Compass Permissions are designed to control the access your staff members have within Compass. Once you start using your Compass Portal, you will begin to notice the number of areas staff have access to. Permissions are designed to allow you to limit what your staff can see and change.
To assist you to provide your staff with the appropriate access within your portal, we have created Compass Role Groups. These groups have been created to include a number of individual Permissions that will limit your staff, according to their role within your school. The Role Groups can be managed in your portal via the Permissions Manager.
The Permissions Manager, is an area in Compass, where you can see all of the groups, the permissions associated with them. Within the Permissions Manager you can also remove and add permissions as needed. To allocate your staff to a group, we recommend having your Technician allocate users via your LDAP system (Active Directory, Open Directory or Novell).
Please note, all staff are added by default to the CompassStaff group. Given this, you really only need to look at adding staff that need a higher or lower level of access, to an additional group. Staff can be added to multiple groups in order to ensure they have the correct access. If you do not use an LDAP system, then staff can be added to groups using the People Management module within your Compass portal.
Permissions Manager is an area in Compass where you can see all of the groups in Compass and the permissions associated with them. We call these Default Permissions. You can also remove and add permissions as needed to each group, we call these School Defined Permissions.
The Default Permissions are not editable; however, you can add and remove the School-Defined Permissions as required.
The Permissions Manager can be accessed in your Compass portal via the Tools menu (cog icon) > Administration Tools > Permissions Manager.
We strongly recommend you review each Role Group, especially CompassStaff, CompassTeachingStaff and CompassReplacementStaff to ensure all users allocated to the Role Group will have the appropriate access within your portal.
Within the Permissions Manager simply click on a Role Group in the left column to view its Default permissions at the top right and manage its School-Defined permissions in the bottom right.
Please Note: You must be a member of the ‘CompassSponsors’ Role Group to have access to and manage the Permissions Manager page. We strongly recommend that only a select number of staff at your school be allocated to this Role Group. Please refer to the comprehensive list of Compass Role Groups and Individual Permissions Descriptions here
Allocating Users to Permissions - CompassLink to your LDAP System
If your school utilises an LDAP system (e.g. Active/Open Directory or Novell), you staff should be allocated to their groups via this system.
Your technician will need to create the Compass Role Groups on your school’s LDAP system and ensure that all users accessing Compass have network accounts. Your technician then needs to add the staff to the relevant Role Group(s), based on their role and responsibilities at your school.
Local Users in Compass
If some of your school’s users are created locally in Compass, your school can allocate users to Role Groups via their profiles in People Management. Please refer to the People Management section in this document for further details. If your school utilises an LDAP system (e.g. Active/Open Directory or Novell), you staff should be allocated to their groups via this system.
Reviewing Permissions
You can easily review who is assigned to which Role Group via your Compass portal in Permissions Manager.
Assigning Staff to Role Groups via People Management
You should add or remove Role Groups for these users within Compass via People Management.
To do this, use the dropdown under the ‘User Role Groups’ heading on the ‘Compass’ tab to select the Role Group and click the ‘+Add’ button. If some of your school’s users are created locally in Compass, your school can allocate users to Role Groups via their profiles in People Management.
Please Note: To access People Management and edit permissions, you require the PeopleManagement.EditPermission and UserRecordsAdmin permissions, which is associated by default with the CompassSponsors, CompassBusinessManagers and CompassRegistrars Role Groups.
To add/remove Permission Role Groups for a user within People Management, you will require the permission called PeopleManagement.EditPermissions.
Assigning Individual Permissions (LDAP Systems Only)
Creating Individual Permissions Your school technician can create a new group in your LDAP system, prefix the permission title with CompassApp and add the relevant users to this group. I.e. If you were giving an individual user the ReportsAdmin permissions, you would create a group named CompassAppReportsAdmin, and then add the user into the group.
The CompassApp prefix and all permissions are case sensitive, please ensure they match exactly for the permission to be successfully applied. If you wish to provide individual staff with a specific permission, i.e ReportsAdmin for your Reporting Coordinator, you will need to create new Role Groups in your LDAP system (Active Directory, Open Directory or Novell). Your school’s IT team should manage this process.
For a Comprehensive List of the Permission Groups please click here