More results...

Generic selectors
Exact matches only
Search in title
Search in content
Post Type Selectors
Search in posts
Search in pages
docs
betterdocs_faq

Role Management – Examples

  • Created on December 16, 2020
Updated on June 23, 2026

20 min to read

Table of contents

Introduction

This guide provides a comprehensive walkthrough of how user roles are configured in Classter. Through practical examples and screenshots, you will learn how role-based permissions control access across modules, menus, mobile apps, and specific data forms. This will help you tailor system access to the responsibilities of different user types such as administrators, teachers, students, parents, and back-office staff.

 

 

Search option

Please note that you can search by any key-word, in any Tab, to find what you are looking for:

 

 

 

Modules Tab

In all User-Role Types (Admins, Employees, Partners, Agents, Students, Teachers), in this Tab you will find all the active Modules from your subscription.

 

 

How it works: By enabling or disabling Modules in this Tab, the system will automatically enable or disable the relevant permissions in all other Tabs.

For example:

In an Admin Role, disabling ‘Billing’ from the Modules Tab

 

 

All relevant permissions are automatically disabled from all the other Tabs.

E.g., in the Menus Tab:

 

 

 

Or in the Privileges Tab

 

 

 

Menus Tab (Portal)

The Menus Tab defines the visibility of system menus and submenus across the Classter Portal (the side-bar menu and access – based on the user/role type)

 

 

This Tab defers per User-Role Type:

 

 

And shows the selected user type Portal menus.

E.g. Admin menus:

 

 

Or Student menus:

 

 

In this Tab, you can:

  • Enable or disable portal menu access per role
  • Customize the menu name (rename)

 

Tip!

  • Hide menus to simplify the user interface for end users’ roles

E.g. Secretary who is working on Academics and Admission only, with all irrelevant menus closed (such as Financial, Library etc.)

 

 

Mobile Menu Tab

The Mobile Menu Tab defines mobile app permissions per role (menu access – based on the user/role type).

 

 

This Tab defers per User-Role Type:

 

 

E.g. Admin mobile menus:

 

 

Or Teacher mobile menus:

 

 

In this Tab, you can:

  • Enable or disable mobile menu access per role
  • Customize the menu name (rename)

 

 

Privileges Tab

The Privileges Tab manages fine-grained permissions for user roles. Here you can define which actions a role can perform across the entire system.

 

This Tab defers per user-role type.

For example, in Admin and Employee types you will find the most privileges, categorized in several sub-tabs:

  • Global Rights
  • Student Profile Rights
  • Teacher Form Rights
  • Employee Form Rights
  • Relative Profile Rights
  • Integrations Role Rights

 

 

While the other types, such as Students, Teachers etc. have less Tabs and privileges, according to the overall available actions based on their role.

E.g. Teachers privileges:

 

 

Each section defines either enable/disable, or View, Create, Edit, and Delete rights for specific actions.

 

 

Global Rights – EXAMPLES

You will find the Global Rights Tab in all Types of Users-Role Types. The contents depend on the overall available actions based on the type.

Below are examples of common permissions and their effects, in an Admin Role

 

 

 

Core SIS

Let us explore how Global Rights work using examples from a typical Admin role. These permissions define what actions a role can perform across various core system entities.

Example Scenarios:

Example – Manage Students:

  • Allowed: Create, Edit, Delete students.
  • Restricted: No restrictions
  • Effect: The admin can Create a New Student, Preview, Edit and Delete students.

 

The Role:

 

 

The output:

 

(Available Actions: Create New, Preview, Edit)

 

(Available action: Delete)

 

Example – Manage Teachers:

  • Allowed: View Teachers.
  • Restricted: Create, Edit, Delete.
  • Effect: The role can only view the Teacher form and cannot act on anything on it. The fields are greyed and unavailable for editing and the Create and Delete buttons are missing.

 

The Role:

 

 

The output:

 

(Create button is missing)

 

(Delete button is missing and fields are locked)

 

Example – Manage _Grades_/Programs:

  • Allowed: View, Create, Edit.
  • Restricted: Delete.
  • Effect: The role can view, create and edit existing _Grades_, but cannot delete them.

 

The Role:

 

 

The output:

 

(Restricting delete access removes the delete button, preventing accidental Grade removals)

 

Security example:

  • Restricted: If a user’s role has no privileges for managing an entity for example, it will even if he/she tries to enter by accessing the URL, the following message will appear.

