Theme
Access Control Module User Guide (Non-Technical)
This guide explains how school admin users can manage access roles, permission visibility, user invitations, and activity history without technical knowledge.
Who should use this
- Principal or institute admin
- IT/operations staff handling user access
- Authorized office users managing user onboarding
Access Control menu map
From the left sidebar, open Access Control. You will find:
- Roles
- Permissions
- Invitations
- Activity Log
Key concepts (simple)
- Role: a named access package (for example, Accountant, Librarian).
- Permission: a specific action right (for example,
students.view,fees.create). - Invitation: email-based user onboarding link with assigned role.
- Activity Log: audit trail of important system changes.
Before you start
Please confirm:
- You can see Access Control menu items.
- Required roles already exist (or you can create them).
- You understand who should get which role before sending invitations.
Common permission requirements in this module:
- Roles page:
roles.view - Permissions page:
permissions.view - Activity log page:
activity-log.view - Invitations menu visibility: typically tied to
users.create
1) Manage Roles
Path: Access Control -> Roles
Use this page to create and maintain role definitions.
Role list features
- Search roles by name
- View number of permissions per role
- View number of users assigned to each role
- Edit and delete actions (based on your access)
Create a role
Path: Access Control -> Roles -> Create Role
- Enter role name.
- Select permissions module by module.
- Use module-level All checkbox for faster selection.
- Click Create Role.
Important behavior:
- Role name must be unique.
- If you do not have permission assignment access, permission checkboxes are not usable.
Edit a role
Path: Access Control -> Roles -> Edit
- Update role name if needed.
- Add/remove permissions.
- Save changes.
Tip:
- Use Reset all only when you intentionally want to clear all currently selected permissions.
Delete a role
Path: Access Control -> Roles -> Delete (trash icon)
System safeguards:
- Super Admin role cannot be deleted.
- A role assigned to users cannot be deleted.
Best practice:
- Before deleting a role, reassign users to another role first.
2) View Permissions Catalog
Path: Access Control -> Permissions
This page is a reference list of available permissions grouped by module.
Use this page when:
- Designing a new role
- Reviewing what actions are available in each module
- Auditing access setup with management
Important note:
- This page is for browsing permissions. Role assignment happens in the Roles create/edit forms.
3) Send and Manage Invitations
Path: Access Control -> Invitations
Use invitations to onboard new users by email.
Send invitation
- Enter recipient email.
- Select role.
- Click Send invite.
What happens:
- System sends an invitation email with an acceptance link.
- Invitation is linked to selected role.
- Invitation is set to expire automatically (7 days).
Validation rules you should know:
- Email cannot already exist as a user account.
- Same email cannot be invited again for the same institute while an invitation exists.
- Selected role must belong to your current institute.
Invitation statuses
- Pending: invitation is active and not accepted yet.
- Accepted: invited user completed account setup.
- Expired: invite passed expiry time.
Revoke invitation
- Click delete icon on invitation row.
- Confirm deletion.
Result:
- Invitation is permanently removed and cannot be used anymore.
4) What Invited Users Do (for admin guidance)
When a user clicks invitation link:
- They see institute name, email, and assigned role.
- They fill:
- full name
- password
- password confirmation
- They submit acceptance.
- System creates account and assigns invited role.
- They get a login button to enter the institute portal.
Important conditions:
- Expired or already-used invitation links are not accepted.
- If account already exists for that email, acceptance is blocked.
5) Review Activity Log (Audit)
Path: Access Control -> Activity Log
Use this page to track important changes across the system.
Available filters
- Search text
- Event type (Created, Updated, Deleted, Permissions Updated)
- Module/log name (for example, Students, Fees, Roles)
What each row helps you see
- Date/time of change
- Event type
- Module where change happened
- Subject (what was changed)
- User who performed the action (or System)
Useful audit examples:
- Check who changed role permissions.
- Verify when role records were created/updated/deleted.
- Review key operational changes before troubleshooting.
6) Recommended workflow for safe access management
- Review permissions list first.
- Create role with minimum required permissions.
- Test role with one non-critical account.
- Send invitation with that role.
- Monitor Activity Log after major access changes.
7) Common issues and quick fixes
Cannot see Access Control menu
- Your account likely lacks required permissions.
- Ask Super Admin or admin to grant role/permission access.
Cannot assign permissions while creating/editing role
- You may not have permission assignment rights.
- Ask admin for
permissions.assignaccess.
Role deletion fails
- Role may be assigned to one or more users.
- Reassign users first, then delete role.
Cannot delete Super Admin
- This is intentional system protection.
Invitation not sent / form error
- Check email format.
- Ensure email is not already registered.
- Ensure role is selected.
Invited user says link is invalid
- Link may be expired or already accepted.
- Delete old invite and send a new invitation.
Activity log seems empty
- Try broader filters (clear event/module/search).
- Ensure you are checking the correct institute context.
8) Good practices
- Follow least-privilege access: give only required permissions.
- Avoid sharing high-privilege roles unless necessary.
- Periodically review role assignments.
- Remove unused invitations.
- Use Activity Log for monthly access audit.