Product Security Roles in a Single-Product Environment

Last Modified on 04/10/2024 12:55 pm CDT

This article describes how security roles function within an Infinite Campus-only environment and includes the following topics:

The following diagram illustrates the user's ability to create and delegate Product Security roles.

There is a distinct difference between single and multi-product environments. The following diagram illustrates the process for users with Campus SIS only.

workflow showing how product security roles work within Infinite Campus

You may choose to have a single Product Security user or multiple Product Security users. If you have questions about what configuration is right for you or other questions about best practices please contact Infinite Campus.

Product Security Role Assignments

Product Security Roles determine whether a user may assign Tool Rights to other Campus Application users. Product Security Roles are assigned to users on each person's User Account. The Product Security Role Assignments section displays when Campus Application is selected in the Homepage dropdown list. Users assigned the Product Security Role automatically inherit all tool rights associated with the specific product.

Campus automatically assigns users with a Product Security Role calendar rights of All Calendars/All Schools with Data Modification Rights regardless of calendar rights assigned in their user account.

Users with a Student Information System Product Security role are allowed to log in as a user with a Student Information System - Login as User Product Security Role but once they have logged in as that user, they cannot use that user account to then log into another Campus user account via the Login as User button on the User Account.


Student Information System Product Security Role

The Student Information System product security role grants administrative rights to ALL non-finance tools within Infinite Campus. This role should only be given to system administrators within the district. 

This role does not grant a person rights to Human Resources, Finance, Payroll, or Staff Evaluation tools. These tools must be granted via their respective product security roles or tool rights. 

screenshot of the student information system product security role highlighted

Users MUST be assigned the Student Information System product security role in order to create User Groups and access most of the User Management. The table below shows how access to User Management tools differs between the SIS product security role and a user with only tool rights.

SIS Product Security Role
screenshot showing how many tools are only available via the SIS product security role
User with All Tool Rights (but no SIS Product Security Role)
screenshot showing how few tools are available without an SIS product security role


Login As User Feature

The Login As User button only appears for users who have equivalent or greater tool rights than the user they want to log in as and is only available with the Product Security role. When logging in as another user, users cannot gain access to tools for which they currently do not have tool rights. 

This feature is not available for users only assigned the Student Information System - Group Assignment role.

See the Allowing Non-Product Security Users to Log In as Other Users section for more information on how this feature functions for users only assigned the Student Information System - Login as User role.

The Student Information System - Login As User role is prohibited from logging in as another user with the Student Information System - Login As User role. Users assigned this role are only allowed to log in as another user once per Campus session. This behavior was put in place to ensure users do not jump from one user account to another.

The Administrator selecting this button MUST have calendar rights for the school listed on the other user's (person being logged into) District Assignment page. 

screenshot of the login as user button highlighted

A system preference called Restrict Login As User Feature On Users With Product Security Role controls whether Product Security users may log in as another user with a Product Security role. This preference is found within the Account Security Preferences tool. The default value for this preference is No which allows Product Security roles to log on as each other.

screenshot of the restrict login as user feature system preference highlighted

Every Campus login is stored by the system on the user's Access Log. The Third Party Admin column indicates that another user has used the Login As User button to log into Campus as this user. This column reports the other user's name, user ID and username.

screenshot highlighting the third party admin column of the access log


Allowing Non-Product Security Users to Assign User Groups to Other Users

The Student Information System - Group Assignment security role provides non-security users the ability to assign User Groups to other users without being given the security and system access granted with other product security roles. 

screenshot of the student information system - group assignment field selected

Users assigned this role are allowed to work within Campus to the extent of their tool rights and are only allowed access to the User Groups tab within User Security. These users cannot view or modify their own tool rights nor the tool rights of other users.

screenshot showing where user groups are entered for a user


Allowing Non-Product Security Users to Log In as Other Users

The Student Information System - Login as User security role allows users to access the Login as User feature on the User Account without having the security and system access granted with other product security roles. Users assigned this role are allowed to work within Infinite Campus to the extent of their tool rights and can only log in as other users who have equal to or less than tool rights.

Users must have at least R(ead) tool rights to the User Account tab in order to properly login as other users.

The Student Information System - Login As User role is prohibited from logging in as another user with the Student Information System - Login As User role. Users assigned this role are only allowed to log in as another user once per Infinite Campus session. This behavior was put in place to ensure users do not jump from one user account to another.

screenshot of the login as user product security role

Users assigned this role can log in as another user but cannot see the other user's tool rights for rights they themselves do not possess. These users can also only view or change passwords and usernames of other users if they have Write tool rights to the User Account. Read tool rights prohibits this role from modifying user account data. This role also prevents users from being able to modify their own tool rights.


Montana Edition

Users within a Montana Edition of Infinite Campus can be assigned the Montana Edition Product Security role. This role gives users full tool rights for all of the SIS including User Security tools. Users with this role can create and assign security rights, create and assign user groups to other users, and log in as users with equal to or less than tool rights (via User Account). 

screenshot of the Montana Edition product security role


Auditing Which Users Are Assigned Product Security Roles

The Product Security Role Report allows you to generate a list of all users (active and disabled) who are assigned specific Product Security Roles.

screenshot of the product security role report

Related Articles

Was this helpful?
Thank you for your feedback!
User Icon

Thank you!

Copyright ©️ 2010-2023 Infinite Campus, Inc. All rights reserved. | Terms of Use | Privacy Policy | infinitecampus.com