Unauthorised Request: You do not have permission to access the requested resource due to security restrictions. In order to gain access, please speak to your system administrator.

 

 

Example – Views per:

By checking or unchecking the checkboxes, you can define the privilege of the user role to see or not see the predefined views of students in the Students List.

 

 

  • If privileges are removed for Students per Subject, Grade, Group, Service, Demographic Data, Consents, Use Transportation, Educational Programs, these views will not be available in the student list.

 

 

  • If all these privileges are checked, the user role will have full access to all predefined views in the Students List.

 

 

Additional Global Privileges Examples:

 

 

  • Export/Print list data: Allows users to export student, teacher, and other data lists in Excel, CSV, and Word formats and print them.

 

 

  • Enable Card Issuing: Grants access to re-issue student and employee ID cards from their respective profiles.

 

 

  • Mark students as re-registered/new: Enables the ability to tag students as re-registered or newly enrolled for administrative tracking.

 

 

  • Manage Sessions: Grants permission to edit and delete sessions.
  • View Message History: Provides access to past communications in the message center, allowing users to track conversation history.

 

 

  • Modify _Grades_ in enrolled groups: Controls whether users can update or override _Grades_ in already enrolled classes.

 

 

  • Enable Mass Subject Group Enrollments for Students: Grants access to the Quick Action Bulk enroll _Students_ in mandatory _Subjects_ and _Groups_.

 

 

Billing

Only in Admins or Staff/Employees Roles. Controls user privileges in the Financial section. For the admins this refers particularly on the Student Profile > Financial tab.

 

 

Examples:

  • Enable deleting arrangements: This privilege grants permission to remove financial arrangements from user profiles (e.g., Student Form – Financial tab). If this option is disabled, the delete button in the financial tab will not be accessible.

 

 

  • Allow delete transactions: This privilege allows the user to delete billing transactions such as invoices and receipts. If this privilege is removed, the delete button will not be visible in the billing section, ensuring documents cannot be removed accidentally.

 

 

Admission

Only in Admins or Staff/Employees Roles. Manages access to key actions on student applications and ranking processes.

 

 

Examples

  • Application Modification Right: Any edit actions, related to applications, such as open application data window, edit application, and create new application.

 

 

  • Application view: Read only view

 

 

  • Change application points: This privilege enables users to alter the application points from the ‘Application Data’ window. If unchecked, the points field in the application form will be locked and uneditable.

 

 

  • Change Application Ranking Position: Allows users to modify the ranking position of student applications. If unchecked, the user will not have access to ranking modifications, and the ranking fields will be locked.

 

 

Attendance

Only in Admins or Staff/Employees Roles. Permissions to edit or delete attendance entries.

 

 

Examples

  • Edit attendance: Allows users to change absence/presence/late arrival categories, numbers, verify absences, or conduct formal reviews. If unchecked, users will not see these options in the Attendance List.
  • Delete attendance: Grants permission to remove student absences/presences/late arrivals. If unchecked, the delete button will not be available in any Attendance List/record.

 

Marks & Assessments

Only in Admins or Staff/Employees Roles. Defines privileges related to Gradebook, Annual Results, Assessments/Assignments/Test Quizzes and their outcomes/criteria.

 

 

Examples

  • Allow users to publish assessment marks: Allows users to publish assessment marks to students/parents/marks calculations. If this privilege is disabled, then the users will not be able to publish assessment marks – the below options to Publish assessment marks will be hidden.

List of assessments:

 

 

Assessment marking:

 

 

  • Delete Assessment Marks: Allows users to delete submitted assessment marks. If the privilege is disabled, the user will not be able to delete any assessment quiz marks – delete options will not be available.

 

 

  • Edit Assessment Marks: Allow users to submit or edit any assessment marks. If the privilege is disabled then the below options will be hidden.

List of assessments:

 

 

Assessment marking:

 

 

  • Enable per _Student_ gradebook mode: Users with this privilege will be able to open the Gradebook [Term Marks] “per Student mode”. The below Gradebook view for individual students, instead of viewing all students’ marks in a single grid view per group – subject.

 

 

 

Timetable

Only in Admins or Staff/Employees Roles. Manages permissions for timetable schedule visibility and edits.

 

 

Example:

  • Timetable (View, Edit): Defines whether the user can view or modify the institution’s timetable. You can separately limit access to view and/or edit.

