- 21 Nov 2024
- 16 minute read
- Print
- DarkLight
- PDF
System Permissions
- Updated 21 Nov 2024
- 16 minute read
- Print
- DarkLight
- PDF
The term “system permissions” refers to the levels of access and control for Slate features and functions. These permissions are granted to your users based on their roles and responsibilities throughout the organization, but the permissions can be customized to suit the needs of different user groups, and they can be updated as needed to reflect changes in organizational structure or business requirements.
Overall Recommendations
Be conservative. Keep permissions conservative and use more granular permission settings in the modules themselves (granting permissions on event templates, deliver templates, tabs, queries, and so on).
Document permissions. As you start grants permissions at a more granular level, keep an ongoing document of where these permissions have been added. Slate does not have a way to query where permissions have been granted, so it may be easy to lose track without documenting the changes. You can however, query the users who have certain permissions, roles, and realms.
Consolidate. Consolidate program-specific custom permissions and use population permissions instead.
Avoid the “edit all users" setting. Non power users should not be granted a permission with the “(edit all users)” feature included. Remove these permissions in favor of the similar permission setting that does not include “(edit all users).”
Permission Descriptions
Permission | Description |
---|---|
Active Scheduler Administrator | Enables creating and editing active scheduler blocks for other users.
|
Application Decide | Enables adding, confirming, assigning letters, and releasing decisions individually from the application record. Also grants access to Decision Management if the user has read access for a query.
|
Application Decisions (View) | Enables the user to see decisions and the decision section on an applicant’s record. If given query access, decisions can still be queried. |
Application Lookup | Enables read access to view all data on an application tab on the student record.
|
Application Lookup (Active Period Only) | Grants read access to view all data on an application tab on the student record if the application is associated with an active application period.
|
Application Review Forms | Grants access to view an application's submitted review forms.
|
Application Update | Grants write access to application data, including updating the application round, application scoped fields, submission status, activities, and checklist items.
|
Audit Log | Grants access to view the Audit Log for a person record.
|
Batch Acquire | Grants access to upload documents and associate them with a record within Batch Acquire.
|
Bin Management | Grants access to the Bin Management tool to batch assign reader bins and queues for applications included in a query. The user must also have read access to the query.
|
Consolidate Records | Grants full access to the Consolidate Records tool, including the compare tool and the ability to merge records that appear as potential matches.
|
Custom SQL | Grants the ability to view and edit the SQL tab in the Form Builder, to create and edit custom SQL queries, and to create and edit individual custom SQL exports and filters in the Query Builder tool.
|
Database | Enables access to all Database items, Ping, Decision Letters, Application Editor, and Standard Query Library. |
Dataset Lookup | Grants read access to dataset record data.
|
Dataset Update | Enables write access to dataset record data.
|
Deliver | Enables creating Deliver messages and editing Deliver messages associated with the user account. Grants access to the Email Gateway Inbox to view emails sent by this user.
|
Deliver (edit all users) | Enables creating Deliver messages and editing any Deliver message, regardless of the user. Grants access to the SMS Inbox and the Email Gateway Inbox to view messages sent by any user.
|
Deliver Content Blocks (previously called “Snippets”) | Enables creating and editing existing Mailing Content Blocks.
|
Deliver Outbox | Enables placing a Deliver message in the Outbox.
|
Deliver Send | Send or stop Deliver messages.
|
Engage | Deprecated version of Deliver |
Engage (All Access) | Deprecated version of Deliver |
Events | Enables creating, accessing, and editing events associated with the user account. (Note: this only applies to user1, and not user2)
|
Events (edit all users) | Enables creating, accessing, and editing any event, regardless of the user.
|
Events (Slate.org) | Enables creating, accessing, and editing Slate.org events.
|
File Editor | Grants access to the File Editor.
|
Financial Aid | Grants access to the Financial Aid checklist and the Financial Aid query folder.
|
Forms | Enables creating, access, and editing forms associated with the user account.
|
Forms (edit all users) | Enables creating, accessing, and editing forms, regardless of the user.
|
Giving Lookup | Grants read access to the Giving tab.
|
Giving Update | Grants write access to the Giving tab.
