Requesting LEA Privileged Roles (see School Help Desk roles link below)
LEA Privileged Roles grant the staff member access to all accounts across the PSU. If you are entitled to one of the Priviledged Roles for your LEA/Charter School, you can request it under the Workflow page. [After logging into the IAM Service: 1.Workflow button - left side; 2.Requests - top tab; 3.select desired role's checkbox, (e.g. LEA Help Desk); 4.Submit Requests. You will be asked to enter your 3-digit LEA code as part of the dialog process]. Any requested roles will need to be approved by your district's/school's NCEdCloud LEA Administrator.
The first request for an LEA Administrator role in a district/school will be vetted by NCEdCloud support staff, prior to granting the role. (This is not common other than for new Charter Schools.) Once granted, this role will allow the new LEA Administrator to approve future workflow requests for their LEA/CS, as well as provide access to administrative functions for their district's employees and students. It will also grant them the privilege to access the LEA Administrator web pages where more protected content is available.
Additional roles that can be granted to employees include the LEA Data Auditor Role (primarily for Data Coordinators/Managers to allow them to view user profiles and access data files for all students and employees in their LEA or Charter School), LEA Help Desk, and LEA Student Help Desk roles. The Help Desk role allows a user to lookup an employee or student and reset their password. The LEA Student Help Desk role is the same as the LEA Help Desk role, but only allows access to student accounts.
Approving Role Requests from Other Users
After being granted the LEA Administrator Role for their LEA or Charter School, the Technology/School Leadership will need to identify who else in their district or school needs the provileged roles mentioned above and have them submit workflow requests. Once there is at least one LEA Administrator in a LEA/CS, furture requests will be sent to the LEA Administrators Group (all employees in an LEA/CS with the LEA Administrator role) for approval. Requests can be seen under the "Approvals" tab in the Workflow View. Note that the LEA Administrator Role has ALL privileges and a user with this role does not need any other role. If a Data Manager needs to reset passwords for other employees (possibly in a small LEA or Charter School), they may additionally request the LEA Help Desk Role which gives them that ability.
Managing Users With Privileged Roles
[Note: The commands require an LEA Administrator role to execute. If you are from a Charter School without an LEA Administrator and are entitled to request this role, please follow the instructions on the Privileged Roles page.]
If you are not familiar with how to check who has privileged roles in your LEA or Charter School, the process will require an “advanced search” under your Profiles tab in NCEdCloud. An instruction sheet is provided below, as well as documentation on Revoking privileges and Resetting the OTP.
- Finding Users with Privileged Roles in NCEdCloud
- Revoking Privileged User Roles
- Resetting the MFA One-Time Password (OTP) for Privileged Users
Revoking LEA Privileged Roles