Example with view only (not edit) privilege:

 

 

College (HE only)

Available if the ‘College’ module is enabled in the subscription. Only in Admins or Staff/Employees Roles. Defines access to higher education special functionalities.

 

 

Examples

  • Allow Educational Registration Changes Even When It Leads to New Annual Result Model: Grants permission to modify a student’s educational program even if it results in a different annual result model being applied.

In the example below, this option is disabled, so the system blocks the change.
Attempting to edit and save an educational program triggers an error to prevent invalid model transitions. Error shown: Invalid action – these changes lead to a new curriculum.

 

 

  • Allow Users to Add Subjects Not in Curriculum: Enables users to manually enroll academic _Subjects_ that are not part of the student’s curriculum. If disabled, the following option will not be available.

Student card > Enrollments > _Groups_ & _Subjects_ Tab

 

 

Transportation

Only in Admins or Staff/Employees Roles. Defines access to student transportation settings and exception tracking.

 

 

Examples

  • Can edit “Use Transportation” _Student_ property: Allows modification of the student’s “Use Transportation” field.

 

 

  • Allow user to edit comment of an existing transportation exception: Allows users to update the comment field of an existing transportation route “exception”.

 

 

Protocol

Only in Admins or Staff/Employees Roles. The Protocol section manages secure document handling, numbering, and administrative record tracking.

 

 

Examples

  • Edit Protocol Incremental Number: Allows users to modify the next protocol number in protocol settings.

Recommended: Disabled privilege to avoid duplicates or gaps. Can be used in special cases when we need to manually correct cases.

 

If disabled, the following option will not be available

 

 

 

  • Lock/Unlock Protocol Entries: Grants access to secure (lock) or reopen protocol records. If disabled, the following options will not be available.

 

 

HR Management

Only in Admins or Staff/Employees Roles. Controls actions related to employment contracts, check-in check-outs and other contact or payroll related actions.

 

 

Examples

  • Employment Contract Actions: Grants permission for actions on employment contracts.
  • Flexible Check-In/Out Time Entry: Users can set custom check-in/out times if this privilege is enabled. If not, the Time field is not available.

 

 

  • Create Teaching Session on Check-In: Allows session creation if not automatically connected during check-in.
  • Review, Lock, Approve Check-In/Outs: Users can review, lock, approve, and delete attendance records.
  • Change Paid Minutes: Enables updates to the recorded paid time.

 

Student Profile EXAMPLES

Only in Admins or Staff/Employees Roles. This section defines granular access to the Student Form data and actions, including what a user role can view, edit, or act, in any student form related data, such as personal, academic, financial, admission, statuses etc.

The privileges are organized and grouped based on the student card Tabs and Sections.

Refers to the student card Tabs – Sections and related actions:

 

 

Student Profile

Only in Admins or Staff/Employees Roles. Controls access to essential personal information and educational program action.

(Student Card > Student Profile Tab)

 

 

  • Basic Data, Educational Programs, Contact etc. (View/Edit): View and edit rights per section (e.g. basic data, contact data). Allows users to view and modify basic student details such as name, program, address, phones etc.

Example of view only in basic data and educational programs:

 

 

  • Change Educational Programs: Grants the ability to edit the student’s educational program(s). If unchecked, users will not see the option below to modify educational program fields, such as Grade, Stream, dates etc.

(Please note that other actions related may still apply, such as the change status action, which is a separate action and privilege)

 

 

 

  • Change students’ Status Right: Allows users to update a student’s enrollment status (e.g., Registered, Graduated). If unchecked, the users will not see the below actions:

(Other related privileges may exist and apply in parallel, such as the privilege in which statuses the user can change to. E.g. “Available student statuses for users in the student status change action” privilege)

 

 

 

Demographic Data

Only in Admins or Staff/Employees Roles. Controls access to demographic information such as Nationality, Religion, Tax data, Birth data, ID/Passport, organized per Section.

(Student Card > Demographic Data Tab)

 

 

Example of view only in Demographic – Basic Data:

 

 

Example of none View or Edit privilege in Demographic – Basic Data:

 

 

Certifications

Only in Admins or Staff/Employees Roles. Controls access to students’ certifications functionality.

(Student Card > Certifications Tab)

 

 

Example

  • View/Edit Certifications: Controls view and edit rights in the Student card > Certifications:

 

 

Enrollments

Only in Admins or Staff/Employees Roles. Grants permission to view and edit students’ enrollments to _Groups_, _Subjects_, services, internships and thesis. If only view access is provided, enrollment changes are restricted.

