User Roles & Permissions
ShulNET uses a role-based access control system to ensure users only have access to features appropriate for their responsibilities. Understanding these roles helps maintain security and proper data management.
Available User Roles
Users can have multiple roles simultaneously. For example, a user can be both a Teacher and a Parent, or a Member and a Teacher.
Admin
Full system access with all administrative privileges
Highest AccessMember
Access to personal member portal and information
Member AccessTeacher
Teaching privileges for Hebrew school classes
Teaching AccessParent
Parent/guardian access to student information
Parent AccessStudent
Student access to their own records
Student AccessRole Permissions
Admin Role
Administrators have complete access to all system features:
Full Access To:
- User Management: Create, edit, delete user accounts and assign roles
- Member Management: Full CRUD operations on all member records
- Student Management: Manage all student and parent records
- Financial Management: Create invoices, record payments, view all financial data
- Event Management: Create and manage all calendars and events
- Yahrzeit Management: Add, edit, delete yahrzeit records
- Email Campaigns: Create and send email campaigns
- Forms: Create custom forms and view submissions
- Cemetery Management: Manage deeds, plots, and interments
- System Settings: Configure membership tiers, tuition rates, payment methods, etc.
- Reports: Access all financial and administrative reports
- API Access: Generate and manage API tokens
Teacher Role
Teachers have access to manage their classes and students:
Can Access:
- Class Management: View and manage assigned classes
- Student Records: View students in their classes
- Attendance: Take and update attendance for their classes
- Grades: Record and update grades for their students
- Assignments: Create and manage assignments
- Progress Reports: Generate report cards for their classes
- Parent Communication: Email parents of students in their classes
Cannot Access:
- Classes they don't teach
- Financial information
- System settings
- User management
- Other teachers' classes or materials
Common Teacher + Role Combinations:
- Teacher + Parent: Teaching while having enrolled children
- Teacher + Member: Member who teaches classes
- Teacher + Admin: School director with teaching duties
Parent Role
Parents have access to their children's information:
Can Access:
- Student Information: View all enrolled children's records
- Attendance: View their children's attendance history
- Grades: View report cards and grades
- Class Schedules: See class assignments and schedules
- Tuition: View tuition invoices and make payments
- School Updates: Receive communications from teachers
- Student Updates: Update emergency contacts and medical information
Cannot Access:
- Other families' student information
- Grade changes or attendance modifications
- Administrative features
- Teacher-only materials
Member Role
Members have access to their personal information through the member portal:
Can Access:
- Personal Dashboard: View their overview and statistics
- Profile: View and update their contact information
- Invoices: View their invoices and payment history
- Payments: Pay invoices online (if enabled)
- Students: View their children's information and update details
- Yahrzeits: View their yahrzeit records and request changes
- Events: View public events and RSVP
Cannot Access:
- Other members' information
- Administrative functions
- Financial reports
- System settings
Student Role
Students have access to their own academic information:
Can Access:
- Personal Dashboard: View their own academic overview
- Class Schedule: See their class assignments
- Grades: View their own grades and progress
- Attendance: See their attendance record
- Assignments: View homework and assignments
- Class Materials: Access teacher-provided resources
Cannot Access:
- Other students' information
- Grade modifications
- Financial information
- Administrative features
Typical Usage:
- Teen students checking their grades
- High school students accessing class materials
- Students viewing their own progress
Multiple Roles
ShulNET supports users having multiple roles simultaneously. This is particularly useful for:
Common Multi-Role Scenarios
- Member + Parent: A member with enrolled children
- Member + Teacher: A member who teaches Hebrew school
- Teacher + Parent: A teacher with their own children enrolled
- Admin + Member: Administrator who is also a member
- Admin + Teacher + Parent: School director who teaches and has children enrolled
Permission Comparison Table
| Feature | Admin | Member | Teacher | Parent | Student |
|---|---|---|---|---|---|
