1. Securing Student Management
  2. Assign Data Privileges

Assign Data Privileges

As an IT security Manager, you can assign data access on a secured business object by assigning data profiles to custom roles.

Data is visible to the end user based on the data security conditions defined in these data profiles. You can assign only intended data privileges that correspond to the permitted actions (for example, view, add, or delete) on this data. Or, you can choose to assign full data access on all secured business objects to custom roles by assigning global data profiles and default data privileges to custom roles.

If you created a custom role by copying a delivered role, remove all data security policies that were copied from the delivered role. Thereafter, assign and manage data access through data profiles by using the Manage Application Access task.

Here's how you assign full data access on all security business objects to custom roles:

  1. Sign in as IT Security Manager.

  2. Click Tools > Scheduled Processes.

  3. Click Schedule New Process.

  4. Specify the type as Job.

  5. Select Synchronize Default Data Privileges for Custom Job Roles and click OK.

  6. Click Submit and return to the Scheduled Processes page.

  7. Click Search. The process you just submitted is listed at the top of all scheduled processes.

When the status of the process changes to Completed, all custom roles are assigned with the global data profiles and default data privileges if a more restrictive data profile isn't already assigned to the role.

Here's how you assign restricted privileges for data access:

  1. Sign in as IT Security Manager.

  2. From Student Central, click Search and search for Application Access.

  3. Click Data Profiles and, in the row for the data profile that contains the roles to assign the privileges to, click Assign to Roles.

  4. In the Security Conditions section, select a role. The users in that role are displayed. For each user, in the Privileges column, click Choose Value, and assign the appropriate privileges.

  5. When you're done assigning privileges, click Assign.

  6. Click Save.

Now, when the users with the data profile log in, they can do only those actions on the application pages that their data profiles have privileges for.