(Student Card > Enrollments Tab)

 

 

 

Financial

Only in Admins or Staff/Employees Roles. Controls visibility and actions in the Student Card > Financial Tab, including views, arrangements, specific elements, discounts etc.

(Student Card > Financial Tab)

 

 

Examples

  • Arrangement Form: Hidden elements. You can hide specific fields (so the users cannot see or edit them) at Arrangement management form, such as the billing plan, collector, discounts, reduction, pricing category, rounding etc.

 

 

 

E.g. if the Collector is selected in the hidden elements, the below field will not be visible:

 

 

  • Arrangements: Controls View and Edit access to the Arrangements management (at the ‘Arrangements’ Tab, in the students’ card – financial). For example, if the Arrangements privilege is set with View only right, the below options will be hidden:

 

 

Admission Data

Only in Admins or Staff/Employees Roles. Controls visibility and actions in the Student Card > Admission Data Tab, including school transfer data, marketing data, admission data, qualifications and applications.

(Student Card > Admission Data Tab)

 

 

Examples

  • General Info – School Transfer Data: Grants view/edit access to the school transfer data section under the admissions data tab. If edit right is unchecked, the users will not be able to Add new or edit existing entries from the section below and if also view right is unchecked, the entire section below will be hidden:

 

 

  • Admission info: Grants view and edit access to Admission Data sub-Tab (e.g., files upload).

 

 

  • Applications Lists: Provides access to view and manage student application entries. If unchecked, this section is not visible in the admissions tab.

 

 

Consents

Only in Admins or Staff/Employees Roles. Controls visibility and actions in the Student Card > Consents Tab, including all the custom student related consents.

(Student Card > Consents Tab)

 

 

Example

  • Consents: Allows the user role to view and edit the Consents section in the student card. E.g. if both edit and view rights are unchecked, the entire Tab option will be hidden:

 

 

Files & Links

Only in Admins or Staff/Employees Roles. Controls visibility and actions in the Student Card > Files & Links Tab, including all the student general files and links linked with this Tab.

(Student Card > Files & Links Tab)

 

 

Example

  • Files & Links: Grants access to view and manage files and resource links uploaded to the ‘Files & Links’ Tab of the student profile. Without this right, users cannot view or interact with attachments. E.g. if the privilege is set to View only, the below options will be hidden:

 

 

Messages

Only in Admins or Staff/Employees Roles. Controls visibility and actions in the Student Card > Messages Tab, including all the communications through the system.

(Student Card > Messages Tab)

 

 

Example

  • Messages: Enables users to access the Messages Tab. Edit privilege has no actual usage at the moment, since no edit privilege is available in the messages. If view is disabled, the entire Tab option will not be visible:

 

 

Medical

Only in Admins or Staff/Employees Roles. Controls visibility and actions in the Student Card > Medical Tab, including SEN and Medical Conditions, Medical Warnings, Examinations & Vaccinations and other general medical information.

(Student Card > SEN & Medical Conditions Tab)

 

 

Examples

  • SEN & Medical Conditions: Provides access to the SEN & Medical Conditions Section in the relevant Tab. Users can view and manage special education needs and medical history. You can hide the entire section or limit only the edit right, so the users will not be able to add new, delete or edit existing SEN & Medical Conditions in the section below:

 

 

  • View Medical Data: If unchecked, the entire Tab option will not be available:

 

 

Academic Progress

Only in Admins or Staff/Employees Roles. Controls visibility and actions in the Student Card > Academic Progress Tab and sub-tabs, marks overview, marks analysis, assessment marks, outcomes, annual results etc.

(Student Card > Academic Progress Tab)

 

 

 

Examples

  • Overall Results: Grants access to year-end and cumulative performance results. E.g. in a Higher Education mode, if the Edit right is unchecked, the actions in the ‘Transcript’ Tab will be disabled as below:

 

 

Transportation

Only in Admins or Staff/Employees Roles. Controls visibility and actions in the Student Card > Transportation Tab, including student routes, exceptions and intentions.

(Student Card > Transportation Tab)

 

 

Examples

  • Student Routes: Grants access to View and Edit rights to the Student Routes sub-tab within the Transportation Tab. Viewing the entire sub-tab and editing existing routes, deleting and adding new ones.

 

 

  • Route Intentions: View and Edit rights at the Student Intentions sub-tab within the Transportation Tab.

