Object and Field Permissions
Objects | Object Permissions | Field Permission | Record Type |
|---|---|---|---|
Timetable Structure | Read, Create, Edit, and View All Field | Read and Edit | N/A |
Timetable Terms | Read, Create, Edit, and View All Field | Read and Edit | N/A |
Timetable Periods | Read, Create, Edit, and View All Field | Read and Edit | N/A |
Date Maps | Read, Create, Edit, and View All Field | Read and Edit | N/A |
Bell Time | Read, Create, Edit, and View All Field | Read and Edit | N/A |
Cohorts | Read, Create, Edit, and View All Field | Read and Edit | N/A |
Contacts | Read and View All Fields | Read | None |
Account | Read and View All Fields | Read | None |
Subjects | Read, Create, Edit, Delete, and View All Fields | Read and Edit | N/A |
[PosiEd] Create/Edit Kiosk Definition
The ability to create and edit Kiosk Definition and other related objects
Grant Access to the Object and Field Permissions
Objects | Object Permissions | Field Permission |
|---|---|---|
Kiosk Definition | Read, Create, Edit, View All Records, and View All Fields | Read and Edit |
Kiosk Reasons | Read, Create, Edit, View All Fields | Read and Edit |
Absence Reasons | Read and View All Fields | Read |
[PosiEd] Read Cohort
This permission set allows users to view the Cohort.
Grant Access to the Object and Field Permissions
Objects | Object Permissions | Field Permission | Record Type |
|---|---|---|---|
Assessment Group | Read and View All Fields | Read | N/A |
Contacts | Read and View All Fields | Read | N/A |
Cohort | Read and View All Fields | Read | N/A |
Cohort Member | Read and View All Fields | Read | None |
Cohort Schedule | Read and View All Fields | Read | N/A |
Product | Read and View All Fields | Read | N/A |
Subject Offering | Read and View All Fields | Read | N/A |
Timetable Structure | Read and View All Fields | Read | N/A |
Timetable Term | Read and View All Fields | Read | N/A |
[PosiEd] PosiEd Logs
Grant Access to the Object and Field Permissions
Objects | Object Permissions | Field Permission |
|---|---|---|
PosiEd Logs | Read, Create, Edit, Delete, and View All Fields | Read and Edit |
[PosiEd] Health Center
Grant Access to the Object and Field Permissions
Objects | Object Permissions | Field Permissions |
|
|---|---|---|---|
Account | Read, Create, Edit, and View All Fields | Read and Edit | Person Account |
Sessions | Read, Create, Edit, and View All Fields | Read and Edit | N/A |
Assets | Read, Create, Edit, and View All Fields | Read and Edit | Locaton |
Treatment Actions | Read, Create, Edit, and View All Fields | Read and Edit | N/A |
Medication Administrations | Read, Create, Edit, and View All Fields | Read and Edit | N/A |
Health Centre Admissions | Read, Create, Edit, and View All Fields | Read and Edit | N/A |
Data Protection and Privacy
If Data Protection and Privacy are enabled in your org, grant READ access to Individual objects for the following Permission Sets:
[PosiEd] Read Student Accounts
[PosiEd] Read School Accounts
Field Service
If Field Service is enabled in your org, give READ access to the Operating Hours object for the following Permission Sets:
[PosiEd] Read Student Accounts
[PosiEd] Read School Accounts
Permission Set Groups
Add each permission set to each designated permission set group.
Go to Set up > Permission Set Groups > Click New > Enter the label > Click Save
Label = Enter a label following the labels provided below.
API Name = auto-populate once a label is entered
[PosiEd] Admin Staff
This will be the base permission for users of General Admin Staff users.
[PosiEd] Edit Accounts
[PosiEd] Attendance
[PosiEd] Create/Edit Cohorts
[PosiEd] Attendance Managementnt
[PosiEd] Mark a Roll
[PosiEd] Read Cohort
[PosiEd] Read School Accounts
[PosiEd] Read Student Accounts
[PosiEd] PosiEd Logs
[PosiEd] Health Center
[PosiEd] Admin Leader
This will be the base permission for users of Admin Leader.
