Home Base Security/Access Roles and Permissions v1.

(Published July 12 201!" This document provides a high-level overview of the relationship between the security/access roles and permissions for the Home Base applications (i.e., Power chool, choolnet, and Truenorthlogic/T!"#. Power chool is the entry point to all Home Base applications via ingle ign $n ( $# integration between Power chool and choolnet and between Power chool and T!". The following access statements apply to the current Home Base roll-out%
• • •

&ccess and rights to Power chool do not e'uate to access and rights to choolnet &ccess and rights to Power chool and/or choolnet do not e'uate to access and rights to T!" $ is invisible to users, but the $ process includes behind the scenes chec(-offs as users attempt to move between applications that once may have re'uired separate logins.

Home Base Security FAQ #uestion$ How do the user rights and security restrictions in Power chool, choolnet, and T!" relate to each other and how does a district manage the rights and security for each application) Res%onse$ The user rights and security restrictions will be managed separately for each application. *istricts and schools will have the ability to manage each level of user security/access within the district/school. *etails follow% Power chool ecurity/&ccess The Power chool vendor collaborated with the districts during the implementation period to perform local roles-based access setups. +sers will select a lin( to Power chool and be prompted to provide their security information to enable $. *istrict Power chool &dministrators will have defined rights for their district only and no administration rights to choolnet and T!" unless those roles are separately assigned to them. choolnet ecurity/&ccess ,or the initial implementation of choolnet, all Power chool users will be mapped to one of two roles in choolnet% -teacher. or -staff.. choolnet users with the -teacher. role may access student-level data only for those students they are assigned to teach, and users with -staff. role have minimal access to aggregate-level information such as rolled-up reports for their assigned location. "/&s and schools (e.g., district/school data managers or leaders# have the ability to provide higher levels of access to principals, assistant principals, curriculum managers, assessment coordinators and others. ,or more information on the choolnet roles and permissions go to% http%//www.ncpublicschools.org/docs/homebase/getting-ready/implementation/rolespermissions.doc. T!" ecurity/&ccess Permissioned users will access the T!" solution from an
NCDPI/Learning Systems/Home Base v1.0, 7/12/2013

$-enabled lin( in Power chool.
Page 1

T!" may also be accessed from choolnet as shown in the diagram below. !onpermissioned users will see the lin(, but when they clic( on it, since T!" will not recogni0e the user, the user will be ta(en to a login screen that re'uires them to log in as someone recogni0ed by T!". tandard T!" user roles, such as Principal and Teacher, are identified by data imported from payroll and associated with +1* upon entry. &dditional roles, such as /valuator, $bserver and Peer $bserver, may be separately assigned to users from within T!" and associated with +1* upon entry. *istrict T!" ystems administrators have rights to modify user access at the local level. &s with other Home Base application administrators, these rights are defined and active only within the T!" application and limited to their 2urisdiction. &ccess *iagram The following diagram provides a simple view of navigation access and validation within the Home Base environment.


S choolnet

SAML Claims




PowerS chool

S S OE nabled L ink

User submits: • UID • Password Other data such as LEA & role are at tached


SAML Claims


Notes: 1 Sin#le Si#n On $SSO% &ro'ides users with ca&abilit( to access all )ome *ase solutions with a sin#le lo#in to PowerSchool ! Securit( Assertion +ar,u& Lan#ua#e $SA+L% &ro'ides behind-the-scene authentication .or other )ome *ase a&&lications that will o&en in se&arate windows There.ore/ &ermissioned users ma( na'i#ate to and between the o&en solutions " The SSO-enabled lin, allows &ermissioned users to na'i#ate between Schoolnet & TNL once the( ha'e si#ned in to PowerSchool and selected either Schoolnet or TNL

NCDPI/Learning Systems/Home Base v1.0, 7/12/2013

Page !

Sign up to vote on this title
UsefulNot useful