Aeries Web Security

From Aeries Online Help
Jump to: navigation, search


Documentation

Aeries Web Security
Adobepdficon.png [Aeries Web Security - Updated March 3, 2017]
Adobepdficon.png [Aeries Web Security Tables - March 3, 2017]


Contents







Aeries Web Version - Aeries Web Security


Aeries Web Version Security can be set up in three different security areas; Users, Groups and Portal Groups.

• Users – The area where log-in accounts are created.

• Groups - The area where Group permissions can be set up for User accounts.

• Portal Groups - The area where Portal Group permissions can be set up for Parent, Student, Substitute Teacher and Teacher accounts.

Permissions can be set up separately for all three areas and Field level security can be used with Groups and Portal Groups for Student Data, Emergency Contacts, and Staff forms. Security can be set at the District or School level. Only an Admin log-in account will be able to access the Security area.

Security in Aeries Web Version is form based. If a user has permissions to the form they will then have permissions to all tables associated to the form.

There are three tables used by Aeries Web Version to implement security; UGN, UGA, and UGP. The security set up in Aeries Web Version is separate from the security set up for Aeries Client Version.

UGN – Stores information about Users and Groups

UGA – Stores information about User and Group Memberships and Associations

UGP – Stores information about permissions granted to Users and Groups

Security is setup and configured in the district's default database as defined by the AeriesNetConnections.config file. Within that file, all databases within the same database group will all share the same permissions. Multiple years of permissions exist in the default database with a field for specifying permissions for Current Year, Last Year, and All Prior Years. Logging into any year's database will look to the current year for permissions.

To set security permissions, click the mouse on the Security node on the Navigation tree.

AeriesNet Security05162016 01.png

The different security areas where permissions can be set up will display under the Security node; Users, Groups and Portal Groups.

AeriesNet Security05162016 02.png

GROUPS

The Groups form is used to set up Group security. Specific permissions for a group of users can be set in one instance. Once Groups are created, accounts can then be associated with a Group. Aeries also supports Group Inheritance, meaning groups within groups.

NOTE: Do not add groups for Parent or Student accounts in this area. Those groups are handled under the Portal Group area.

To set up Group Security for User Accounts, click the mouse on Groups under the Security node on the Navigation tree.

AeriesNet Security05162016 03.png

The following form will display. Existing groups will be listed by name.

AeriesNet Security05162016 04.png

Add a Group

To add a new Group, click the mouse on the Add button. The following form will display. Enter all information and then click the mouse on the Update button.

AeriesNet Security05162016 05s.png
  • ID This number will be automatically assigned by the system.
  • Group Name – Add a name for the Group
  • Date Created – The system will generate this date upon creation of the group.
  • Expiration Date – Date for the account to expire. Note: When the date set occurs and a member of the group attempts to log in, they will get a message on the log in screen that the account has expired and they will be unable to log in. This is optional.
  • Status – Currently you can tag a status of Active, Locked, Disabled or Pending. When a group is given a status of Locked, Disabled or Pending, the users associated with the Group will not be able to log into Aeries Web Version.
  • Comment – A comment can be entered regarding the Group.

Once a Group has been created the following form will display.

AeriesNet Security05162016 06s.png

To assign permissions for the Group, click on the Permissions icon. The Display Current Permissions checkbox will default to on. When creating a new account, no permissions will display initially. Uncheck it to display all available permissions.

AeriesNet Security05162016 07.png

The form will now expand and display Aeries Web Version tables as well as Read, Insert, Update, and Delete check boxes.

  • Read Allows users to read the data on the form.
  • Insert – Allows users to insert or add data on the form.
  • Update – Allows users to update or change data on the form.
  • Delete – Allows users to delete data on the form.
  • Mass Update – Allows users to mass change data
  • Administer – Special permissions for certain tasks (covered separately in this document)
  • Expiration Date – Used to temporarily elevate a user's permission. Permissions will automatically expire at the end of the date specified. Note: Read permissions do not expire.

These boxes will be used to assign which permissions the group is allowed for each form. To set permissions for the group, click the mouse on the appropriate permission box for each form. If no permissions are to be granted for a form, leave all of that forms corresponding boxes unchecked.