[PosiEd] Attendance Management
[PosiEd] Create/Edit Cohorts
[PosiEd] Create/Edit Kiosk Definition
[PosiEd] Create/Edit Timetable Structures
[PosiEd] Edit Accounts
[PosiEd] Log Wellbeing Observation
[PosiEd] Mark a Roll
[PosiEd] Read Cohort
[PosiEd] Read School Accounts
[PosiEd] Read Student Accounts
[PosiEd] PosiEd Logs
[PosiEd] Health Center
[PosiEd] Enrolment Staff
This will be the base permission for users of Enrolment Staff users
[PosiEd] Edit Accounts
[PosiEd] PosiEd Logs
[PosiEd] Mark a Roll
[PosiEd] Read Student Accounts
[PosiEd] Teaching Staff
This will be the base permission for users of Primary Teaching Staff and Secondary Teaching Staff. Whenever a new teacher is added to the Org, the appropriate permission sets should be assigned accordingly.
[PosiEd] Mark a Roll
[PosiEd] Read School Accounts
[PosiEd] Read Student Accounts
[PosiEd] Read Cohort
[PosiEd] PosiEd Logs
Assignments
Assign School Personnel profile to all users with roles.
Assign Teaching Staff permission set group to all users with Primary Teaching Staff and Secondary Teaching Staff roles.
Assign Admin Staff permission set group to all users with Admin Staff role.
Assign Admin Leader permission set group to all users with Admin Leader role.
Assign Enrolment Staff permission set group to all users with Enrolment Staff role.
Setup: Record Access
Org-Wide Defaults
Set all objects to Private/Controlled by Parents and only share records with other users via Sharing Rules. This would be the base record access for each user where they can only see records they owned and records that are shared with them via sharing rules.
Roles Setup
This directly influences the organization's Sharing Settings (OWD and Sharing Rules) to establish the access levels for users.
Public Groups
A public group for all the staff of a certain school. You must create a public group for each school/university/department in a multi-school setting. This will also be used in the sharing rules setup for school-wide record access (e.g. read access to all students in a specific school).
Integration Users: A public group for all the staff of a certain school. You must create a public group for each school/university/department in a multi-school setting. This will also be used in the sharing rules setup for school-wide record access (e.g. read access to all students in a specific school).
Assignments
Add all users to their designated School public group.
Currently, there is a public group named School: ACC Marsden Park in CEM org, all users under ACC Marsden Park should be added to it.
All Year Advisor and Stage Coordinator users must be added to their respective grade-level public groups.
E.g. John Doe is the designated Stage Coordinator to Grade Levels 2 and 3 students of ACC Marsden Park, thus, John Doe should be added to the [ACC] Grade Level: Year 2 and [ACC] Grade Level: Year 3 public groups. Please note that in a multi-school setting, all grade-level public groups should be created for each school. The reason behind this is that this public group is used in sharing rules that will satisfy this requirement — the stage coordinator/year advisor should not have access (or visibility) to the confidential records of other schools.
Sharing Rules
Account Sharing Rules
Each school account should have read and write access.
Session Sharing Rules
Each school should have access Read/Write access to Sessions.
Asset Sharing Rules
Each school should have Read/Write access to Asset.
Cohort Sharing Rules
Cohort Assessment Sharing Rules
Day Attendance Sharing Rules
Kiosk Definition
Kiosk Reason Sharing Rules
Absence Reason Sharing Rules
Each school account should have read and write access.
Absence Submission Sharing Rules
PosiEd Log Sharing Rules
Wellbeing Involvement Sharing Rules
Confidential Document Sharing Rules
Design Considerations
Formula field is not supported in sharing rules
We can't use relationship fields in sharing rules
We can't use multi picklist in sharing rules
We can create a boolean formula field on an object where we can check if the logged-in user has the same school code on the viewed record but we don't have a way to get the updated value of that formula field when being recalculated
We could create a trigger on the same object to get the value of the formula field and duplicate that value to a text field but the record should fire an update action - which is not ideal.
We can only reference one public group in a single-sharing rule
This means we can't set both grade level and school public groups in one setup. If we create a sharing rule for a specific grade level that means it will enable all user under that public group to see records only in their designated level regardless of what school. If we create a sharing rule for a specific school this means all users can see data related to that school regardless of what grade level. We can only choose one or the other, not both.
We can only set a maximum of two restriction rules per object.
This means that it is not recommended to utilize this feature if a certain organization has more than 2 schools.
Restriction only supports one criteria and only supports limited field data types.