|
Giving Update - Change Gifts | Enables editing a gift without requiring a reversal.
|
Giving Update - Opportunities | Enables creating and updating Opportunities.
|
Import | Grants access to import files using Upload Dataset.
|
Inbox | Grants access to Message Inbox.
|
Inbox Live Configuration | Grants access to configuring a chat bot. |
Inbox Snippets Admin | Grants admin access to Inbox Snippets. |
Interactions | Grants access to add and update Interactions on the Timeline tab of the person record.
|
Interviews (now known as Scheduler) | Enables creating interview slots and accessing and editing interviews associated with the user account.
|
Interviews (edit all users) | Enables creating interview slots and accessing and editing any interview, regardless of the user.
|
Manage Shared Views | Enables sharing custom views such as schools, jobs, and more.
|
Payment History | Grants access to the Payment History page.
|
Payment Interactions | Grants write access to Payment activities and interactions.
|
Payment Refund | Grants write access to Payment refunds.
|
Person Impersonate | Enables impersonating an application record. Impersonation also requires the Application Update and Person Update permissions.
|
Person Lookup | Grants read access to view a person record.
|
Person Lookup (Active Only) | Grants read access to view a student record that is configured as Active.
|
Person Lookup (Unmask Test Optional Scores) | Grants read access to view a student record's optional test scores without masking.
|
Person Update | Grants write access to person data, including the ability to update biographical data, interactions, and person-scoped fields.
|
Person Update (Verified Scores) | Grants write access to create and edit verified test scores.
|
Predict | Deprecated |
Portal Editor | Grants access to the Portal Editor.
|
Projects | Grants access to Project.
|
Query | Grants access to the Query module. Enables creating queries and running or editing queries associated with the user account.
|
Query (Configurable Joins - Base Access) | Grants access to using Configurable Joins Query Bases to start a query. Enabling the starting a query using Configurable Joins query bases can be granted in masse, or on a base-by-base basis. Bases to which a user has been granted access can also be used as the base of Independent Subqueries.
|
Query (Configurable Joins – Join Access) | Grants access to joining to the specified table within a Configurable Joins Query. Access to joining specific tables can be granted in masse, or on a table-by-table basis. Joins to which a user has been granted access can also be used as the base of Independent Sub-Queries.
|
Query (edit all users) | Enables creating, running, or editing any query, regardless of the user.
|
Query (Slate Template Library) | Grants access to Export and Filter resources in the Slate Template Library (Legacy) while using the Query Builder.
|
Query (System Folder) | Grants access to queries in the System folder.
|
Reader | Grants access to the Reader.
|
Reader Classify | Grants access to Classify in the Reader.
|
Record Lookup | Grants access to search for specific types of records within the Records tool. With the checkbox for Record Lookup cleared, an Expand Permissions link appears. Clicking the link opens a list of all record types for individual selection. |
Reference Impersonate | Enables accessing a recommendation form from the student’s record.
|
Relationship Lookup | Enables viewing relationship data on a person record.
|
Relationship Update | Grants write access to create and edit relationship data on a person record.
|
Release Decisions | Grants access to the Release Decisions module, including the ability to confirm decisions, assign letters, and release decisions in batch.
|
Research (Edit Configurations) | Enables editing research configurations. |
Research (Edit Data) | Enables editing research data. |
Research (Edit Verified Data) | Enables editing verified research data. |
Research (View Data) | Enables editing research view data. |
Retention Policy Editor | Grants access to the retention policy editor.
|
Retention Policy Editor - Edit All | Grants access to edit all policies in the retention policy editor.
|
Retention Policy Editor - Execute All | Enables executing all policies in the retention policy editor.
|
Rules Editor | Grants access to the Rules Editor.
|
School Official Impersonate | Grant access to school official impersonation for population-based application permissions. |
Support Ticket Access | Enables viewing support desk tickets associated with your institution.
|
Slate Scholar Content | Grants access to customize Slate Scholar content (the lightbulb on the top right corner of most pages). This could be particularly helpful to create documentation for users to review while on specific pages of your database. |
Switchboard | Grants access to the Slate Voice Switchboard.
|
Workflow Editor | Grants access to the Workflow Editor, which is the all-in-one Reader build tool.
|