The User Access Lifecycle in Grado outlines how administrators define, assign, and maintain access controls across the system.
Access determines what users can see and do once they have accounts in place.
This page summarizes all key stages — from configuring permissions to periodic access review — and links to detailed articles for each.
| Stage | Description | Related Article |
|---|---|---|
| 1. Define Roles and Permissions | Administrators create or review roles and permission sets to establish what actions users can perform within modules. | User Roles and Permissions Overview |
| 2. Configure Roles | Create, edit, or duplicate roles under Setup > Permissions, grouping permissions by function or department. | Configuring User Roles |
| 3. Assign Roles or Permissions to Users | Assign roles to user accounts or manually enable/disable permissions to control access scope. | Assigning Roles to Users |
| 4. Restrict or Expand Access | Fine-tune module or feature access by enabling only relevant permissions (e.g., View Only, Edit, Approve). | Restricting Access to Specific Functions |
| 5. Review and Audit Access | Regularly verify that users have the correct permissions. Adjust roles when responsibilities or modules change. | User Access Management (Overview) |
This lifecycle ensures secure and appropriate access across all modules and prevents over-privileged accounts.
| Action | Frequency | Purpose |
|---|---|---|
| Review active roles | Every academic term | Remove unused or outdated roles. |
| Audit user permissions | Quarterly | Detect excessive or conflicting access. |
| Test restricted roles | Before major updates | Ensure new features respect existing permissions. |
| Document changes | Ongoing | Maintain a record for compliance and accountability. |
💡 Tip: Use role templates for consistency across departments or campuses.
Maintain a least-privilege principle — give users only the permissions they need.
Assign roles by function, not title.
Avoid editing system roles unless necessary.
Review access after staff changes, school year transitions, or Grado updates.
Combine role templates with direct permission edits only when exceptions are needed.
💡 Security Note: Periodic access audits reduce the risk of unauthorized data exposure and ensure compliance with school policy.
The User Access Lifecycle ensures users have the right permissions throughout their time in Grado.
By defining roles, assigning permissions, and reviewing access regularly, administrators keep the system secure, efficient, and aligned with each staff member’s responsibilities.