 

 

  • Route Exceptions: View and Edit rights at the Student Routes Exceptions sub-tab within the Transportation Tab.

 

 

Signature Requests

Only in Admins or Staff/Employees Roles. Controls visibility and actions in the Student Card > Signatures Tab, including student related signatures requests in pending, signed status etc. and the relevant documents.

 

 

Example

  • Signature Requests: Grants permission to View or Edit (delete) existing student signature requests. If View right is unchecked, then the entire Tab option will not be available.

 

 

Teacher Form Rights

Only in Admins or Staff/Employees Roles. This section defines what user roles can view or edit inside a _Teacher’s_ card.

 

 

Example

  • Manage Financial: Grants permission to View and Edit the ‘Contracts & Financials’ Tab within the _Teacher_ card, including financial data such as contract agreements, dates, prices, work types etc. If View right is unchecked, then the entire Contracts & Financials Tab option will be hidden:

 

 

Employee Form Rights

Only in Admins or Staff/Employees Roles. Controls access to internal employees’ card – messages.

 

 

Example

  • Messages: View and edit right at the Employee Cards – Messages Tab. Edit privilege has no actual usage at the moment, since no edit privilege is available in the messages. If view is disabled, the entire Tab option will not be visible.

 

Relative Profile Rights

Only in Admins or Staff/Employees Roles. Defines what user roles can view or edit in a Relative’s card (e.g., parent, guardian).

 

 

Example

  • Relative Form Rights: Control Profile Fields Visibility. Grants permission to view specific fields in a relative’s profile:
    • Father’s Name
    • Work Occupation
    • Education Level
    • Specialization
    • Degree Title

In the example below, all rights are unchecked, and therefore all related fields are missing from the relative card, either if you open the relative card from the list of relatives, or from the student card.

 

 

While in the example below all fields are visible:

 

 

Reporting Tab

In all User-Role Types. Manages access to Classter default or custom reports across various system areas.

Based on the Role Type (Admin, Student, Teacher etc.), you will find the relevant-associated reports organized by their defined Classter Module (Core, Academics etc.)

 

 

Through this Tab you can:

  • Manage Access to Reports: Controls report visibility across menus and modules, limiting exposure to sensitive or irrelevant data.
  • Activate, Rename, or Hide Reports: Allows administrators to enable, rename, or hide reports according to role-specific policies.
  • Multi-Language Support: If enabled, makes reports available in all active platform languages, assuming corresponding localized versions exist. (This privilege has as a pre-requisite the reports to be translated)

Example

In the example below, we can see the report with Classter Report Name (not editable) Classter_e-Portfolio, Public Name (editable) e-Portfolio, visible by default in the Student Form (recommended not to edit without consulting Classter support), and saved to display across all supported languages.

 

 

 

Important note

⚠️ Please do not change the default location (View in field) of each report without consulting Classter Support first. Most reports are configured to work from a specific section and moving them may cause them to malfunction.

 

Special Settings Tab

In almost all User-Role Types. In Special Settings you will find other global rights, including _Location_ or _Grades_/Programs rights and restrictions across the system, Financial Voucher related and Transportation-Route exceptions related rights.

At Admins or Staff/Employees Roles:

 

 

Examples

  • Program Filtering by _Location_
    Define default values to be used when filtering Educational Programs based on the Alternative Location property (e.g., Primary, High School, Faculty of Medicine).

 

Optionally, allow end users to alter the filter options of the Educational Program’s Alternative Location, offering flexibility in how data is viewed depending on user needs and permissions.

 

 

  • Student Route Exceptions
    Choose which route changes (like Cancel Route or Change Address) are hidden from certain users.

 

 

  • Wider Search Access
    You can allow some users to search for students or data across all grades and locations—no filters applied.

 

 

  • Users can choose whether they can search with or without Location/Grade restrictions.

 

 

Important Note! The user must have a role assigned to him/her. Go to User Accounts > User (user type filtered) to add or edit a role from Bulk Actions.

 

 

  • Custom Filters
    Configure, at the role level, whether users should be restricted when applying filters or searching for entities. This applies specifically to Location, Grade, and Class filters. By enabling this restriction, you ensure users interact only with entities that fall within their designated parameters.
  • Voucher Access
    Choose what kind of vouchers (e.g., financial aid or government subsidies) each role can access or manage.

 

Tags
Administration, Edit, Management, Rights, Roles
Was this article helpful?