AeriesNet Security05162016 08.png

There are tabs for the Current Year, Last Year, and Before Last Year. To give users access to prior year databases, permissions must be assigned on those additional tabs. If no permissions are specified for prior years, the user will only have access to the current year.

NOTE: If permission to a form is not granted for a user, the user will not see that form on the Navigation tree.

To deny certain permissions to a form, click the mouse twice on the appropriate permissions box. A red X will now display in the box and the corresponding permission will be denied to the user.

AeriesNet Security05162016 09.png

Once all permissions have been set for the group, select the Display Permission Only checkbox. The form will now only display the permissions that have been assigned to the Group, hiding any that have been unassigned.

AeriesNet Security05162016 10.png

NOTE: The permissions selected are saved automatically. To assign additional table permissions for a Group, deselect the Display Current Permissions option to again view the Aeries Web Version security areas.

Group Members are shown under the Group Members tab. A Group obtains members when a log-in account is associated with the Group on the Users security form. Click on a username to add them as a member of the group. Click the X to remove them.

AeriesNet Security05162016 11.png

Group Inheritance

The Group Inheritance tab allows districts the ability to have nested groups. Different sets of permissions for security Groups can be grouped together. An example of a use of this option would be if the district has a group that allows read permissions on all of the basic student information forms and has a role that allows full permissions to all discipline related data. If the Discipline Group inherits the basic student information group, you would only need to assign the one discipline group to a user for that user to have both sets of permissions.

To add Group Inheritance to an existing Group, click the mouse on the group name under the Group Inheritance tab.

AeriesNet Security05162016 12.png

To remove a group, click the X next to the group name. You will receive a confirmation message before deleting. Changes are saved automatically.


USERS

The Users security form is used to create the log-in accounts for Aeries Web version. Each login account created must have a Type associated with the account. It is important to associate the correct account Type with each account created so that the correct login permissions are associated.

There are currently eight account Types that can be used when creating an Aeries Web Version log-in account.

Admin – An unrestricted user who logs into Aeries Web Version and can maintain all admin level functions and configurations. If a login account has a Type of Admin, no permissions can be assigned since it will automatically have full permissions to all forms and functions in Aeries Web Version.

User - Standard user log-in for Aeries Web version. Specific permissions or groups must be assigned, and access to schools is required.

Teacher - Account log-in type for teachers to use the teacher portal. A log-in account with this type will inherit security permissions from the Teachers Portal Group which can be set up under the Portal Group security area. This type of account also needs to be associated with a valid Staff ID number. School assignments are not needed for Teachers, since it inherits school assignments from the Staff ID. NOTE: In addition to Portal Group permissions, teacher type accounts can be given additional Group and User permissions.

Substitute Teacher - Account log-in type for substitute teachers to use the teacher portal. A log-in account with this type will inherit security permissions from the Substitute Teachers Portal Group which can be set up under the Portal Group security area. This type of account needs to be associated with a valid Staff ID number. Substitute Teacher accounts can be generated through the Create Substitute Teacher Accounts form. NOTE: In addition to Portal Group permissions, substitute teacher type accounts can be given additional Group and User permissions.

Active Directory Admin/User/Teacher/Substitute Teacher – Active Directory type of accounts have the same features as account types listed above. Usernames entered must match the user name specified in Active Directory. Ex: ABCUSD\username format may need to be used. No password is needed for these types of users.

Add a New Log-In Account

To create a new log-in account, click the mouse on Users under the Security node on the Navigation tree.
AeriesNet Security05162016 13.png

The following form will display. To add a new log-in account, click the mouse on Add.

AeriesNet Security05162016 14s.png

Select a Type from the Type dropdown list. This example will use a Type of User. Enter the account information and then click on the Update button.

