Assign a Permission Level and Provide Login Credentials to a Contact
Security Group
Security group determines the level of access the user is given in Paradigm. By default, new accounts are given staff security groups. For administrators and power users, this value is normally set to Full or Flex Admin. The table below are the types of Access Levels or Security Groups in Paradigm.
Security Level | Description |
Public | What a user may see without logging into Paradigm. Mostly used for login screens and the online application portal. |
Applicant | A prospective student who is interacting with Paradigm via the application portal. |
Student | A student user with mostly read-only access but has the ability to update their address details, register for units, generate a limited set of letter reports , and view other records made available to them by the Institution. |
Reception | The lowest security group with almost exclusively read-only access to a limited set of student related information. |
Tutor | An appropriate level of access for a part time or casual teaching staff who needs to look up student details, enter attendance, record assessment marks, or make notes against a student. |
Staff | NOTE: Default security group assigned by the system to newly created Contact logins. A general level of access with a moderate degree of edit access to student related information and records. |
Student Services | Intended for users who require the functionality of a staff member together with the ability to record, e.g. advisor / examiner / reviewer |
Student Admin | An alternative profile based on the flex admin security group. |
Flex Admin (also known as part time registrar) | Similar scope of access as Full Admin but lacking access to the System and Accounting menus, and the ability to edit published grades or bulk generate invoices. |
Accounting | An appropriate role for an accounts receivable role that is focused on maintaining financial records including invoices and payments within Paradigm. |
Marketing | This security group has a wide scope of access including student records, agents, invoices and payment related records. |
Full Admin | The standard security group given to power users with the ability to view, edit, and the one who has full control to almost everything within the system. |
HR Admin | BE ADVISED: Not normally used. Intended for institutions who want to record sensitive HR related information within Paradigm for the purposes of staff reporting. |
System Admin | BE ADVISED: Not normally used. Intended for institutions that require a higher form of Full Admin with full system permissions in order to limit the typical scope of Full Admin access. |
Staff Login Options
Paradigm EMS can let you choose the following password policies for new user logins: Contact our Support Team to set up your site to a specific student password policy as mentioned below:
Historic settings (Default) - The password is set based on the agreed password format settings for the site and falls back to a default plan. Each time a new contact record is created, your institution-specific workflow for sending the credentials has to be followed.
Randomised Password - Normally used for new staff and sent via email - will send a random password format. Each time a new contact record is created, an automatic email (
STAFF_PWD_RESET_RANDdata resource template) will be sent to the contact providing them with a system-generated (random) password. Learn more here.Token-Based Password - Use the same system as password resets, where we send a token that is used by the user to set the password. Each time a new contact is created, an automatic email (
STAFF_PWD_RESET_TKNdata resource template) will be sent to the user providing them with a link to set their password. Learn more here.Single-Sign-On (SSO) - This allows staff to log in to Paradigm, e.g. using their Microsoft account. Your site needs to be configured if you opt for an SSO login option.
Two-Factor Authentication with TOTP - This requires 2FA to log in to Paradigm. Read more here for the configuration and details.
Workflows
Assign a Security Group or Permission Level
Load the Contactβs record, see Search for a Contact Record.
With the Contact record loaded in the system, go to Contacts > Login menus on the side.
NOTE:
A Contact or User login can only belong to one security group at a time, so if a security group has already been assigned, remove the existing security group first, and then continue below β to assign the new security group.
Note that when you create a new Contact record, the default assigned security is set to STAFF, remove this security/permission level if this is not the intended Permission Level that you want for the Contact Record to have. If the Contact is intended to have a STAFF Permission Level, keep it and proceed to the Activate User Login instruction.
In the ASSIGNED SECURITY FOR USER LOGIN Form section, click the drop-down list to select the permission level you want to assign for that contact record.
Click the ASSIGN SECURITY button.
After clicking the ASSIGN SECURITY button, the selected role will now show in the ASSIGNED SECURITY FOR USER LOGIN Form section.
Activate the Contact or User Login
In the ACTIVATE USER LOGIN Form section, to enable the userβs login, click the ENABLE USER LOGIN button. This should put a Y on the Enabled field and the date when youβve enabled the user login.
Forgot Password Link
Open a different browser with the Paradigm Login page, and click the βForgot password?β link
After clicking the βForgot password?β link, a new window will appear (as shown in the screenshot below) Copy the Username to the User Login Id/Student Number field and enter the Date of Birth of the user, as entered in the user or contact details record (use the format: dd/mm/yyyy).
The User Login Id field is allocated automatically by the system unless otherwise specified. It is located in the Contacts > Login screen under the ASSIGNED SECURITY FOR USER LOGIN section in the Login Id column. By default, it starts with the Contact's First Name.Last Name, e.g. Helena.Fernando
The Date of Birth field can be copied from the Contacts > Edit Details screen under the OTHER DETAILS section. Copy the DOB field from this Contact screen to the Date of Birth (dd/mm/yyyy) field.
Click the RESET USER PASSWORD button. This will trigger the system to send an email to the user with their Paradigm Login credentials (Username and Password).
SUCCESS:
The Contact or User will receive the login credentials to get them started with accessing or using Paradigm according to their assigned Permission Level or Security Group.
Random Password Reset Email Template
This is applicable if you are using the Random Login Option as mentioned above. Check the email template called STAFF_PWD_RESET_RAND - this template uses the {user_login_currentPassword} mail merge field. Refer to the instructions on this workflow
Staff Password Reset Token Template
This is applicable if you are using the Token Login Option as mentioned above. Check the email template called STAFF_PWD_RESET_TKN - this template uses the {reset_password_url}ο»Ώ mail merge field. Refer to the instructions on this workflow
Related Workflows
If you want to customise or restrict the menu items the users can see on their Paradigm site who belongs to a certain Permission Level, refer to the Edit System Side Menus workflow.
Edit System Side MenusYou can control what a user is able to see, edit, and use within Paradigm depending on which permission level they belong. You can make the fields, buttons, or sections hidden, visible, editable, read-only, or required to certain permission levels. Refer to the Edit Form Fields workflow.
Edit Form FieldsOption to lock some records for editing. You can check the records with Read-Only on that documentation and the workflow, see Make a record Read-Only
Make a record Read-OnlyNote that reports and file attachment records in Paradigm can be set to the minimum (possible) Permission Level that can view or access them. e.g. Student Files, Report Builder - Save Report
Last updated
