SSAdmin LogoSlash

SSAdmin

Slash

Docs

HomeDocs
Getting StartedAuthenticationCommunicationUser ManagementScheduleAcademicAssessmentAdministrativeFinanceBackend

Role-Permission Assignments

Connect roles with permissions

Open in R.APPs

Overview

Role-Permission Assignments link roles with the specific permissions they should have. This is how you define what each role can do in the system.

Understanding the Connection

  • Roles define positions or functions (e.g., "Campus Coordinator")
  • Permissions define specific actions (e.g., "read:students", "write:courses")
  • Role-Permissions connect them (e.g., "Campus Coordinator can read:students and write:attendance")

Users assigned a role automatically get all permissions assigned to that role.

Viewing Role-Permissions

The Role-Permissions page shows:

  • Role name and level
  • Permission name (action:resource)
  • Resource and action details
  • When assignment was created
  • Actions (View, Remove)

You can filter by:

  • Specific role
  • Specific permission
  • Resource type

Assigning Permissions to a Role

Method 1: Single Permission Assignment

From Roles Page:

  1. View a role's details
  2. Click "Add Permission"
  3. Select permission from dropdown
  4. Click "Assign"

From Permissions Page:

  1. View a permission's details
  2. Click "Assign to Role"
  3. Select role from dropdown
  4. Click "Assign"

Method 2: Batch Assignment

For assigning multiple permissions to a role at once:

  1. Navigate to Backend > Role-Permissions
  2. Click "Batch Assign Permissions"
  3. Select the role
  4. Select multiple permissions
  5. Click "Assign All"
Use batch assignment when setting up a new role to save time.

Viewing Assignments

View by Role

See all permissions assigned to a specific role:

  1. Navigate to Roles
  2. Click View on the role
  3. See "Assigned Permissions" section

View by Permission

See which roles have a specific permission:

  1. Navigate to Permissions
  2. Click View on the permission
  3. See "Assigned to Roles" section

Removing Permission from Role

  1. Find the role-permission assignment
  2. Click Remove button
  3. Confirm removal

Removing a permission from a role immediately affects all users with that role. They lose that specific capability.

Permission Assignment Strategies

By User Type

Volunteer Roles:

  • Minimal read permissions
  • Limited write permissions for their work area
  • No delete or management permissions

Coordinator Roles:

  • Read permissions for their scope
  • Write permissions for day-to-day operations
  • Some management permissions for their area

Lead Roles:

  • Full read access
  • Write and delete for their department
  • Some settings management
  • Export and reporting permissions

Admin Roles:

  • Full permissions across all areas
  • Settings and configuration management
  • User and role management

By Feature Area

Student Management Feature:

  • read:students
  • write:students
  • delete:students
  • export:students

Academic Feature:

  • write:attendance
  • write:schedules
  • read:feedbacks

Settings Management:

  • manage:campuses
  • manage:events
  • manage:eventeditions
  • manage:sourcingtypes

Common Role-Permission Combinations

Campus Volunteer

Permissions:

  • read:students - View student information
  • write:attendance - Record attendance
  • read:classes - View class details

Use Case: Volunteers at campuses who need to support class operations.

Campus Coordinator

Permissions:

  • read:students - View all student information
  • write:students - Add and edit students
  • write:attendance - Record attendance
  • write:schedules - Manage class schedules
  • read:reports - View performance reports
  • export:reports - Download report data

Use Case: Staff managing student operations at a specific campus.

Academic Lead

Permissions:

  • manage:students - Full student management
  • manage:attendance - Full attendance tracking
  • manage:schedules - Full scheduling management
  • read:reports - View all reports
  • export:reports - Export data
  • write:courses - Manage courses
  • manage:campuses - Campus administration

Use Case: Senior staff overseeing academic operations.

System Administrator

Permissions:

  • All permissions in the system
  • Including manage:users, manage:roles, manage:permissions

Use Case: Technical administrators managing the system.

Best Practices

Permission Assignment

  1. Start Minimal:

    • Assign only necessary permissions
    • Add more as needed
    • Easier to add than remove

  2. Group Logically:

    • Assign related permissions together
    • Complete feature access at once
    • Avoid partial functionality

  3. Test Thoroughly:

    • Create test accounts with role
    • Verify permissions work as expected
    • Check both allowed and restricted actions

Maintenance

  1. Regular Reviews:

    • Quarterly audit of role-permission assignments
    • Remove unnecessary permissions
    • Add new permissions as features are added

  2. Document Rationale:

    • Keep notes on why permissions were assigned
    • Helps future administrators understand design
    • Useful during audits

  3. Version Control:

    • Track changes to role-permission assignments
    • Document major permission changes
    • Maintain change log

Security

  1. Principle of Least Privilege:

    • Only assign permissions actually needed
    • Avoid blanket "manage" permissions
    • Use specific read/write instead

  2. Separate Critical Permissions:

    • Delete permissions assigned carefully
    • Settings management limited to admins
    • Financial permissions separately controlled

  3. Review After Incidents:

    • If security issues arise, review related permissions
    • Tighten permissions if necessary
    • Update documentation

Common Questions

Q: How many permissions should a typical role have?

A: Varies by role. Volunteers might have 3-5, coordinators 8-15, administrators 20+. Focus on what's needed, not a specific count.

Q: Can I assign the same permission to multiple roles?

A: Yes, absolutely. Multiple roles can and should have common permissions like read:students.

Q: What happens if I remove a permission from a role?

A: All users with that role immediately lose that permission. They won't be able to perform that action anymore.

Q: Can a user have permissions from multiple roles?

A: Yes, if a user has multiple role assignments (with different scopes), they get all permissions from all their roles.

Q: How do I give a role full access to a feature?

A: Assign all related permissions for that feature (read, write, delete, manage, export, etc.).

Q: Can I temporarily assign a permission to a role?

A: No, but you can create a temporary role with specific permissions and assign users to it with expiration dates.

Permissions Management

Define and manage system permissions

RBAC Admins

Manage organization membership and unified role assignments

On this page

Overview
Understanding the Connection
Viewing Role-Permissions
Assigning Permissions to a Role
Method 1: Single Permission Assignment
Method 2: Batch Assignment
Viewing Assignments
View by Role
View by Permission
Removing Permission from Role
Permission Assignment Strategies
By User Type
By Feature Area
Common Role-Permission Combinations
Campus Volunteer
Campus Coordinator
Academic Lead
System Administrator
Best Practices
Permission Assignment
Maintenance
Security
Common Questions
Related Topics