AeriesNet Security05162016 15s.png
  • ID This number will be automatically assigned by the system.
  • Type – The type of account.
  • Identity Provider – Identifies if the account will be authenticated through the Aeries system or if it will use Google Authentication.
  • User Name – This should be a unique name that is associated with an individual log-in account. Ex: jsmith
  • Expiration Date – Date for the account to expire. Note: When the date set occurs and a user attempts to log in, they will get a message on the log in screen that the account has expired and they will be unable to log in. This is optional.
  • Status – Currently you can tag a status of Active, Locked, Disabled or Pending. When a user is given a status of Locked, Disabled or Pending, the users associated with the Group will not be able to log into Aeries Web Version.
  • Password – Enter a unique password. This field will be grayed-out when the Identity Provider is Google, or account type is Active Directory. You must also enter the password again into the Confirm Password field.
  • Must Change Password – When checked, users will be prompted to change their password the next time they log into Aeries. Setting a password to "welcome" will also prompt the user to change their password.
  • Password Last Changed will show the date the password was last changed.
  • Login Count will show the total amount of logins since the account was created.
  • Staff ID – A staff ID is required on accounts that are a Type of Teacher. The list of names to choose from comes from the STF table. Populating a Staff ID for all users is recommended.
  • First Name – Enter the user's first name. This is optional.
  • Last Name – Enter the user's last name. This is optional.
  • Email Address – A valid email address is highly recommended since it is required in order to run reports.
  • Last Login Date/Time – this will show the last time and IP from where the user logged in.
  • Last Login IP – IP address of the computer the user last used to login to Aeries.
  • EADMS ID – For users that already have a log-in id for Educator's Assessment

Data Management System (EADMS). Entering the log-in in this field allows users to Single-Sign-On directly into the EADMS Assessment System.

  • STARS ID – For users that already have a log-in id for School City STARS. Entering the log-in in this field allows users to Single-Sign-On (SSO) directly into the STARS System.
  • Comment – A comment can be entered regarding the user.

After a log-in account is created, the Users form will show three additional icons; Permissions, School Access, and Groups.

AeriesNet Security05162016 16.png

After initially creating User account types, the School Access icon will be Red. This denotes the need to assign school access to that user.

School Access

Accounts with a Type of Admin have automatic full access to all schools and do not need to be assigned school access.

Accounts with a Type of Teacher or Substitute Teacher have automatic access only to the schools associated with the Staff ID that is connected to their log-in account and do not need to be assigned school access.

Accounts with a Type of User must have their access to schools defined. To assign access for User accounts, click the mouse on the School Access icon.

The following form will display with a list of all the schools that are in the LOC table. Select the check box under the Access column of the school the user will be allowed to access. Multiple schools can be selected for a User account.

AeriesNet Security05162016 17s.png

To grant access to a school for a User account to be Read only, check off the Access and Read Only option for the appropriate school.

AeriesNet Security05162016 18.png

NOTE: The School Access selections are saved automatically

Group Associations

Group Associations are used for log-in accounts of any type except Admin. The recommended method of assigning permissions to a new User account is to assign a Group Association to the account. A Group Association connects previously set up Group permissions to the User account. This can bypass setting up permissions individually for each user. To associate Group permissions for a User account, click the mouse on the Groups icon.

The following form will display. To add the user to a member of an existing group, click on the Group Name from the list on the left to add that user as a member of the group.

AeriesNet Security05162016 19.png

The form will now display the name of the Group associated under the Group Name column. To remove a Group Association, click the X to the left of the Group name.

Changes will save automatically.

Permissions

The Permissions icon can be used for log-in accounts of any type except Admin. This can be used in conjunction with a security Group. An example would be a User account being part of a Group whose members have no permission to a specific form. This User in the Group needs permissions to that form. To handle this scenario, the Group permission can be applied to the one User account and then under the Permissions tab, the permissions to the additional form can be granted for this one User account. To assign User specific permissions, deselect the Display Current Permissions option under the Permissions tab.

To assign permissions, click on the Permissions icon. The Display Current Permissions checkbox will default to on. When creating a new account, no permissions will display initially. Uncheck it to display all available permissions.

AeriesNet Security05162016 20.png

The form will now expand and display Aeries Web Version tables as well as Read, Insert, Update, and Delete check boxes.

  • Read Allows users to read the data on the form.
  • Insert – Allows users to insert or add data on the form.
  • Update – Allows users to update or change data on the form.
  • Delete – Allows users to delete data on the form.
  • Mass Update – Allows users to mass change data
  • Administer – Special permissions for certain tasks (covered separately in this document)
  • Expiration Date – Used to temporarily elevate a user's permission. Permissions will automatically expire at the end of the date specified. Note: Read permissions do not expire.

These boxes will be used to assign which permissions the user is allowed for each form. To set permissions for the user, click the mouse on the appropriate permission box for each form. If no permissions are to be granted for a form, leave all of that forms corresponding boxes unchecked.

