ROLES: Setting Up Roles

Coursedog Support

Modified on: Tue, Dec 10, 2024 at 10:50 AM

Table of Contents

Overview
Viewing Roles
Adding Roles
Downstream Implications of RBAC Changes for End Users
Hard-Coded Logic
Related Articles

Overview

Coursedog allows institutions to define user roles by customizing permissions.
These Role Based Access Control (RBAC) permissions dictate what users are able to see and do in the platform. For example, a Department Scheduler should have different access than an Administrator in the Registrar's Office.
Coursedog comes pre-built with a variety of roles but offers flexibility around editing these roles and adding additional custom roles.
When you have a user who needs different permission settings for different products, it is best practice to create a custom role for them, rather than to assign multiple roles.
The pre-built Department Scheduler and Instructor roles have pre-defined dashboards that will not update despite changes to permissions. Consequently, the instructor dashboard has been discontinued for most institutions.
A list of all role permissions and their implications can be found here.

Viewing Roles

Overview

PATH: Scheduling > Settings > Roles

Five roles come pre-loaded in Coursedog: Super Admin, Admin, Department Scheduler, Instructor, and Staff.
You may view and edit permissions for each role by clicking on the various toggles next to each role name.
Unless your institution is using the Instructor Dashboard, you likely do not need to use the Instructor role.
For an outline of these predefined roles and their permissions in Coursedog, click here. We recommend downloading this spreadsheet and using it as a tool to visualize and collaborate on roles.

Adding Roles

Overview | Permission Options | Conditional Permissions | Custom Roles v. Pre-Built Roles

Overview

If your institution needs to add a new role, you can do so by navigating to “+ Add Role” under the “Roles” tab. Each configurable role allows or limits editing access to Coursedog functionality across the platform in each of the modules (Course Editor, Preference Forms, Instructor Dashboard, Rooms, Buildings, Reports, Institution Settings, Optimizer, Relationships, and Rollovers).

Permission Options

Permissions for each functionality in each module can be set to “Allow” or “Deny”. Certain permissions additionally have an “Allow If” statement which is followed by a condition, as seen below.

Conditional Permissions

Overview | Allowed Terms | Custom Conditions

Overview

If you set a permission to “Allow If” and leave the conditions field blank, this is equivalent to having the permission set to “Allow”.
The available “Allow If” parameters are “User is assigned to department”, “Term is not historical”, “Term is current scheduling term”, and “Allowed terms”.
Additionally, “Custom conditions” can be built for the “Edit Sections” permission, and “'User can edit section” can dictate when a role is able to delete sections.

Allowed Terms

Allowed terms allows you to make role-based access control term-specific.

Custom Conditions

Custom conditions allow you to build filters dictating when editing a section is permissible.

Custom Roles v. Pre-Built Roles

You will see a difference between Custom Roles you create and the Pre-Built Department Scheduler Role.
Pre-built roles have custom views of the left-navigation. For example, you may notice the pre-built Department Scheduler role will not see an “Optimizer” module on the left nav bar. Custom roles, on the other hand, will always display the standard (comprehensive) list of modules on the left nav bar.
RBAC allows for permission restrictions to be enforced. For example, if you create a custom role and set the “Run Section Optimizer” permission to DENY, a user with that role will see the “Optimizer” module in the left nav bar (since this is a custom role) but will not be able to run the Section optimizer (given their permission set-up).

Hard-Coded Logic

There is some hard-coded logic in Coursedog that is tied to prebuilt roles.

Page Visibility by Role

The below table breaks down what the Academic Scheduling product looks like for prebuilt roles on a role-by-role basis.
Anything with a checkmark is visible by the listed role; if there isn’t a checkmark, that means the prebuilt role cannot view the page in question even if you try to configure related settings to “Allow”.

Page Name	Super Admin	Admin	Department Scheduler	Instructor	Staff
Home	✔	✔	✔	✔	✔
My Schedule				✔
My Forms				✔
Requests	✔	✔	✔		✔
Section Dashboard	✔	✔	✔		✔
Preference Forms	✔	✔	✔		✔
Reports	✔	✔	✔		✔
Relationships	✔	✔			✔
Rooms	✔	✔	✔		✔
Buildings	✔	✔	✔		✔
Rollovers	✔	✔
Optimizer	✔	✔			✔
Rules	✔	✔			✔
Settings	✔	✔			✔

Downstream Implications of RBAC Changes for End Users

It’s important to understand the implications of changing Role Based Access Control (RBAC) permission settings for users who are currently navigating the platform while those edits are made. In short, role setting changes relating to permissions do not take effect in real-time. Any changes to role permissions require a browser refresh in order for such permission edits to take effect for end users. For example, if a particular role initially was allowed to add sections and a user with that role were navigating the platform while you removed the role's access to add sections, the end user would not be faced with that new restriction until they refreshed their browser.

In order to avoid end users continuing to operate under an outdated set of permissions after you have made edits, you should either:

Prompt all users to refresh their browser after you have changed role permissions, or
Not allow access to the platform for 24-hours after your changes have been made (this will result in Coursedog forcing a timeout, which will consequently require a browser refresh when users log in again)