Security Roles for Admin Guides for Education
Introduction
Security Roles are the core mechanism for controlling access to student, staff, and institutional data. This is important beccause it establishes security that grants privilege and access to student data. This responsibility falls on the system’s administrator or any administrator account.
What Security Roles Do
A security role is a collection of privileges and access levels that defines what a user can see and do within the system. Instead of setting permissions for every single person, you assign them to roles based on their job function.
The combination of the following two elements determines a user’s access:
Privileges (What You Can Do)
These are the “rights” to perform specific actions on records (data).
- Create: The ability to make a new record (e.g., create a new Student record).
- Read: The ability to view a record (e.g., view a Course Enrollment).
- Write: The ability to change a record (e.g., update a student’s address).
- Delete: The ability to permanently remove a record (e.g., delete a test record).
- Assign/Share/Append: Other technical rights for managing record ownership and relationships.
Access Levels (Where You Can Do It)
This is the scope or extent of the privilege—how broadly the action can be applied. In an educational context, this is critical for data privacy.
| Access Level | Scope of Access | Example |
|---|---|---|
| User (Basic) | Records the user owns or that are directly shared with them. | A faculty advisor can only see the records assigned to them. |
| Business Unit | Records owned by anyone in the user’s Business Unit (e.g., the Chemistry Department). | The head of the Chemistry Department can see all Course records created by faculty within the department. |
| Parent/Child Business Units | Records in the user’s unit and all subordinate units. | A college Dean can see records across all departments under their control. |
| Organization (Global) | All records in the entire Dynamics 365 environment. | The System Administrator or a very senior institutional officer can view all records. |
Importance In Education
In educational institutions, protecting student and staff data is paramount. Security roles help ensure that sensitive information is only accessible to authorized personnel, thereby maintaining compliance with data protection regulations.
Security roles are vital for two main reasons:
Data Privacy (FERPA/GDPR Compliance)
They ensure that sensitive student or staff data is only viewed by the people with a legitimate need to see it, helping you comply with privacy regulations. FERPA (Family Educational Rights and Privacy Act) in the U.S. and GDPR (General Data Protection Regulation) in Europe impose strict rules on who can access personal data, and security roles help enforce these rules.
Productivity
They remove unnecessary clutter from a user’s view. A faculty advisor shouldn’t see system customization options, and an Admissions Recruiter doesn’t need to see the Finance dashboards.
Summary
In short, Security Roles are how you map your school’s organizational hierarchy and job responsibilities to the technical permissions within Dynamics 365.