AeriesNet Security05162016 21.png

There are tabs for the Current Year, Last Year, and Before Last Year. To give a user access to prior year databases, permissions must be assigned on those additional tabs. If no permissions are specified for prior years, the user will only have access to the current year. NOTE: If permission to a form is not granted for a user, the user will not see that form on the Navigation tree.

To deny certain permissions to a form, click the mouse twice on the appropriate permissions box. A red X will now display in the box and the corresponding permission will be denied to the user. Note: When a user is granted both Allowed and Denied access to a form, the Deny permission takes presidence. For example, a user may have Allow access to Attendance from a group membership, but Deny access at the user level. In this case, the user will be denied access to Attendance.

AeriesNet Security05162016 22.png

Once all permissions have been set for the user, select the Display Permission Only checkbox. The form will now only display the permissions that have been assigned to the Group, hiding any that have been unassigned.

AeriesNet Security05162016 23.png

NOTE: The permissions selected are saved automatically.

To assign additional table permissions for a user, deselect the Display Current Permissions option to again view the Aeries Web Version security areas.

Search for Existing User Accounts

Once accounts have been created, the Users form can be used to search for existing accounts. To search for an existing account, type the first name, last name, username, or staff ID in the text box and then click the mouse on Search. Any matching account will show under the User Name column. Click on the record shown in the results, to view information for that User. If there are many results, the navigation arrows at the bottom of the form are available for use.

AeriesNet Security05162016 24.png

Change A User Account

After searching for an existing account, an Administrator can make changes to a log-in account by clicking the mouse on the name of the account in the results list.

The account information form will display. To make a change to the account, click the mouse on the Change button and make any necessary modifications. Click the mouse on the Update button to save the changes.

AeriesNet Security05162016 25.png

To Delete an account, click the mouse on the Delete button.

The following message will display. To permanently delete the account, click the mouse on the OK button.

AeriesNet Security05162016 26.png

Emulating a User

Aeries has a feature where an Admin user can login as or emulate another user. After searching for the user, click on the User, then click the Log in as User button to emulate the user.

If the current school is not available to the emulated user, you will be prompted to select which school to log in to. Click Continue if prompted.

AeriesNet Security05162016 27.png

You are now emulating the user, and are able to navigate and view Aeries as if you were the actual user. This is useful when needing to verify security is set correctly for a specific user.

AeriesNet Security05162016 28.png

To return to your account, click the Return to My Login button.

Emulating Parent/Student accounts are also possible. To emulate a parent or student account, navigate to School Info | Portal Management | Manage Parent/Student Accounts and click on the Emulate this Account icon to emulate the account. Parent and Student accounts are covered in more detail in the Parent and Student Account Management document.


PORTAL GROUPS

Portal Groups are security groups used to associate permissions with Parent, Student, Teacher, and Substitute Teacher accounts. There is also a Restricted Portal Accounts group which is used to restrict access to certain parent portal accounts.

To set up Portal Group Security, click the mouse on Portal Groups under the Security node on the Navigation tree.

AeriesNet Security05162016 29.png

The following form will display.

AeriesNet Security05162016 30.png

Select a Portal Group to assign permissions to by clicking the mouse on a Portal Group name.

NOTE: The Substitute Teachers portal group can be given different permissions than Teachers portal group.

Select a School to assign portal group permissions for from the dropdown list. The schools available to select from the dropdown list come from the LOC table.

AeriesNet Security05162016 31s.png

NOTE: You can assign permissions to a Portal Group for one school and then push those same permissions to another school.

Once a Portal Group and School are selected, deselect the Display Current Permissions option to display the Aeries Web Version tables as well as the Read, Insert, Update, and Delete check boxes for each security area. These boxes will be used to assign which permissions the Portal Group is allowed for each table. To set permissions for the Portal Group, click the mouse on the appropriate permission box for each table.

AeriesNet Security05162016 32.png

Once all permissions have been set for the Portal Group, select the Display Current Permissions box and the form will now only display the permissions assigned to the Portal Group.

NOTE: The permissions selected are saved automatically. To assign additional table permissions for a Portal Group, deselect the Display Current Permissions option to again view the Aeries Web Version tables.


