This page is a draft and may contain incomplete or inaccurate information
Roles are defined by the district to represent the basic functions, responsibilities, or tasks of users in the district. Each role is granted one or more "Permissions", each of which allows a specific functionality within the software. For example, there are separate permissions which allow create, update, delete, and/or view access to each main interface in the system. Each user is then assigned one or more roles, thus granting them the permissions related to those roles.
When creating roles you cannot use an underscore in the role id. Underscores are reserved for SSDT created roles. You cannot edit or delete roles that contain underscores (the SSDT standard roles).
The Classic USPS Roles are available in the Redesign as well as other SSDT Roles created specifically for the Redesign. To see a listing of the permissions associated with the SSDT Classic Roles, click here.
|Redesign Role||Classic USPS Identifier||Definition||Granted|
|N/A||OECN_SYSMAN||Class Sysman Manager Role|
|GROUP_MANAGER||OECN_USPS_GM||Classic USPS Group Manager Role|
|STANDARD_USER||OECN_USPS||Classic USPS Standard Role|
|STANDARD_READONLY_USER||OECN_USPS_RO||Classic USPS Read-Only Role|
|USPS_LEGACY-ATTENDANCE-USER||OECN_USPS_ATTEND||Classic USPS_ATTEND Standard Role|
|LEGACY_DATES_USER||OECN_USPS_DATES||Classic USPS_DATES Standard Role|
|LEGACY-DATES-READONLY-USER||OECN_USPS_DATES_RO||Classic USPS_DATES Read-Only Role|
|LEGACY-EMIS-USER||OECN_USPS_EMIS||Classic USPS_EMIS Standard Role|
|LEGACY-EMIS-READONLY-USER||OECN_USPS_EMIS_RO||Classic USPS_EMIS Read-only Role|
|PERSONNEL_USER||OECN_PPS||Classic PPS Standard Role|
|PERSONNEL_READONLY_USER||OECN_PPS_RO||Classic PPS Read-Only Role|
The following Roles can not be modified or added to:
While each user's classic identifier will be imported into the Redesign, roles may be further defined by the entity. Below are a few examples of new roles that may be created in the Redesign:
Optional Permissions to grant:
For USPS-R, the Auditor user account can be set to the role of USPS_STANDARD_PAYROLL_VIEW.
For Auditor's to access File Archive, they can be granted:
Added to Roles:
Any other Role will need to add USPS_STANDARD_CODE
To give access to only Compensation, grant them USPS_STANDARD_COMPENSATION. This will give them access to View, Update, Create and Delete (Archive). Have the option to only grant them certain ones by using:
District Audit Job and SOC1 Audit Job
User must have the required permission, USPS_STANDARD_AOS and MODULE_FILE_AUDITREPORT , to schedule SOC1AuditJob or DistrictAuditJob in Job Scheduler.
Standard and GM roles will include the following below: (This will be on the 6.27 Release 08/12/2022)
USPS_STANDARD_PAYROLL_VIEW is the role needed to run Employee Earnings Register.
Home Page - Highest Check Number(s)
User must have USPS_MANAGER_BANKACCOUNT_VIEW & USPS_STANDARD_PAYMENTTRANSACTION_VIEW to see the grid below:
Kiosk User Permissions
User must be granted USPS_STANDARD_PAYMENTTRANSACTION_VIEW which is included in the STANDARD_READONLY_USER role. But if the user doesn't have this role, then they will need granted to the USPS_STANDARD_PAYMENTTRANSACTION_VIEW.
The permissions below may be granted to other roles as desired by the school district.
- ADMIN_MASSCHANGE_EXECUTE - able to run/execute any pre-existing Mass Change definitions but cannot create new
Single-Object Audit Report
To see the Single-Object Audit report, listed under many of the Core objects, it is visible to users with GROUP_MANAGER role or higher. Can be granted to STANDARD_USER using the permission MODULE_AUDIT (this will also grant them to Reports/Audit Report)
Permissions to Change User Password
Currently a custom USPS Password role would require these three permissions:
**NOTE** On the Role view, for any existing role that had USPS_STANDARD_POSITION_* assigned, the role should now also include the equivalent compensation role. For example, if a role was assigned USPS_STANDARD_POSITION, it should now also have USPS_STANDARD_COMPENSATION. If a role had USPS_STANDARD_POSITION_VIEW, it should now also have USPS_STANDARD_COMPENSATION_VIEW, etc.
