What roles with elevated privileges can an employee request through the workflow process?
Using the workflow process, employees are able to request the LEA Administrator, LEA Data Auditor, LEA Help Desk, and/or the LEA Student Help Desk roles. These requests would typically be granted or denied based on the discretion of the LEA Administrator(s) of the LEA or Charter School. Privileged roles are described briefly below. Further information on these roles is available in the training videos on my.ncedcloud.org.
It is up to each LEA and Charter School to determine which employee(s) should be granted these privileged roles. Keep in mind they do have extra privileges and access to data so you must use careful judgment in granting the roles. Note that anyone who has the LEA Administrator role automatically attains the same privileges as LEA Data Auditor, LEA Help Desk and LEA Student Help Desk, hence it is not necessary for an LEA Administrator to also have the other roles.
The LEA Administrator Role is the highest level of privilege an employee can receive in the IAM Service. Any employee with this role is granted full access to all your LEA’s or Charter School’s student and employee identity data, the ability to enable/disable accounts, change passwords and to request and approve other privileged roles for Administrators, Data Auditors, Help Desk Support, etc. You can have as many employees with these roles as you would like, but just be aware of the access and associated risks. If you have this role, no other roles are needed as their privileges would be redundant. Allowed actions include: Full access to LEA user data (Profiles, data files, viewing and searching). Typically this role would be assigned to the CTO/Technology Director and his/her designated trusted staff.
LEA Data Auditor
The LEA Data Auditor role has two main capabilities: 1) View-only access to student and employee profiles (e.g. View My Students, View My Employees); and 2) Use of the File Access Module where source data files are located and downloadable. CAUTION: Downloaded data files contain highly sensitive data. It is essential that the LEA/CS practice proper handling, storage & disposal of downloaded data files. The LEA Data Auditor role does NOT allow changing another user’s password or disabling/enabling user accounts. If a user with the data auditor role also needs to reset passwords for users, they can request the Help Desk role. Allowed actions include: Viewing and searching user data for the district, access to LEA source and user data files. Good candidates fo this role might include PowerSchool Data Coordinators and staff who are responsible for entering payroll and/or HRMS data.
LEA Help Desk
The LEA Help Desk role allows LEA/Charter School technical staff the ability to perform basic account management for users within their LEA. Allowed actions on all accounts in the LEA include: reset challenge questions, change password and disable account claiming. You might find this role appropriate for technology facilitators, help desk personnel and Media Specialists.
LEA Student Help Desk
Employees with the LEA Student Help Desk role will be able to access the “Help Desk For Students” tab in the Profiles section of my.ncedcloud.org. From there they will be able to perform basic account management for student users within their LEA. Allowed actions on all student accounts in the LEA will include: reset challenge questions, change password, and disable account claiming. You might find this role appropriate for technology facilitators, help desk personnel and Media Specialists.