A user’s access to Astra Schedule is controlled through the application of specific permissions and data profiles by way of a role. Permissions determine what tasks may be performed by a user. Data profiles determine the items on which tasks may be performed. Roles determine both the permissions available and the data to which they can be applied. One or more roles may be applied to a user to create the appropriate level of access to the application.
Roles are groups of application permissions that may be applied to users. Default roles are provided in the application that may be used to quickly apply permissions to users. However, you may define additional roles and/or add individual permissions within roles as needed. One role must be selected when creating users in the application.
Permissions available through the Role include all tasks that may be performed within the system. This includes scheduling resources, editing, and viewing data, and performing administrative duties and overrides. Additionally, certain permissions, once selected, may be further defined by specifying the data to which the permission applies. By default, permissions apply to all data of its type in the system unless limited through the application of a profile.
The role record includes a name and description, shown in the Role Info section at the top of the window. Additionally, the names of the users to whom the role is associated are listed. Following the basic role information are sections representing the major areas and data types in the application. Scheduling permissions, editing permissions, and administrative permissions are represented in each section as applicable.
- Click the Settings tab.
- Click Roles.
- To view additional details about a specific role, click directly on the role name from the list.
- Click "Add a Role" from the main role list window. A new role form will appear.
- Enter a name and description for your role.
It is recommended that you choose a naming convention for your roles that helps to identify the type of responsibility that might be supported by the role. The name should reflect both the type of permissions and the data profiles defined within the role. This will aid in quickly finding and selecting appropriate roles for your users. Examples might include “Academic Scheduler - Biology”, or “Registrar’s Office - Academic Admin”.
- The permissions available within a role are organized into groups based on the area of the application, and then by permission type within the area. Click the + button to expand applicable permission types, and then place a check in the box next to the edit, schedule, and administrative permissions you wish to grant the role. Note that certain permissions are dependent on others and will remain disabled until the appropriate selection is made. For example, you cannot edit something until you can view it.
By default, selected permissions are applied to all applicable data in the application. Certain permissions, especially editing and scheduling permissions, can be limited to specific data. For example, if you are creating a role for a departmental academic scheduler, you may wish to associate specific subject and room data to the editing and scheduling permissions granted in the role.
To limit selected permissions:
- When a permission is selected that can be limited, an edit pencil icon will appear. Click this icon to display the data selection options.
- Use the applicable group options and navigate the data tree to find and select the data items that should be associated with the permission in question.
When making data selections, selecting a parent node in the data tree ensures that any new items added are inherited in the security model. For example, if you select a building in a room profile, any new rooms added to the building will also be accessible by users associated with the role. If, however, you select individual rooms instead of the building, the room access list will remain static.
- Click "Ok" to add the selected items to the permission within the role. Notice that the data to which the permission applies is indicated to the right of the permission.
- Continue adding profiles to other permissions as needed.
- Choose "Save" to save your role and return to the main window. This role with its associated permissions and profiles may now be assigned to a user.
To make a copy of a role, click the Copy button in the top right corner of a role page. Enter the new role name and click OK. The new role will be created, and you can edit as needed.