TEACHER GROUP ADDITIONAL PERMISSIONS

Additional Group or User permissions can be given to specific teacher's user accounts. In the example below, in addition to the permissions allowed for the Teacher Group, this specific teacher has permissions to Supplemental Attendance Data and to View All Students in Current School. Teachers could also be assigned these permissions via a Group.

AeriesNet Security05162016 33.png

NOTE: if a Substitute Teacher account is created for a teacher who is granted additional permissions, only the Substitute Teachers Group permissions will apply.

FIELD LEVEL SECURITY

Field level security can currently be set up for Groups or Portal Groups. Field level security is used to deny (block) read and/or update rights to specific fields. Field level security is currently available for Student Data, Emergency Contacts, and Staff Data. Field level security is not available when permissions are assigned directly to the user. Deny always takes precedence over any other permissions.

To set up field level security for a Group or Portal Group, click the mouse on the Edit button under the Fields column.

AeriesNet Security05162016 34.png

The following form will display. Permissions to the fields will default to On.

AeriesNet Security05162016 35.png

If the Group or Portal Group only has Read permission, the field security form will only display with a Read column. To Deny a field from being able to be read, click the mouse on the box under the Read column to change the green checkmark to a red X. The members of this Group or Portal Group will no longer be able to read the data for this field on the Student Data form.

AeriesNet Security05162016 36.png
AeriesNet Security05162016 37.png

If the Group or Portal Group has Read and Update, the field security form will display Read and Update columns. To allow Read permissions for a field but deny Update permissions, leave a checkmark in the Read column but in the Update column mark the box with a red X.

With these permissions, the members of the Group or Portal Group will be able to read the data on the form but will not be allowed to update the data in that field.

AeriesNet Security05162016 38.png
AeriesNet Security05162016 39.png

If the Group or Portal Group has Read and Update permissions to deny Read and Update permissions to a field mark both the Read and Update boxes for both fields with a red x. With these permissions, the members of the Group or Portal Group will not be able to read or update the data on the form.

AeriesNet Security05162016 40.png
AeriesNet Security05162016 41.png

NOTE: The permissions set on the field security form are saved automatically.

Users with denied Read permission to a Student Data or Emergency Contact field will not be able to Query that field. Query results for a denied field will bring up the field name.

AeriesNet Security05162016 42.png

RESTRICTED PORTAL ACCOUNTS

The Restricted Portal Accounts Group under Security | Portal Groups can be used to restrict the access given to certain portal accounts. The Restricted Portal Account Group works in conjunction with the Parent Access Restriction fields on the Secondary Student Data (SSD) page.

A portal account can become restricted when certain SSD fields are populated. When a restriction is placed on an account, the portal account will take on only the permissions given to the Restricted Portal Account group and will no longer have the permissions of the Parent Portal Group.

When the SSD restriction is removed from the account associated with the student, the parent account will again look at the Parent Portal Group for permissions.

The Secondary Student Data fields that control this process and trigger the portal account to take on the permissions given to the Restricted Portal Account Group are viewable from Student Data | Other | Secondary Student Data on the Navigation tree.

AeriesNet Security05162016 43.png

The Parent Access Restrictions fields on the Secondary Student Data page include:

Code (SSD.RCD) – The restriction code that identifies why parental access if being restricted. These codes are set up in the Code table.

Buffer School Days (SSD.RDB) – The number of School Days after the first parent is warned about the pending restriction that the restriction goes into effect. This allows time for the parents to resolve the issue before becoming restricted. This value will default to the associated value in COD.N1 in the Code Table for the Code that is entered into the SSD.RCD field. It can be changed from its default value.

Date Warned (SSD.RDW) – The date the parent was first warned of the pending restriction.

Start Date (SSD.RSD) – The date on which the restriction first goes into effect. On this date and afterward, the parent will only have permissions to the portal that are set up in the Restricted Portal Account Group.

1'st 'User Warned (SSD.RUW) – The first account name that was warned of the pending restriction.

SSD restriction codes are set up in the Code Table. To set up SSD restriction codes, click on School Info | Configuations | Update Code Table on the Navigation tree. The following page will display. Select Table SSD and Field RCD.

AeriesNet Security05162016 44.png

Click on Add New Record to add a new restriction code. Enter a code and a description. The description is important as this will be the restriction message that displays to the parent in the portal. A value can be entered in the Amount field. This value will populate the buffer school days field automatically when the code is assigned to a student. Click the mouse on the Save icon to Save the new code.

