Role-Based Access Control (RBAC)

EducaSphere uses a robust RBAC (Role-Based Access Control) system to ensure that users have exactly the permissions they need to perform their duties, and no more.

Roles Directory

Navigate to Portal > Users > Roles to manage access levels.

Types of Roles:

System Roles: Pre-defined roles (e.g., "Super Admin", "School Principal") that cannot be deleted. These ensure core platform functionality.
Custom Roles: Tailored roles created by your institution (e.g., "Department Head", "Volunteer Coordinator").

Managing Permissions

Creating a Role

Click Create Role.
Provide a Name, Code, and Description.
Set a Priority Level (used to resolve permission conflicts).

Assigning Permissions

Permissions are granular and grouped by module. To edit permissions for a role:

Select Permissions from the role's action menu.
Toggle specific abilities (e.g., academic.years.create, students.records.view).
Permissions can be set to Allow, Deny, or Inherit.

Scope of Authority

Permissions in EducaSphere can be scoped:

Global: Applies across the entire tenant.
School-Specific: Applies only within a specific school.
Campus-Specific: Restricted to a single campus.

Security Principle

Always follow the Principle of Least Privilege. Only grant users the minimum permissions required for their specific job functions.

Roles Directory​

Types of Roles:​

Managing Permissions​

Creating a Role​

Assigning Permissions​

Scope of Authority​