Back

User access levels, passwords and logins

Introduction
Computer systems which hold data should not be accessed by just anyone. Only an authorised user should be able to log on to the system. This means that they should have their own login and password. In addition, just because somebody can log in to a computer system, doesn't mean they should be able to access all of the data on it. 

EyeLogins and passwords and 'views of data'
Although everyone in an organisation accesses the same computer system and same database holding all of the organisation's data, each person only sees their own personal view of that data. What they see depends on what job they have in the organisation and what data they need to carry out that job. They cannot see any data that has nothing to do with their job role. This is known as the 'data view' somebody has.

Although everyone in organisation can access the same computer system with all of the data, each person only sees their own personal view of that data, depending on what data and applications they need access to or what job role they perform and what data they need to carry out that job. They cannot see any data that has nothing to do with their needs or job role.

Teachers, for example, can get access to a student's academic records and details about how to contact home, but they have no access to any medical records that the school may have about a student on its system. On the other hand, the school nurse will be able to access each student's medical records but not their academic ones. The Head may be able to access all data. 

User groups, users and inheritance
When many students joins a school at the same time in September, it would take a very long time for a Network Manager to set up the rights for each individual student. Also, if a student then joined the school later in the year, the Network Manager would have to try to remember what rights they gave to all of the other students so that this new student had the same rights os the other! This is a problem but fortunately, there is a solution.

The Network Manager is able to set up a User Group for each type of student. In a school, they might set up thw following User Groups:

    • Key stage 3 student
    • Key stage 4 student
    • Key stage 5 student
    • Teacher
    • Senior teacher
    • Head teacher
    • General Office staff
    • Finance office staff
    • Medical staff
    • Site Support staff

In fact, the Network Manager can set up as many User Groups as they like. They then assign rights to each User Group using the Network Operating System. They set up what files and folders each group is allowed to see and what they can do with them (read only, read and write to them, delete them). They also set up what applications each group is allowed to see, open and use. They can set up other things as well. For example, the day or time of day when the group is allowed to access a particular application. 

Now, when a new student joins the school, the Network Manager doesn't have to set up their rights individually. All they have to do is to make the student a member of a partcular group. That student then inherits all of the rights that that group has. The Network Manager can quickly set up hundreds of students in this way, and doesn't need to remember what rights have to be given to any individual.

Back