QuercusPlus System Administrator’s Guide to Application Roles<>

Understanding application roles

What are application roles?

The Quercus system is designed for use by different groups of users within your institution’s environment. For example academic staff, admissions and registration personnel, clerical staff, course administrators and finance personnel.

Each of these groups may require access to different parts of the system. In addition, groups may not be allowed to access data records outside their specific area.

To manage this requirement Quercus provides a number of application roles. An application role specifies which screens a role-member can access within the QuercusPlus Classic Interface and which options he or she can access.

Security and application roles

Application roles work in conjunction with LDAP roles and the Quercus content-based access control within the Quercus security model.

application roles control what screens you can access in Quercus Classic Interface

LDAP roles control what operations (e.g. view, update, delete) you can perform on the data

content-based access controldetermines what data you can access (e.g. only the data from my courses, only the data from my organisation, all data)

» See the Online Results Entry Administrator’s Guide and the Quercus Plus Menu Guide for more information about LDAP roles and content-based access control. A summary is given below.

LDAP role-based access control

Role-based access is controlled by the user’s membership of LDAP groups:

If a user is a member of QP_RESULTS_ENTRY the user is authorised to enter results.

If a user is a member of QP_RESULTS_VIEW the user is authorised to view results.

Quercus content-based access control

If Quercus’s content-based access control is implemented then a user’s access to results can be restricted to particular courses and students:

If the person model is implemented then a staff member can only access the results relating to course instances or modules with which he or she is associated.

If the organisation model is implemented then a staff member can only access the results of students belonging to the organisation of which he or she is a member.

If the unrestricted model is implemented then a staff member can access the results of any students on any course.

Using this guide

This guide is divided into two main sections:

Setting up users describes how to set up users and allocate roles to users.

Menu access by application role lists the various user roles and the corresponding menu options that are granted to a user who is a member of the role.