User Access Management in Grado controls what users can see and do once they have accounts. It defines how permissions are grouped, assigned, and managed through roles, ensuring that each user has access only to the features and modules relevant to their responsibilities.
This module follows a Role-Based Access Control (RBAC) model, which groups permissions into roles and assigns them to users — keeping access secure, consistent, and easy to manage.
💡 In short:
User Accounts Management controls who can log in.
User Access Management controls what they can do after logging in.
Access management ensures that users:
See only the modules and data relevant to their role.
Can perform actions appropriate to their job function (e.g., view, edit, approve).
Are prevented from accessing restricted areas or sensitive records.
Proper access configuration reduces administrative errors, improves security, and supports accountability across the system.
Access controls are managed through the Setup > Permissions module. From here, administrators can:
View and edit existing roles assigned to a user
View and edit any direct permissions assigned to a user
Assign permissions by module
Restrict or expand access for specific users
💡 Tip: Review this section only if you have administrative privileges. Unauthorized changes to permissions may affect all user dashboards.
| Concept | Description |
|---|---|
| Role | A grouping of permissions that defines what actions a user can perform (e.g., Registrar, Cashier, Faculty Adviser). |
| Permission | A specific capability such as View Grades, Edit Payments, or Approve Enrollment. |
| Scope | The extent or area of access, such as “own classes only” or “all students.” |
Each role contains a defined set of permissions that can be applied to one or more users. Permissions determine the exact actions available within each Grado module.
💡 Example: A Registrar can view and edit student records, while a Cashier can manage assessments and payments — even if both appear under the same Admin portal.
Grado offers two ways to configure user access:
Role-Based Configuration (Recommended)
Create a role (e.g., Observer).
Select the permissions that apply to that role.
Assign that role to one or more users.
Ideal for departments with multiple users performing similar tasks.
Direct Permission Management
Go to Setup > Permissions and locate user's View/Edit Permissions.
Manually enable or disable specific permissions.
Useful for one-time adjustments or exceptions.
💡 Both methods can be used together — applying a role template first, then fine-tuning permissions for individual users.
Manual permission edits always override role defaults.
Access Management enables admins to:
Define Roles: Create and customize roles under Setup > Permissions.
Assign Roles: Link users to one or more roles.
Edit Permissions: Grant or revoke specific module actions.
Restrict Functions: Limit actions such as Edit Grades, Approve Requests, or Delete Records.
Review Access: Audit existing permissions and adjust when responsibilities change.
Grado provides a default set of roles for common functions, which can be used as is or customized.
| Default Role | Primary Function | Example Access |
|---|---|---|
| System Administrator | Full system access | All modules and setup functions |
| Registrar | Academic and enrollment management | Students, Classes, Programs |
| Cashier | Financial transactions | Assessments, Payments |
| Faculty | Class and grade management | Grades, Class Records |
| Adviser | Student academic guidance | Advisees, Reports |
| Student | Portal access to records | Grades, Schedule |
Custom roles can be created for more specific responsibilities (e.g., Records Officer, Accounting Assistant).
📘 Also read: Configuring User Roles
Regular access reviews help ensure that permissions stay aligned with current staff responsibilities.
At the start of each academic term
After new modules or features are introduced
When staff change departments or roles
After Grado release updates that introduce new permissions
💡 Security Reminder: Deactivated or blocked users retain their assigned roles, but cannot access Grado until reactivated.
📘 Related Article: User Access Lifecycle Summary
Assign roles before enabling individual permissions.
Apply the least privilege principle — give users only what they need.
Review roles annually or when staff assignments change.
Document any role or permission changes for audit purposes.
Avoid assigning the System Administrator role except to trusted personnel.
💡 Tip: Combine task-based roles (e.g., Encoder, Approver) to maintain clear workflow separation and accountability.
User Access Management defines what users can do in Grado. By configuring roles and permissions under Setup > Permissions, administrators maintain secure, organized access across all modules. Properly managed access prevents errors, protects data, and ensures users see only what they need to perform their duties.
