4.1 Overview Coursedog allows institutions to define user Roles by customizing permissions. These Role Based Access Control (RBAC) permissions dictate what Users are able to see and do in the platform. For example, a Department Scheduler should have different access than an Administrator in the Registrar's Office. Coursedog comes pre-built with a variety of Roles but offers flexibility around editing these Roles and adding additional Roles. Note, it is best practice to add a role for all custom roles. The pre-built Department Scheduler and Instructor roles have pre-defined dashboards that will not update despite changes to permissions. A list of all Role permissions and their implications can be found at the bottom of this article.
4.2 Viewing Roles
Location Scheduling > Settings > Roles
There are several user Roles, including: Super Admin, Admin, Department Scheduler, and Instructor. You may view and edit permissions for each role by clicking on the various toggles next to each Role name. For an outline of these predefined roles and their permissions in Coursedog, click here. We recommend downloading this spreadsheet and using it as a tool to visualize and collaborate on roles.
Overview If your institution needs to add a new role, you can do so by navigating to '+ Add Role'under the 'Roles' tab. Each configurable role allows or limits editing access to Coursedog functionality across the platform in each of the modules (Course Editor, Requests, Reports, Institution Settings, Optimizers, Preference Forms, and Rooms).
Permissions for each functionality in each module can be set to 'Allow' or 'Deny.' Certain permissions additionally have an 'Allow If' statement which is followed by a condition, as seen below.
If you set a permission to 'Allow If' and leave the conditions field blank, this is equivalent to having the permission set to 'Allow.'
The available 'Allow If' parameters are 'User is assigned to department,' 'Term is not historical,' 'Term is current scheduling term,' and 'Allowed terms.'
Additionally, 'Custom conditions' can be built for the 'Edit Sections' permission, and 'User can edit section' can dictate when a role is able to delete sections.
Custom Roles v. Pre-Built Roles
You will see a difference between Custom Roles you create and the Pre-Built Department Scheduler Role.
Pre-built roles have custom views of the left-navigation. For example, you may notice the pre-built Department Scheduler role will not see an 'Optimizer' module on the left nav bar. Custom roles, on the other hand, will always display the standard (comprehensive) list of modules on the left nav bar.
RBAC allows for permission restrictions to be enforced. For example, if you create a custom role and set the 'Run Section Optimizer' permission to DENY, a user with that role will see the 'Optimizer' module in the left nav bar (since this is a custom role) but will not be able to run the Section optimizer (given their permission set-up).
Allowed terms allows you to make role based access control term-specific.
Custom Conditions Custom conditions allow you to build filters dictating when editing a section is permissible.
The Future Actions function allows administrators to change user permissions on a certain date, acting as a one-time trigger to change the permission settings in the Coursedog system. Some examples include cutting off access to the section editor on a certain date or granting access to the editor at the start of term scheduling.
Adding a Future Action
Step One: Select the '+ Future Actions' button.
Step Two: Review/complete the modal.
On the 'Send Date', the roles designated in the 'Roles' field will permanently change permissions to match what is designated in the future action 'Permissions.'
Once this action takes place, the roles are set until manually changed under Roles or until another future action updates them. You can also change the scheduling phase with a Future Action. To learn more about Phases, refer to this article.
After the 'Send Date' has passed, the future action no longer has any functionality. For instance, changing the permissions in a future action that has already occurred does not undo the role change.
If you change the 'Send Date' of a future action that has already occurred, this does not undo the role change; it simply adds a new trigger to update permissions on the new send date.
Step Three: Click 'Add Action'.
Activating Future Actions
Future actions will activate at 12:01 PST on the designated date.
They will only update when the page is reloaded.
If a user does not close their browser, they will not see the change until midnight when the page automatically reloads.
Please include a 24 hour buffer into your future actions to ensure all users see the change on the designated date - or ensure all users reload their browser.
Future actions also have the ability to send emails when the future action is executed:
Users can specify the email subject and email body with a WYSIWYG editor. User's must specify a list of roles to whom the email should be sent to. If no roles are specified, the email will not be sent. Note that the notification will be sent to all users with the specified Role, regardless of Product association. For example, if you detail 'Admins' should be Email Recipients, then any user with the 'Admin' role will receive this notification - even those that may only have access to other products like Events, Curriculum, or Catalog Management.
4.4.1 Deleting Future Actions
Users with the appropriate access may modify or delete Future Actions up until they are executed. When a Future Action is executed on the Send Date, the option to delete the Future Action is removed.
Able to Delete The below image shows a Future Action scheduled to send in the future. It is editable and can be deleted because it has not been executed.
Unable to Delete Once a Future Action is executed, you will no longer have the option to delete the entry as shown below. The action is stored for historical purposes.
4.5 Downstream Implications of RBAC Changes for End Users
It’s important to understand the implications of changing Role Based Access Control (RBAC) permission settings for users who are currently navigating the platform while those edits are made. In short, role setting changes relating to permissions do not take effect in real-time. Any changes to role permissions require a browser refresh in order for such permission edits to take effect for end users. For example, if a particular role initially was allowed to add sections and a user with that role were navigating the platform while you removed the role's access to add sections, the end user would not be faced with that new restriction until they refreshed their browser.
In order to avoid end users continuing to operate under an outdated set of permissions after you have made edits, you should either:
Prompt all users to refresh their browser after you have changed role permissions, or
Not allow access to the platform for 24-hours after your changes have been made (this will result in Coursedog forcing a timeout, which will consequently require a browser refresh when users log in again)
Coursedog offers Role Based Access Control for admins to manage who can and cannot perform specific actions in the Scheduling platform. The tables below detail the specific permissions that you can manage with roles.
This allows a user to make edits to existing roles or create new roles
Ability to create an Allow If conditional, specifying the allowed roles the user is allowed to edit. This allows a restriction where a user can edit Role X and Y, but not edit Role Z. If a user has restricted edit access to roles, they will see only a subset of those roles appear when they visit the Settings → Roles page