Security Revamp of the Impersonation System (Catch All)
The ability to impersonate users in OnCampus is brilliant, but currently not usable at scale. The system currently grants a user with impersonation rights full control over almost anyone in the system. This requires admins to hand out the impersonator role with a very careful hand.
There are many other ideas in the Idea Bank, but they're all spread out, so I'm proposing a combination of things on one place with hopes it gathers enough steam to grab someone's attention(ahem, devs, ahem!)
- We need to be able to specify read only or read/write permissions for impersonation.
- We need granular control over what areas an impersonator has read and/or write access to when impersonating.
- We need granular control over who an impersonator can impersonate: by role, by membership, by name, by grade, etc.
- We should be able to allow Teachers to impersonate their students but not others.
- We should be able to allow Counselors to impersonate their students and parents (academic only, no financial).
- We should be able to allow Student Billing to impersonate parents (financial only, no academic).
- We should be able to allow Department Heads to impersonate their Department Members.
- We should be able to allow Specific User A to impersonate Specific User B for a specifiable amount of time.
- We need to be able to impersonate in one window/tab while maintaining our own status in another.
- Impersonation needs to be strictly logged and reportable.
- We need to be able to easily find who impersonated which user and when.
- We need to be able to easily find all actions taken during an impersonation session.
If anyone thinks of anything else, leave a comment and I'll come back and work it into the list above.
-
Kristofer Thurston
- Oct 22 2018
Related ideas
This should be part of https://blackbaudk12.ideas.aha.io/ideas/K12CO-I-63
Attachments Open full size
This continues to be an issue for us -- we especially need teachers and learning services administrators to be able to impersonate students (read only) without being able to impersonate parents or other teachers.
Attachments Open full size
It's been over four years since this idea was originally posted. As far as I'm aware this is still an issue. Thank you Kristofer for stating everything perfectly!
Attachments Open full size
We need this, yesterday. I can't believe this hasn't been implemented.
Attachments Open full size
I can't believe this is available yet. I'm am tired of fighting principals and directors because then they can see everything of another parents or whatever that is against all security protocols. If a teacher or administrator or whaver just needs student view then we should be able to give student view. This HELPS the Students. Same for Parent View. This HELPS the parents without comprimising the securituy and accounting of the system.
Attachments Open full size
Definitely need this (all of this) and the sooner the better.
Attachments Open full size
Definitely need this (all of this) and the sooner the better.
Attachments Open full size
Would love to see a read-only permission for impersonation!
Attachments Open full size
I totally agree. This is not secure at all especially for things like grades and financial aid, etc.
Attachments Open full size
Please add the ability to track who has impersonated who and when.
Attachments Open full size
I agree with all of this, but would give 10 votes (if I could) to the logging of who, when, and what tasks.
Attachments Open full size
Kristopher I agree completely! You may want to consider supporting this idea as well.
https://blackbaudk12.ideas.aha.io/ideas/K12CO-I-1668
Attachments Open full size