Create security tags

When determining user security, an administrator must consider all information a user needs to access to do his or her job. First, an administrator grants privileges to users by defining a role’s access to a table. This access includes all fields within that table. You can use security tags to limit access to the fields within a particular table.

Security tags can either grant 'read' or 'update' access to specific fields, or restrict access to specific fields, depending on how you assign them to a role. For example, if you tag four fields in the Student table, you can grant full access to those fields to one role, and deny access to those fields to another role.

For example, assume you want the grading manager, conduct manager, and guidance roles to be able to only view the LASID and SASID fields; you do not want users with those roles to be able to update or change the values in those fields. To do so, you might create a security tag named ID Fields and include the Local Id and SASID fields in the Student table. Then, when you assign the tag to the roles listed above, you select to give read-only access to the fields within the tag. Users with that role can now only view the Local Id and SASID fields; they have full access to all other fields in the Student table.

Or, assume you want to give teachers access to only 15 fields in the Student table. To do so, you might create a security tag named Teachers and include the 15 fields in the Student table. Then, when you assign the tag to the Instructor role, you select to give 'full access' to ONLY those fields you defined in the tag. This means that users with the Instructor role can access only those fields in the Student table; they cannot even read the other hundred fields in the table.

Important: When you create a security tag and assign a role 'full access' to the fields within the tag, you immediately limit the role to those fields only.

When you create security tags, do the following:

  1. Create the tag.
  2. Log on to the District or Intermediate Organization view.
  3. Click the Admin tab.
  4. Click the Security Tags side-tab.
  5. On the Options menu, click Add.
  6. Enter a name for the security tag. The name should indicate the type of information you are granting to users.
  7. To select the table you want to tag specific fields from, begin typing its name and select it, or click Search icon. to make a selection from a pick list.
  8. Click Save.
  9. Specify the fields within a table you want to tag.
  10. On the Security Tags side-tab, click Fields.
  11. On the Options menu, click Add. The Data Field Config Attribute pick list appears.

    12. Note: If the field you want to apply security tags to is from the extended data dictionary, select the table from the Extensions drop-down. The fields within that extended table appear.
  1. Select the fields you want to tag within this table, and click OK.
  2. Assign the tag to roles, determining if you grant or restrict access to those fields in the tag.
  3. On the Security Tags side-tab, click Roles.
  4. On the Options menu, click Add. The Security Role pick list appears.
  5. At the Access type field, select one of the following:
    • No access to deny any access to the fields you specified in the tag.
    • Read-only access to grant the ability to read the values in the fields you specified in the tag.
    • Full access to grant read and update access to the fields you specified in the tag. Users with the roles you select in the next step cannot view or use any other fields in the table.
  1. Select the roles.
  2. Click OK.