One of the key security features of ATLAS Cloud is access rights. It is possible to manage and restrict access levels within ATLAS Cloud and therefore control the features that users are able to read, edit and assign.
There are three types of Access available to be assigned:
Read – This permission allows an ATLAS Cloud user (Administrator, Invigilator or Candidate) the ability to view, but not edit or assign. It will be set against a particular area of the system so, for example, Candidates would only be able to view their own information and Invigilators would only be able to view Candidates not Administrators.
Edit – Edit will allow access to edit Candidate’s data (for example passwords, contact information).
Please note, in some cases this does not include Username, Full name and some other fields, as this data may be pulled directly from another system and needs to be edited there.
Edit also gives the right to create or remove folders/groups and create NON Candidate User accounts.
Assign – Assign privileges allow the assignment of tests to Candidates, assignment and movement of credits between folders and creation of Invigilator Keys as well as invigilation of exams.
Within ATLAS Cloud there are two main roles that are assigned to users:
User Administrator – This role is applied to any user with Administrator rights whether it is for invigilation purposes or for administration. All User Administrators will have a Candidate role too.
Candidate – All users within the system are given a Candidate role by default.
Access and Roles against Folders
Access rights and roles are applied at folder level. Each of the folders can be set up with sub folders. To add further folders, see the Creating a Group/Folder section. All roles and access rights to a folder cascade down to sub folders, and users within those folders.
The tree structure is normally set up within ATLAS Cloud with a folder for each of the main types of users: Admin Main, Admin Sub (sometimes this is not used) and Candidates.
If there is testing by an external body there may also be an Invigilators folder.
The Administrators under the Admin Main folder are the key Administrators for an organisation and are able to carry out all administration processes from adding Candidates to setting up other Administrators and assigning tests and credits. They are therefore set up with User Administrator and Candidate roles by default under the Roles tab, with access to the whole of the organisation or business unit on the Access tab.
Within this folder are the actual Candidates who complete the courseware or tests. They are given the Candidate role only. The Candidates folder is by default set up so that students only have access to read their content/tests and have NO Administrator rights. When a Candidate is created, downloaded or imported into ATLAS Cloud they will automatically receive their Candidate Access and Role from the Candidates folder. The Candidate role is seen on the Roles tab and the Access tab shows Read only for access against Candidates.
Please note that all students should ALWAYS remain under the Candidates folder. If a Candidate is added to the Administrator or Invigilator folders this is a breach of security.
This user will invigilate exams only. Invigilators are by default set up with a User Administrator role and given access to Read Candidates only. This enables them to create Invigilator Keys and invigilate tests. They DO NOT have any Administrator rights other than creating Invigilator Keys. On the Access tab the Invigilator shows as Read only against Candidates. The Invigilator will show a User Administrator role, but they have less rights than an Administrator, which are controlled via the access they have to the system, as already mentioned.
Please note that Invigilators are only required for the organisation if the Candidates are carrying out tests certified by an external body, for example ECDL and ICDL.
The Admin Sub folder can be used to set up bespoke Administrator access that is less than a Main Administrator. User Administrator and Candidate roles are applied here, but the access can be pre-defined. The Sub Administrator access can also be used to differentiate access levels for organisations with satellite centres.
The example below illustrates how to set up a bespoke Sub Administrator.
Example of setting up Teachers as Sub Administrators
For this example, imagine three folders are set up within the Candidates folder to simulate three classes. These classes are called IT1, IT2 and IT3. There are also three Admin Sub folders to accommodate these classes. In this example, each class teacher should only have access to administer their own class, including permission to be able to reset passwords, but not the ability to assign tests and credits.
- To set the new permission, the organisation should first be structured to accommodate the change. A new folder is created for each class in both the Candidates folder and the Admin Sub
- To set the access level highlight the folder, in this example the IT1 Teacher folder, and choose the Access tab, before selecting the Edit
After clicking Edit the page will show the organisation’s folder structure on the left.
- The folder to which the user can have access should now be chosen.
- Next the access rights need to be selected from Read, Edit and Assign by ticking the correct boxes. For this scenario, the Teachers need to be able to see their class, therefore they require Read access. They also need Edit access to change Candidate’s passwords. Once the permissions are correct, click the Save button.
The access is then summarised and set. In this case, IT1 Teacher has access to the IT1 folder. This will allow the Teacher of IT1 to see and edit their Candidate’s accounts on ATLAS Cloud. Once the IT1 Teacher logs in they would then only see viewing and editing their student profiles.
Inheriting Access Rights
Folder Structure - Assignments
It is useful to organise Candidates underneath the Candidates folder either by classes (for example Training Room A, B & C or IT1, IT2 and IT3) or qualifications (for example ECDL Extra, ICDL Profile, Health and Safety and Project Management). This enables the Administrator to assign tests by group rather than individually. Candidates will automatically inherit assignments that are set to all of the folders above them.
For a more in depth explanation of assignments, please refer to the Assigning Tests and Limits section later in the document.
Moving Between Folders
Access rights applied to a folder are inherited by the users underneath it. Therefore any users who are moved to a different folder will automatically inherit the access rights of that new folder. This applies to any user within the system. Candidates moved between folders within the Candidates folder will inherit the content/tests from the new folder. An Invigilator moved to the Admin Main folder will automatically be upgraded and receive the access and role of an Administrator.
Please note that Candidates should never be moved into the Admin Main, Admin Sub or the Invigilators folder as this is a breach of awarding body rules.