| User Management | ✅ Full | ❌ No | ❌ No | ❌ No | ❌ No |
| Member Management | ✅ Full | 🔒 Own Only | ❌ No | ❌ No | ❌ No |
| Student Management | ✅ Full | ❌ No | 📚 Own Classes | 👨👩👧 Own Children | ❌ No |
| Class Management | ✅ Full | ❌ No | ✅ Own Classes | 👁️ View | 👁️ View Own |
| Attendance | ✅ Full | ❌ No | ✅ Take/Update | 👁️ View Own | 👁️ View Own |
| Grades | ✅ Full | ❌ No | ✅ Record/Update | 👁️ View Own | 👁️ View Own |
| Invoices | ✅ Full | 🔒 View Own | ❌ No | 💳 View/Pay | ❌ No |
| Payments | ✅ Full | 💳 Pay Own | ❌ No | 💳 Pay Own | ❌ No |
| Events | ✅ Full | 👁️ View/RSVP | 👁️ View/RSVP | 👁️ View/RSVP | 👁️ View |
| Yahrzeits | ✅ Full | 👁️ View Own | ❌ No | ❌ No | ❌ No |
| Email Campaigns | ✅ Full | 📧 Receive | 📧 Receive | 📧 Receive | 📧 Receive |
| Reports | ✅ All | ❌ No | 📊 Class Only | ❌ No | ❌ No |
| System Settings | ✅ Full | ❌ No | ❌ No | ❌ No | ❌ No |
Managing User Roles
Assigning Roles (Admin Only)
-
Navigate to Users
From the admin menu, click "Users" to see all user accounts.
-
Select User
Find the user whose role you want to change.
-
Edit Roles
Click "Edit Roles" button.
-
Select Role(s)
Check the boxes for roles you want to assign. You can select multiple roles.
- Admin
- Member
- Teacher
- Parent
- Student
-
Save Changes
Click "Save" to update the user's roles.
Edit Role
Click "Edit" and select the new role from the dropdown.
Save Changes
Click "Save" to apply the new role. Changes take effect immediately on next login.
Creating User Accounts
User accounts can be created in two ways:
From Member Records
- Open a member's profile
- Click "Create User Account"
- System generates temporary password
- User automatically assigned "Member" role
- Additional roles can be added after creation
- Email credentials to the member
Direct User Creation (Admin)
- Navigate to Users → Add User
- Enter name and email
- Select initial role(s)
- Generate password
- Save and send credentials
Best Practices
Security Guidelines
- Limit the number of Admin role assignments to essential staff only
- Regularly review user roles and remove unnecessary access
- Deactivate accounts for staff who leave
- Require strong passwords for all users
- Enable two-factor authentication for Admin users
- Review parent/student role assignments when families leave
Role Assignment
- Assign the minimum necessary roles for each user's responsibilities
- Document why users have elevated permissions (especially Admin)
- Review roles quarterly or when responsibilities change
- Use Member role for all congregation members
- Automatically assign Parent role when linking to student records
- Consider Teacher + Parent for teachers with enrolled children
Training
- Train teachers on their classroom management features
- Provide member portal guides to new members
- Show parents how to view their children's information
- Document role-specific procedures
- Have admins mentor new staff members
Common Questions
Can a user have multiple roles?
Yes! Users can have multiple roles simultaneously. For example, a teacher who is also a parent can have both Teacher and Parent roles. The system combines permissions from all assigned roles.
Can I customize role permissions?
The five standard roles (Admin, Member, Teacher, Parent, Student) have defined permissions in the system. Contact your system administrator or developer for custom permission requirements.
What happens when I change someone's roles?
Permission changes take effect immediately. The user will see different menu options and access levels on their next page load or login.
How do I remove someone's access?
Admins can delete user accounts or remove all roles. Deleting is permanent; removing roles while keeping the account maintains it for potential future use.
Can members see other members' information?
No. Members can only view their own profile, invoices, and yahrzeits. Parents can view their own children's student information. Teachers can view students in their assigned classes. Only Admin role can view all information.
How does the Parent role get assigned?
The Parent role should be assigned when creating or editing a user account for someone who has enrolled children. Parents are linked to specific student records to control which children they can view.
Do students need user accounts?
It's optional. Younger students typically don't need accounts; parents access their information. Older students (teens) can have accounts with the Student role to view their own grades and assignments.
Who can create invoices?
Both Admin and Office roles can create and manage invoices. Members can only view their own invoices.
Related Documentation
- Getting Started - Learn about logging in and navigation
- Managing Members - Creating member user accounts