It would help to mange user groups and security if there was a document that listed all the roles with what the can "see" and what they can "do" or what is visible and what they can write to database
23 comments
-
Adam Sentz Official comment Creating and maintaining such a list would be a herculean effort resulting in a document so unwieldy it would make more sense to just ask Populi Support rather than trying to find something in it. So, if you're wondering about something that isn't enumerated in the knowledge base, just send us a support request and we'll get you the answer you need.
-
Isaac Grauke Thanks for posting this Dennis. I'll link to the article that we currently have on User Roles, although I think you are hoping for a more detailed list. We'll look at ways of adding detail to these although I don't know if it will ever beat simply logging in as each user Role individually and experiencing whats available/possible.
https://support.populiweb.com/hc/en-us/articles/223789287
If anyone else has ideas to share on what was helpful for them when they were first learning the system, we'd love to hear them!
-
Jeremiah Miller I agree with Dennis. It would be great to have a detailed list of what each role can see and do. Although logging in and playing with the roles is helpful, there are always hidden things that aren't obvious. This lack of detail could actually be pretty dangerous if we give someone a role and don't fully understand the consequences of what they can change or what information they can see.
I would assume that Populi's development team probably has a pretty detailed list of what each role can do, what areas it can write to, and what they can only view. Although it would be somewhat technical, it would be really useful for us administrative types. :-)
-
Chris Chiacchierini I agree with Dennis too. The documentation is inadequate in this area, especially when trying to set up an institution. We are forced to engage in a time consuming trial and error learning process. A matrix defining specific user roles would save us much time and frustration.
-
Bev Atwood I'd like to see a list too. For example, I want faculty to be able to view the catalog, so would like to search on Catalog to see which roles make that possible.
-
[Registrar] Villafana This would be helpful to have, especially as we determine who needs FERPA training. Let me know if you are able to share it. Thanks!
-
Lee Richards @Nick Jobe, this is excellent. I'd be happy to review it to see if there is anything to add or adjust.
-
Evan Donovan This is amazing - can you please make this a shared document?
As to the comments from Populi staff above, I believe this is a reasonable request since when we used the Moodle request, we not only could see all the permissions, we actually could manage and customize them ourselves.
I don't require the ability to change the permissions assigned to each role, but as a technical person, I would at least like to know what they are in more detail than the narrative description offers. The spreadsheet that Nick created is great, but I imagine Populi internally has something more detailed. -
Evan Donovan Also, Isaac, that second link you provided is now a 404.
-
Adam Sentz Evan Donovan - "but I imagine Populi internally has something more detailed."
Well, we have the source code. But there is no documentation that we are just unwilling to share. If you have a question about permissions in Populi we still recommend asking us and/or testing it for yourself.
-
Evan Donovan Adam Sentz: I didn't intend to imply that you were deliberately withholding information from your users - I was simply thinking that you might have something more detailed than https://support.populiweb.com/hc/en-us/articles/223789287-User-roles, since that is simply a few paragraphs about each user role.
I am a developer myself, so I typically try to document things like this, and Nick Jobe's spreadsheet, above, shows that it could be done.
In my specific case, though, what I want to know is whether the "access to Data Slicer reports" permission is all or nothing.
From my testing so far, it appears that an Academic Auditor can see some, but not all, of the reports that we've created in Data Slicer. However, I'm not sure what logic is governing which are visible.
Also, it appears that a report with both academic and financial related fields can be viewed by the Academic Auditor user, but only the academic related fields show.
So my question is: What level of user role would I have to give someone to give them read-only access to Populi (no ability to write), but allow them to view any Data Slicer report with any fields? Or is that a role that doesn't exist yet, as per https://support.populiweb.com/hc/en-us/community/posts/214223607-Read-Only-Roles
Please let me know if I should submit a support request related to this.
Thanks. -
Adam Sentz Evan Donovan - I'd recommend opening a support request about the Data Slicer reports so we can look into the specifics for you.
For what it's worth, from our perspective, permissions in Populi are too complex and fine-grained to be accurately documented in a useable fashion, and, due to the continuous development of Populi, relying on any such document alone to be source of truth regarding permissions in Populi is not something we would recommend.
-
Evan Donovan Ok, in the future, then, I will simply file support tickets regarding any specific requests. I am just used to my work with the Moodle and Drupal systems, where the permissioning was exposed in the interface so you could see what access the different users had.
But I understand that it would be a massive architectural shift for you to try to expose that in the interface, so if you don't think that it makes sense to have a document with more details than what is in https://support.populiweb.com/hc/en-us/articles/223789287-User-roles, I won't advocate further for this.
-
Chris Nelson What roles are allowed to add users to Populi? i.e. students, faculty, staff, users, students? i.e. we need to make sure we limit the number of people who can add users/roles to Populi. We had internal auditors ask specifically about this.
-
Chris Nelson This may have been discussed elsewhere, but why does each role have the ability to add roles equal to and below other roles? Could this not be managed at an admin level only i.e. Academic Admin and site administrator?
-
Brendan O'Donnell Chris Nelson: Each entry in the User Roles article has a bulletpoint for which roles a particular role can add to other users. For example, the "Academic Admin" entry notes that They can give any person the following roles: Academic Auditor, Admissions, Admissions Admin, Advisor, Campus Life, Discipline, Faculty, Registrar, Staff, Student, and Teaching Assistant.
Not every role can add roles to other users—to add a role, you'd have to have the Staff role; Faculty can't create students or other Faculty, Students and Library Patrons can't add roles, etc.
Limiting the ability to add roles to administrators would be technically daunting (to put it mildly) and would result in a far more unwieldy tool. And certain processes—an Admissions user accepting an application, for example—are made far more useful by the ability for regular school Staff to give user roles to others.
That said, I understand the need for a set of people at the school to know who can access what. A couple existing options that spring readily to mind:
- You can ask Populi Customer Support to set up automations for user roles. For example, every time someone is given the Financial Admin role, Populi can email a notification to the Account Admin letting them know this happened.
- Click a role (or use Search, etc.) and you can see everyone who has that role. Or you can use the new reporting tool in Contacts > People to see who has a particular role.
-
Chris Nelson For clarification, is the staff role automatically assigned to users when they are set up?
The 2 options you mention I was not aware of. The first one will definitely be useful.
Thanks
-
Brendan O'Donnell The Staff role is only automatically added when you give someone another role that requires the Staff role. For example, if you give someone the Student Billing role, they also get the Staff role because they need access to people's contact info and other personally-indentifiable information. However, if you give someone the Student role, that's all they get—there's no need for a Student to have staff-level access to Populi, so we don't automatically add it.
-
Chris Nelson Nick Joben would I be able to get a copy of your excel spreadsheet showing the roles etc? Thank you
-
John McIntyre Nick Joben: it would be great if you could somehow share a copy of your Excel spreadsheet showing the User roles matrix. Thank you!
-
Jeff Ingle We would also love to get a copy of your Excel spreadsheet! If you could post it here or share to jingle@theexcelcollege.com, that would be most appreciated!
-
-
Arlene Cash Has anyone been able to find this spreadsheet that Nick Jobe started? I see they have not been active for 4 months and worry that they are no longer connected here. If anyone was able to get Nick’s spreadsheet, please let me know. Acash@sfai.edu
Thanks