How to Set Up Roles & Permissions for Your Team
Learn how to create custom roles, assign granular permissions, and manage team access across your EduSuite OS school platform.
How to Set Up Roles & Permissions for Your Team
TL;DR: EduSuite OS uses role-based access control (RBAC) to ensure each team member only sees and does what they need. You can use built-in roles or create custom ones with granular permissions.
Prerequisites
- Admin access to EduSuite OS
- Staff members already imported or invited
Built-In Roles
EduSuite OS comes with these pre-configured roles:
| Role | Access Level | Typical User |
|---|---|---|
| Super Admin | Full access to everything | School owner / Director |
| Admin | All modules except billing & subscription | Vice Principal / Coordinator |
| Teacher | Class-specific: attendance, grades, assignments, messages | Teaching staff |
| Accountant | Finance module: fees, expenses, reports, receipts | Accounts team |
| Receptionist | Admissions, visitor management, basic student lookup | Front desk staff |
| Librarian | Library module: catalog, issue/return, reports | Library staff |
| Transport Manager | Transport module: routes, vehicles, drivers | Transport coordinator |
| Parent | Child-specific: attendance, fees, grades, messages | Parents/guardians |
| Student | Self-service: timetable, assignments, grades, library | Students |
Creating a Custom Role
- Navigate to Settings → Users & Roles → Roles.
- Click + Create Role.
- Enter a Role Name (e.g., "Department Head", "HR Manager").
- Set permissions for each module:
Permission Levels
Each module supports four permission levels:
- No Access — Module is completely hidden
- View Only — Can see data but cannot edit
- Edit — Can create, update, and view data
- Full Control — Can edit, delete, and manage settings
Example: Creating a "Department Head" Role
| Module | Permission |
|---|---|
| Student Management | View Only |
| Attendance | Edit |
| Academics (own department) | Full Control |
| Finance | No Access |
| Communication | Edit |
| Reports | View Only |
| Settings | No Access |
- Click Save Role.
Assigning Roles to Staff
Individual Assignment
- Go to Settings → Users & Roles → Users.
- Find the staff member and click Edit.
- Select the appropriate role from the dropdown.
- Click Save.
Bulk Role Assignment
- Go to Staff → All Staff.
- Select multiple staff members using checkboxes.
- Click Bulk Actions → Assign Role.
- Choose the role and confirm.
Scope-Based Permissions
Beyond module-level access, you can scope permissions by:
Class Scope
Teachers can be restricted to only see their assigned classes:
- Edit the teacher's profile.
- Under Class Assignment, select specific classes.
- The teacher will only see students and data for those classes.
Department Scope
Department heads can be scoped to their department:
- Assign the "Department Head" role.
- Under Department, select the relevant department.
- They'll see departmental data only.
Campus Scope (Multi-Campus)
For multi-campus schools:
- Assign the staff member to a specific campus.
- They'll only access data from their assigned campus.
- Super Admins can toggle between campuses.
Managing Permissions
Viewing Current Permissions
- Go to Settings → Users & Roles → Roles.
- Click any role to see its full permission matrix.
- Use the Permission Map view for a visual overview.
Audit Trail
Every permission change is logged:
- Go to Settings → Audit Log.
- Filter by "Role & Permission Changes".
- See who changed what, and when.
Best Practices
- Start with built-in roles — Customize only when needed.
- Principle of least privilege — Give the minimum access required.
- Review quarterly — Audit roles and remove unnecessary access.
- Use class/department scoping — Don't give teachers access to all classes.
- Separate admin and super admin — Keep billing access restricted.
Troubleshooting
Q: A teacher can't see their class. A: Check that the teacher is assigned to the correct class under their profile. Go to Staff → [Teacher Name] → Class Assignment.
Q: Someone has too much access. A: Review their role in Settings → Users & Roles. Switch to a more restricted role or create a custom one.
Q: I accidentally removed my own admin access. A: Contact EduSuite OS support. The platform owner (Super Admin) can always restore access.
Need a security review of your school's access setup? Book a consultation with our team.