To give full access to only Position, grant them USPS_STANDARD_POSITION. This will give them access to View, Update, Create and Delete. Have the option to only grant them certain ones by using:
SSDT User Listing Report
If employee doesn't have Admin privilege's, you can add the Permission of 'USPS_ADMIN_USER_REPORT.
Employee's that have USPS_STANDARD, will have access to Workflow.
Administrators (Admin) will automatically have this permission by default through the USPS permission they have. Other employee's can be given the USPS_WORKFLOWS_ADMIN permission under Roles this includes USPS-GM employees.
If other employee's need access to the Workflow, USPS_STANDARD_EMPLOYEE role will give access to the Employee OnBoarding
- USPS_STANDARD_EMPLOYEE_VIEW only allows to view Workflows (does not show the 'Start Onboard Process' button)
- USPS_STANDARD_EMPLOYEE_CREATE and _VIEW will allow to view, create and delete new Employee OnBoarding
- Users can edit other users created employees but CANNOT delete other users created employees
W2 Reports>W2 Archive Individual and W2 Mailable Forms
Employee's with only STANDARD_READONLY_USER privilege, will NOT be able to see/run W2 Archive Individual and W2 Mailable Forms. The user will need granted, USPS_STANDARD_FEDERAL_CREATE privilege, to see/run all W2 Report Options.
Menu Permissions List
Click here for a list of permissions for each menu option.
Permissions allow a user to perform certain functions within the software. Permissions are set up in a hierarchy. Granting access to the top level grants all the access below it. For example, employee's granted the USPS_STANDARD role have the ability to access 'payroll' related modules and some reports. Can create, delete, update and view:
**Execute - Example - (ADMIN_MASSCHANGE_EXECUTE) you can execute any mass change definition that someone else has created or imported, including the SSDT. This limits what you can do to a much safer 'subset'.
**Creator - Example - (ADMIN_MASSCHANGE_CREATE or ADMIN_MASSCHANGE) can make up any mass change definition they want and execute it against the database. Obviously, "with great power comes great responsibility", so this is a much more powerful, useful and potentially dangerous role.
In order to utilize the payroll software, your ITC must provide you with the necessary privileges to run the programs. You may have certain employees in your district who need to utilize the contract information and other employees that are only involved with reporting EMIS data on staff members, and should not be allowed to see contract information. USPS provides security mechanisms to allow your ITC to grant what is called an "identifier" to each user. In this system, the user can be granted a "USPS" identifier and/or a "Personnel" identifier. The "USPS" identifier allows the person access to all fields in the system pertaining to the contract information. The "Personnel" identifier would be granted to the person who should only see the fields which need to be maintained for reporting information for EMIS, which would exclude information pertaining to the contracts and other specific payroll data. An employee can also be granted identifiers to access both types of data, which is typical for the Treasurer in the district.
Custom Grid Creator
An easy way to find what is available under the 'Parent' roles, go to Utilities/Custom Grid Creator and choose Permissions. From here you can use the search bar 'Parent' and for example, enter in USPS_STANDARD. This will bring up all available permissions listed under USPS_STANDARD.
Then you can create a 'Report' of all the Id's available under 'USPS_STANDARD':
Example of a Permission Report
Create a Role
- From the System menu select 'Role'
- Click on
- Enter in an Id and description.
- Grant the Role Permissions
Highlight the desired available permission
To select more than one permission at a time hold the control key and click on each one
To select more than one permission in consecutive order highlight the first permission, hold the shift key and highlight the last permission
Click the arrow to the right to assign a permission and click the arrow to the left to unassign a permission
Click onto create the Role, click on to not create the Role and return to the Role grid
Search for a Role
The Role grid allows the user to search for existing account filters by clicking in the filter row in the grid columns and entering in the desired information. Click on any row of the search results to see a summary view of the record. The Advanced Search can be utilized by clicking on the in the upper right side of the grid.
Edit a Role
Click on thein the grid beside the Role to edit it. Only fields that are allowed to be edited will be displayed. Any user that is granted the Role that is being updated will automatically assume the updates done to that Role once the changes are saved.
Delete a Role
Click onin the grid beside the desired Role . A confirmation box will appear asking to confirm that the Role should be deleted.