Permissions
Overview
Users within your Compass portal will require allocated permissions to perform tasks and view content.
Whilst there is the option to assign permissions individually to each staff member, the foundational way in which permissions are assigned is by using the Compass Permission Groups. These groups are used to easily allocate permissions to staff based on their role (or roles) at the school.
The Permission Groups can be seen and managed in your Compass portal, via the Permissions Manager.
Depending on your school's IT systems and processes individuals will be allocated to Permission Groups either within your Compass portal via People Management or your LDAP system (Active Directory, Open Directory or Novell).
Compass Permission Groups
There are twenty-six Compass Permission Groups. Depending on a user's type, they will have at least one of the base permissions groups which will define their standard permissions within Compass:
| User Type | Base Permission Group |
| Parent | CompassParents |
| Student | CompassStudents |
| Staff | CompassStaff |
| Generic CRT Accounts | CompassReplacementStaff |
For staff users, you can then allocate additional Permission Groups to their account depending on the type of tasks they will be responsible for completing within Compass.
Each Permission Group generally has a foundation set of Default and School-Defined permissions. The Default permissions cannot be altered, however your school can change the School-Defined permissions allocated to each Permission Group.
Changes to the School-Defined permissions can be made on the Permissions Manager page of your Compass Portal (in Administration Tools under the cog menu icon).
The below table is a guide to assist your school in allocating staff into the appropriate Permission Group(s).
For a comprehensive list of each Permission Group, their Default and School-Defined permissions, and Individual Permission descriptions, please also refer to the 'Permission Groups' article and/or the 'Individual Permissions' article found under the Sub Articles list at the top right-hand corner of this page.
| Compass Permission Group | Users Recommended |
| CompassAttendanceManagers | Recommended for staff that manage school attendance. |
| CompassBillingManagers | Recommended for staff managing Billing. |
| CompassBusinessManagers | Recommended for Business Managers and staff who manage accounting and/or payments. |
| CompassCommunications | Recommended for staff members who need to receive Compass Communications but do not require the permission level of a CompassSponsor, CompassPrincipal or CompassBusinessManager |
| CompassCustomClasses | Recommended for staff members who are involved in Custom Classes in Compass |
| CompassDailyOrg | Recommended for staff members in the Daily Organiser and/or Timetabler role |
| CompassExecutive | Recommended for staff who need to view-only Executive level data but do not require the permission level of a CompassSponsor, CompassPrincipal or CompassBusinessManager |
| CompassFinanceView | Recommended for staff who need to view-only Finance related data |
| CompassLearningLeaders | For staff who are Teaching & Learning Coordinators and need high level access to curriculum, assessment and reporting modules in Compass |
| CompassNurse | Recommended for staff who need to view and edit medical related data but do not require the permission level of a CompassWellbeing and CompassWellbeingView |
| CompassParents | All parents. |
| CompassPrincipals | Recommended for all Principals and Assistant Principals. |
| CompassRegistrars | Recommended for school Registrars or staff responsible for enrolments, course confirmation and school fees. |
| CompassReplacementStaff | Recommended for Emergency/Temporary Replacement staff. |
| CompassSecretaries | Recommended for attendance administrators and office / administration staff. |
| CompassSponsors | The primary contact person for Compass at the school. Access to all Compass functionality purchased by the school, including administration-level access. We strongly recommend that only a highly select number of staff at your school be allocated to this Permission Group. |
| CompassStaff | Recommended for staff that require limited use such as Canteen, Maintenance, Grounds etc. |
| CompassStudentManagers | Recommended for staff to view personal information of students, without having access to other areas of Compass. |
| CompassStudents | All students |
| CompassSuper | Recommended for staff taking instrumental music and literacy/support classes. |
| CompassTeachingStaff | Recommended for Teaching staff and non-teaching staff at school's discretion. |
| CompassTechnicians | Recommended for School Technicians who need admin access to most areas of Compass. |
| CompassViewAll | Recommended for staff who need to view-only administration and curriculum modules |
| CompassWellbeing | Recommended for Wellbeing staff to provide high level access to Chronicle and student information |
| CompassWellbeingView | Recommended for Wellbeing staff to who need view-only high level access to Chronicle and student information |
Allocating Users to Permission Groups
Depending on your school's IT systems and processes you can allocate users to Permission Groups either in Compass via People Management or in your school's LDAP system (e.g. Active/Open Directory or Novell).CompassLink to your LDAP System
If your school authenticates users via CompassLink to your LDAP system, your school technician will need to create the Compass Permission Groups on your school's LDAP system and ensure that all users accessing Compass have network accounts. Your technician then needs to add the staff to a relevant Permission Group(s), based on their role and responsibilities at your school.
