Grado uses a role-based access control (RBAC) model to manage how users interact with the system. Instead of granting identical access to all users, permissions are grouped into roles that define what each user can view or do.
This structure keeps information secure, reduces configuration errors, and makes administration more efficient—especially in large schools with multiple staff functions.
| Concept | Description |
| Role | A predefined or custom grouping of permissions assigned to one or more users (e.g., Registrar, Cashier, Assessor). |
| Permission | A specific capability that allows a user to view, add, edit, or delete within a module (e.g., Approve Grades, Update Grade Book Locking). |
| User Type | The base account category — Admin, Faculty, or Student — that determines which roles or permissions can apply. |
Each Grado account type can have one or more roles, and each role contains multiple permissions.
The Administrator creates or manages roles in Setup > Roles.
Each role is linked to permissions that define its allowed actions.
Roles are assigned to users (usually Admin-type accounts).
Users only see modules and functions enabled for their assigned roles.
💡 Example:
The Registrar role may include Manage Enrollment and Generate Reports.
The Cashier role includes Manage Assessments and View Payments.
A user assigned both roles will see all corresponding menu items on the Admin Dashboard.
There are two ways to manage permissions under its role-based access system:
Role-Based Management (Recommended)
Create roles (e.g., Registrar, Cashier, Faculty Adviser).
Attach permissions to those roles.
Assign the roles to users.
Ideal for larger schools where multiple users share the same responsibilities.
Direct Permission Management
Open a user’s profile and go to View/Edit Permissions.
Select or deselect specific permissions directly.
Useful for one-off access configurations or testing new modules.
💡 Note: Applying a role template and editing permissions manually both work. When both are used, manual permission edits take precedence and are saved per user, even if their role template changes later.
Grado provides a set of default roles that can be used as is or customized:
| Default Role | Primary Function | Example Access Areas |
|---|---|---|
| System Administrator | Full control of setup and configuration | All modules and settings |
| Registrar | Enrollment and academic records management | Students, Classes, Programs |
| Cashier | Financial transactions and assessments | Assessments, Payments, Discounts |
| IT Staff | User access controls and facilities management | User Account Management, Buildings & Rooms |
Custom Roles
Administrators can create custom roles (e.g., Records Officer or Accounting Assistant) by combining permissions from multiple modules or functions.
This flexibility supports schools with specialized workflows or delegated responsibilities.
Each Grado module—such as Courses, Students, or Payments—contains its own list of permissions.
| Module Type | Typical Permission Examples |
|---|---|
| Standard Modules | Create, List, View, Edit |
| Complex Modules | Approve, Archive, Publish, Bulk Create, Configure |
Permissions define the specific actions available to users within each module, ensuring control over data visibility and modification.
Review roles every academic year to ensure relevance.
Limit full-system access to trusted system administrators only.
Create task-specific roles to support segregation of duties (e.g., Enrollment Encoder vs. Enrollment Approver).
Document permission changes for audit and compliance tracking.
The permissions linked to a role directly determine:
Which tiles and modules appear on the dashboard.
What actions are available (e.g., view only vs. edit mode).
Whether certain reports or buttons (e.g., “Download,” “Approve”) are visible.
💡 Example:
A Registrar may see “Enrollment Management” and “Student Status,” while a Cashier sees “Assessments” and “Payments.”
When new modules or features are enabled (e.g., Eligibility Module, Bulk Uploader).
When staff responsibilities change (e.g., Registrar → Records Officer).
After Grado updates introduce new permissions (see Release Notes).
Grado’s role-based access system ensures users have access only to the tools and data they need.
By assigning permissions through roles, administrators maintain secure, organized, and scalable access control across all modules.
