Security Revamp of the Impersonation System (Catch All)
The ability to impersonate users in OnCampus is brilliant, but currently not usable at scale. The system currently grants a user with impersonation rights full control over almost anyone in the system. This requires admins to hand out the impersonator role with a very careful hand.
There are many other ideas in the Idea Bank, but they're all spread out, so I'm proposing a combination of things on one place with hopes it gathers enough steam to grab someone's attention(ahem, devs, ahem!)
- We need to be able to specify read only or read/write permissions for impersonation.
- We need granular control over what areas an impersonator has read and/or write access to when impersonating.
- We need granular control over who an impersonator can impersonate: by role, by membership, by name, by grade, etc.
- We should be able to allow Teachers to impersonate their students but not others.
- We should be able to allow Counselors to impersonate their students and parents (academic only, no financial).
- We should be able to allow Student Billing to impersonate parents (financial only, no academic).
- We should be able to allow Department Heads to impersonate their Department Members.
- We should be able to allow Specific User A to impersonate Specific User B for a specifiable amount of time.
- We need to be able to impersonate in one window/tab while maintaining our own status in another.
- Impersonation needs to be strictly logged and reportable.
- We need to be able to easily find who impersonated which user and when.
- We need to be able to easily find all actions taken during an impersonation session.
If anyone thinks of anything else, leave a comment and I'll come back and work it into the list above.
-
Kristofer Thurston
- Oct 22 2018
Related ideas
This should be part of https://blackbaudk12.ideas.aha.io/ideas/K12CO-I-63
This continues to be an issue for us -- we especially need teachers and learning services administrators to be able to impersonate students (read only) without being able to impersonate parents or other teachers.
It's been over four years since this idea was originally posted. As far as I'm aware this is still an issue. Thank you Kristofer for stating everything perfectly!
We need this, yesterday. I can't believe this hasn't been implemented.
I can't believe this is available yet. I'm am tired of fighting principals and directors because then they can see everything of another parents or whatever that is against all security protocols. If a teacher or administrator or whaver just needs student view then we should be able to give student view. This HELPS the Students. Same for Parent View. This HELPS the parents without comprimising the securituy and accounting of the system.
Definitely need this (all of this) and the sooner the better.
Definitely need this (all of this) and the sooner the better.
Would love to see a read-only permission for impersonation!
I totally agree. This is not secure at all especially for things like grades and financial aid, etc.
Please add the ability to track who has impersonated who and when.
I agree with all of this, but would give 10 votes (if I could) to the logging of who, when, and what tasks.
Kristopher I agree completely! You may want to consider supporting this idea as well.
https://blackbaudk12.ideas.aha.io/ideas/K12CO-I-1668