Local Users in Compass
If your school uses Compass to locally authenticate users, your school can allocate users to Permission Groups via their profiles in People Management. Please refer to the 'Review Permissions' section below for further details.
Review Permissions
Individually
You can review the Permission Group and the list of permissions an individual user has via your Compass portal in People Management.To access People Management navigate to the Organisation menu (grid icon) and search for the user within People Management. Open the user's account via the pencil icon and navigate to the tab labelled 'Compass'. At the bottom of the page you will see a list of the user's current Permission Groups and the Effective Permissions.
If the user is locally authenticating with your school's LDAP system (e.g. Active Directory, Open Directory or Novell) the Authentication Mode will be set to CompassLink. To add or remove the user to Permission Groups it is best practice to refer to your school technician to manage it via your LDAP system not via People Management. In this instance, People Management should only be used to check the permissions the user has instead of needing to check your LDAP system.
If the user is locally authenticated their Authentication Mode will be set to Local. For locally authenticated users you should add or remove Permission Groups for the user within Compass, and not your LDAP. To do this, use the dropdown under the 'User Role Groups' heading on the 'Compass' tab to select the Permission Group and click the '+Add' button. Please refer to the Knowledge Base article titled 'CRT - Replacement Staff Accounts' for best practices for replacement staff access.
All Staff Review
To view a list of which users belong to a specific Role Group or Permission you can access an export on the Permissions Manager Page in Administration Tools (cog icon).
Click the 'Exports' option.
Role Groups Export
Leave the 'Role Groups to Export' field as is to export all Groups or choose a specific Role Group from the drop-down. Click 'Generate' and a csv will download to your device.
Permissions Export
Choose the Permission Export to view which staff have a specific permission.
Leave the 'Permissions to Export' field as is to export all Permissions or choose a specific Permission from the drop-down. Click 'Generate' and a csv will download to your device.
Permissions Manager Tool
The Permissions Manager enables schools to view the Default permissions and view and manage the School-Defined permissions within each Compass Permission Group. The Permissions Manager is accessed in your Compass portal via the Tools menu (cog icon) > Administration Tools > Permissions Manager.
The Default permissions are not editable; however, staff with the permission PeopleManagement.EditPermissions can add and remove the School-Defined permissions as required. The Default and School-Defined permissions for each Permission Group will apply to all users allocated to that Permission Group.
Within the Permissions Manager simply click on a Permission Group in the left column to view it's Default permissions at the top right and manage it's School-Defined permissions at the bottom right.
You can view changes that have been made on the 'Audit' tab.
Please Note: To have access to the Permissions Manager page and to manage School Defined Permissions, staff will require both the 'PeopleManagement.EditPermissions' and 'Configure' permissions (both are generally allocated to staff in the Compass Sponsors role group).
Important: Permissions are only refreshed when a staff member logs into Compass. Once a permission change is made, either via Compass or within the school's LDAP system, the user will need to log out and log back in to Compass to refresh their permissions.
Individual Permissions Allocation - CompassApp Groups
To provide individual staff with fine-grained permission allocation on top of their Permission Group, you will need to create additional CompassApp groups within your LDAP system (Active Directory, Open Directory or Novell). Your school's IT team should manage this process. Your school technician can create a new group in your LDAP system, prefix the permission title with CompassApp and add the relevant users to this group.
For a breakdown of all of the permissions available within Compass, please refer to the 'Individual Permissions' article (click the link at the top-right hand corner of this page).
Related Articles
Individual Permissions
Permissions To provide your users with the appropriate access within your portal we have created Compass Permission Groups with their own set of individual Default and School-Defined permissions. The Permission Groups are managed in your Compass ...Permission Groups
Permissions Compass Permission Groups allow you to easily assign the applicable batch of permissions to staff based on their role (or roles) at the school. Allocating staff into a permission group (or multiple groups when applicable) will provide the ...API Key
Overview Your Compass API Key (Application Program Interface) allows a number of programs to push from and pull data to from Compass. It is most commonly used with timetabling programs that use the LISS specification, such as edval and Timetabling ...Managing Staff Phone Extensions
Overview Staff phone extension data can be accessed by staff in the Staff Directory under the 'Community' menu. When viewing the directory, staff will also have the option to download a pdf version. Permissions All staff are able to view the Staff ...Kiosk Child Safety Policy
Overview When using a Kiosk to manage visitor sign-ins at your school, there is Child Safety policy content that displays for the visitor to acknowledge. The content displayed can be updated to suit the requirements of your school's policy. ...