AeriesNet Security05162016 45.png

Once SSD restriction codes have been setup, a student can be tagged on the Secondary Student Data (SSD) page with a restriction code to prompt a restriction on a portal account. In the example below, the student was given a Library fees owed restriction code. The buffer school days automatically populated with a value of 10 school days since that information was set up in the Code table.

AeriesNet Security05162016 46.png

The first time an account associated with this student logs into the portal they will see the following message displayed.

AeriesNet Security05162016 47.png

After the first login, the Parent Access Restriction fields on the Secondary Student Data page will be updated with values for the Date Warned', Start Date and 1st 'User Warned fields.

AeriesNet Security05162016 48.png

Note: If the Buffer School Days field is left with a value of 0, the restriction will apply immediately.

Once the portal account restriction takes place, the portal account will only be given the permissions that are set up in the Security area for the Restricted Portal Account Group.

To set up the Restricted Portal Account Group permissions go to Security | Portal Groups on the Navigation tree. The following page will display. Click the mouse on Restricted Portal Accounts.

When setting up the permissions for the Restricted Portal Account, only grant permissions to areas you want a restricted portal account to be able to access. Restricted Portal Account permissions can be set up on a school by school basis.

As shown below, the Restricted Portal Account Group for Screaming Eagle High School will only allow a restricted portal account be able to view Student Demographics and Enrollment History at this school while a portal account is restricted.

AeriesNet Security05162016 49.png

If the SSD restriction is removed from a student, the portal account will again look at the Parent Portal Group for permissions.

PUSH PERMISSIONS TO OTHER SCHOOLS

The Portal Group area has a Push Permissions to Other Schools feature. This can be used to push Portal Group security permissions that have been set up for one school and portal group to the same Portal Group at other schools.

After setting up permissions for a Portal Group and school, click the mouse on the Push Permissions To Other Schools button.

AeriesNet Security05162016 50.png

A form will display with the list of schools from the LOC table.

AeriesNet Security05162016 51s.png

To select all schools, click the mouse on the check box below the Push? column.

AeriesNet Security05162016 52.png

To select certain schools, click the mouse on the box to the right of the school name. A check mark will display for the schools that are selected to push permissions to.

AeriesNet Security05162016 53.png

To reselect all schools, click the mouse on the check marked box under the Push? column.

AeriesNet Security05162016 54.png

After selecting the schools to push permissions to, click the mouse on the Push button. The process will complete immediately.

TABLE PERMISSIONS

The Table Permissions form is used to view and modify permissions for Aeries Web Version in table view. This is an alternate way to view and edit permissions. Note: This page only displays and edits Current Year permissions.

To use Table Permissions, click the mouse on Table Permissions under the Security node on the Navigation tree.

AeriesNet Security05162016 55.png

The following form will display with a list of tables.

AeriesNet Security05162016 56.png

The form has a Show option that filters the form by Users & Groups, Users, or Groups. Click the mouse on a Show option.

AeriesNet Security05162016 57.png

The Show Only With Permissions option when selected will only show accounts with permissions.

AeriesNet Security05162016 58.png

To set permissions for a table, click the mouse on the table name in the list from the Table/Content Area.

AeriesNet Security05162016 59.png

Select the appropriate permissions and then click the mouse on the Save Permissions button. The Group or User permissions will be updated with the modifications made.

AeriesNet Security05162016 60.png

SCHOOL ACCESS

The School Access area can be used to assign school access to all accounts on one form.

To use School Access, click the mouse on School Access under the Security node on the Navigation tree.

AeriesNet Security05162016 61.png

The following form will display. The Show Read Only Check Box must be selected in order to see the box to grant Read Only access to the school. The form will display the user name, status and the school numbers on the top.

AeriesNet Security05162016 62.png

Check boxes will display under the columns with school numbers. Moving the cursor over the school number will display the school name.

AeriesNet Security05162016 63.png

The first check box under a school number grants access to the school.

AeriesNet Security05162016 64.png

The second check box under a school number appears if the Show Read Only Check Box option is selected and will be the box to check to restrict access to the school as Read Only.

AeriesNet Security05162016 65.png

NOTE: All changes made on this form are saved automatically.

CONFIGURE PASSWORD REQUIREMENTS

Aeries Web Version User, Teacher, and Parent and Student Portal accounts can have password requirements configured. Setting up these password requirements will force that User Type to update their password on a regular basis. The Aeries Web version Admin user type is not bound by these password restrictions.

To update the password requirements for non-Admin users, select the Configure Password Requirements link. It can be found by clicking on the School Info node and then the Configurations node on the Navigation tree.

AeriesNet Security05162016 66.png

The Configure Password Requirements screen will display.

AeriesNet Security05162016 67.png

Click on the Edit button to update the options on the Configure Password Requirements screen.

Below are the options available:

  • Group To Apply Settings To Select the user type to apply the password requirements to. The Teachers group is the Teacher and Substitute Teacher accounts, the Parents and Students group is the Parent and Student Portal accounts, and the All Others group is any other non-Admin Aeries Web Version users accounts.
  • Enforce Password Rules for this Group – Use this option to turn on the password requirements for the group selected.
  • Force users to Change Passwords Every… - Enter how often the users need to change their password.
  • Days Prior to Expiration to Notify Users – This option is used to give the users a warning message that their password will expire several days prior to the expiration.
  • Minimum Length – use this option to define the minimum character length of the password.
  • Require Special Character – requires that at least one non alpha-numeric character is used in the password. For example, * & % $ # @
  • Require Letters and Numbers – requires that at least one letter and one number is used in the password.
  • Require Upper and Lower Case – requires that both upper and lower case letters are used in the password.
  • New must be significantly different than old – requires that the new password be different than the old

Click on the Save button to save the changes to this screen.

NOTE: When Enforce Password Rules for this Group is first turned on, any Aeries Web Version accounts that were created prior to selecting this option will be forced to update their password on their next log-in.

After the Configure Password Requirements screen has been set up, when a user logs in whose password has expired, the Change Your Aeries Password screen will display.

AeriesNet Security05162016 68.png

A listing of the password rules will display to the left of the Change Your Aeries Password screen. A red message will also be highlighted at the top of the screen indicating that the password needs to be changed. The user will not be able to access any other screen except for the Logout until they change their password.

After the password has been changed a message will display that the password change was successful.

AeriesNet Security05162016 69s.png

If the option to notify the user that the password is about to expire is turned on, then for the defined number of days before the password expires the user will see a red message warning them to change their password above every screen along with a link to quickly navigate to the Change Password screen.

AeriesNet Security05162016 70.png


SPECIFIC ACCOUNT SECURITY

The Security form has several security areas that can apply to certain accounts. The following is an explanation of these additional security areas.

Teacher Specific – View All Students In Current School

This security area only applies to the Teacher Portal Group. It is available under Portal Groups and Users security. If selected for the Teacher Portal Group it will apply to ALL teachers at the school. By granting permissions to this area the teachers in the school will have the ability to access any student in their current school in addition to their own students.

AeriesNet Security05162016 71.png

If selected for a User account for a teacher, only the specific teacher will have the ability to access any student in their current school in addition to their own students.

Edit Account Setting / View Logged In Users

Accounts with Read and Update permissions to the Edit Account Setting/View Logged In Users area will be able to update their own email address, last name and first name under Gear Icon (My Options) | Account Settings. This option is available to all users except parents and students.

AeriesNet Security05162016 72.png
AeriesNet Security05162016 73.png
AeriesNet Security05162016 74.png

Single-Sign-On from 3'rd</sup> 'Party Systems

When users are granted Read permission to the Single-Sign-On from 3'rd 'Party Systems security area they will be able to to log into Aeries Web Version from 3rd party systems like EADMS.

AeriesNet Security05162016 75.png

ADMINISTER OPTIONS

The Admin or Administer option provides admin like abilities to different pages in Aeries Web Version for Users and Groups. The following are the current security areas with an Administer option.

Student Data

The Administer option available for Student Data allows users with this permission to be able to override the rule that a student must be inactive at another school in order to transfer the student. With admin permissions to Student Data a user will be allowed to do student transfers of students who are active at other schools.

AeriesNet Security05162016 76.png

Attendance

The Administer option is an available security level for the Attendance area. This access level is used to limit who can perform the "Initialize ATT/CAR" process. Users given the Administer permission for Attendance will be able to perform the "Initialize ATT/CAR" process.

AeriesNet Security05162016 77.png

Gradebooks

The Administer option to the Gradebooks (Admin Query Only, Tchrs Full Access) area will give users the ability to emulate teacher gradebook access. Users who have been granted this access will be able to see Teacher Emulation | Gradebook on the navigation tree.

AeriesNet Security05162016 78.png

The Administer option to the Gradebook Backups area will give users the ability to backup teacher gradebooks. Users who have been granted this permission will be able to see the Backup Gradebooks node under the School Info | Functions area on the navigation tree.

AeriesNet Security05162016 79.png

Grades

The Administer option to the Grades area will give users the ability to load Grades from teacher gradebooks under the Teacher Emulation node. Users who have been granted this access will be able to see Teacher Emulation | Grades By Teacher on the navigation tree.

AeriesNet Security05162016 80ss.png

Standard Based Grades

The Administer option to the Standards Based Grades area will give users the ability to load Standard Based Grades from teacher gradebooks under the Teacher Emulation node. Users who have been granted this access will be able to see Teacher Emulation | Standard Based Grades By Teacher on the navigation tree.

AeriesNet Security05162016 81.png

Teacher Data

The Teacher Data Administer option will allow school level users the ability to manage Aeries Web Version Teacher accounts for their school. Users who have been granted this security permission will be able to see Manage Teacher Portal Accounts under School Info | Configurations on the navigation tree.

AeriesNet Security05162016 82.png

Parent/Student Portal Accounts

The Parent/Student Portal Accounts Administer option allows a user to be able to manage parent and student accounts. Users who have been granted this permission will see Manage Parent/Student Accounts under School Info | Configurations on the navigation tree.

AeriesNet Security05162016 83.png

Analytics Test Scanning and Scoring

The Administer permission for Analytics Test Scanning and Scoring gives a user the ability to manage Exams. It will also allow users who have been granted this security permission to be able to access Copy Exam Results to Test Table under Aeries Analytics | Testing on the navigation tree.

AeriesNet Security05162016 84.png

Analytics Exam Results

The Administer permission for Analytics Exam Results will allow the user to run Exam Analysis reports. With this permission, users will see the Exam Analysis option on the navigation tree under the Aeries Analytics | Testing node.

AeriesNet Security05162016 85.png

Analytics Dashboard

The Analytics Dashboard Administer option allows a user the ability to share a dashboard with other users.

AeriesNet Security05162016 86.png

Service Learning Data and Log

The Administer permission for Service Learning Data and Log will allow users with this permission to use the Service Learning Hours Approval page to approve or deny hours. A user granted this permission will also see Svc Lrng Approval on the navigation tree under the Service Learning node.

AeriesNet Security05162016 87.png

Service Learning Organizations

The Administer permission for Service Learning Organizations will allow users with this permission to be able to use the Service Learning Organization Approval page to approve or deny an organization. A user granted this permission will also see Svc Lrng Org Approval on the navigation tree under the Service Learning node.

AeriesNet Security05162016 88.png

MASS UPDATE

The Mass Update option will allow a non admin user to be able to mass update data to a table. As shown in the screenshot below, this group has appropriate permissions to the Hearing page and has been given the mass update permission for the Hearing page. The Users in this Group will now be able to mass add medical information to the Hearing page from the Mass Add Medical Tests page.

.

AeriesNet Security05162016 89.png

QUERY CHANGE COMMAND

Query Change Command is now available in Aeries Web Version. Login account Types of Admin, will automatically have permissions to the Query Change Command.

The account Types of User will need security permissions to BOTH Mass Update to the table they will be updating and also the new Query Change Command security area that is now available on all the security pages. For example, the user below has permissions to both Update Student Data, as well as mass update. They will also be able to use the Query Change Command.

AeriesNet Security05162016 90.png

After a Query Change Command is entered, the following Query Change Confirmation message will display. The query statement and the number of records that will be changed will display. Click on the OK button to continue with the query change or the Cancel button to cancel.

AeriesNet Security05162016 91.png

All Query Change Commands are logged in the LOG table with the Aeries Query, the equivalent SQL statement, and the numbers of records changed.




</div> </div>

Video

 




Personal tools
Namespaces
Variants
Actions
Navigation
Category
Toolbox