The Users security form is used to create the user accounts for Aeries. Each account created must have a Type associated with the account. It is important to associate the correct account Type with each account created so that the correct permissions are associated.
There are currently eight account Types that can be used when creating an Aeries account.
Admin - An unrestricted user who can maintain all admin level functions and configurations. If an account has a type of Admin, no permissions can be assigned since it will automatically have full permissions to all forms and functions in Aeries.
User - Standard user for Aeries. Specific permissions or groups must be assigned, and explicit access to schools is required.
Teacher - Account type for teachers to use the Teacher Portal. An account with this type will inherit security permissions from the Teachers Portal Group which can be set up under the Portal Group security area. This type of account also needs to be associated with a valid Staff ID number. School assignments are not needed for Teachers, since they inherit school assignments from the Staff ID. In addition to Portal Group permissions, Teacher type accounts can be given additional Group and User permissions.
Substitute Teacher - Account type for substitute teachers to use the Teacher Portal. An account with this type will inherit security permissions from the Substitute Teachers Portal Group which can be set up under the Portal Group security area. This type of account needs to be associated with a valid Staff ID number. Substitute Teacher accounts can be generated through the Create Substitute Teacher Accounts form. In addition to Portal Group permissions, substitute teacher type accounts can be given additional Group and User permissions.
Active Directory Admin/User/Teacher/Substitute Teacher - Active Directory type of accounts have the same features as account types listed above. Usernames entered must match the user name specified in Active Directory. Ex: ABCUSD\username format may need to be used. No password is needed for these types of users.
Add a New User Account
To create a new account, click Users under the Security node on the navigation menu.
The following form will display. To add a new account, click Add.
This example will use a Type of User. Enter the account information and then click the Update button.
ID – This number will be automatically assigned by the system.
Type – The type of account.
Identity Provider – Identifies if the account will be authenticated through the Aeries system or if it will use Google Authentication.
User Name – This should be a unique name that is associated with an individual account. Ex: jsmith
Expiration Date – Date for the account to expire. When the date has passed and a user attempts to log in, they will get a message on the login screen that the account has expired, and they will be unable to log in. This is optional.
Status – Currently you can tag a status of Active, Locked, Disabled or Pending. When a user is given a status of Locked, Disabled or Pending, the user will not be able to log into Aeries
Password – Enter a password. This field will be grayed-out when the Identity Provider is Google, or account type is Active Directory. You must also enter the password again into the Confirm Password field.
Must Change Password – When checked, users will be prompted to change their password the next time they log into Aeries. Setting a password to “welcome” will also prompt the user to change their password.
Password Last Changed will show the date the password was last changed.
Login Count will show the total amount of logins since the account was created.
Staff ID – A staff ID is required on accounts that are a Type of Teacher. The list of names to choose from comes from the STF table. Populating a Staff ID for all users is recommended.
First Name – Enter the user’s first name. This is optional.
Last Name – Enter the user’s last name. This is optional.
Email Address – A valid email address is highly recommended since it is required in order to run reports.
Last Login Date/Time – this will show the last time the user logged in.
Last Login IP – IP address of the computer the user last used to login to Aeries.
IO Education ID – For users that already have a login ID for Student Assessment by IO Education (formerly EADMS). Entering the login in this field allows users to Single-Sign-On directly into the Student Assessment by IO Education system.
STARS ID – For users that already have a login ID for School City STARS. Entering the login in this field allows users to Single-Sign-On (SSO) directly into the STARS System.
Google Account – The Google Account for this user, if different from the Email Address field. This is currently used to identify a teacher’s Google account for Google Classroom integration if the district prefers to populate a primary email address other than the Google account.
Comment – A comment can be entered regarding the user.
After an account is created, the Users form will show three additional icons: Permissions, School Access, and Groups.
After initially creating User account types, the School Access icon will be red. This indicates the need to assign school access to that user.
Accounts with a Type of Admin have automatic full access to all schools and do not need to be assigned school access.
Accounts with a Type of Teacher or Substitute Teacher have automatic access only to the schools associated with the Staff ID that is connected to their account and do not need to be assigned school access.
Accounts with a Type of User must have their access to schools defined. To assign access for User accounts, click the School Access icon.
The following form will display with a list of all the schools that are in the LOC table. Select the check box under the Access column of the school the user will be allowed to access. Multiple schools can be selected for a User account.
To grant access to a school for a User account to be Read only, check the Access and Read Only options for the appropriate school.
For districts using the Aeries Communications system, there will be a column labeled CommGroup that will default to checked whenever Access is checked. The Aeries Communications system will use this option to manage which users are included in school-level groups.
NOTE: The School Access selections are saved automatically. There is no Save button on the form.
Group Associations are used for accounts of any type except Admin. The recommended method of assigning permissions to a new User account is to assign a Group Association to the account. A Group Association connects previously set up Group permissions to the User account. This alleviates the tedious management of setting up permissions individually for each user. To associate Group permissions to a User account, click the Groups icon.
The following form will display. To add the user as a member of an existing group, click the group name from the list.
The form will now display the name of the Group associated under the Group Name column to the left. To remove a group association, click the X next to the Group name.
Changes will save automatically.
The Permissions icon can be used for accounts of any type except Admin. This can be used in conjunction with a security Group. An example would be a User account being part of a Group whose members have no permission to a specific form. This one user in the group needs permissions to that form. To handle this scenario, the user can be added to the group membership, then on the Permissions form, the permission to the additional form can be granted for this one user account.
To assign permissions, click the Permissions icon. The Display Current Permissions checkbox will default to on. When creating a new account, no permissions will display initially. Uncheck this option to display all security areas.
The form will now expand and display all security areas along with check boxes for each permission type suc has Read, Insert, Update, and Delete.
Read – Allows users to read the data on the form.
Insert – Allows users to insert or add data on the form.
Update – Allows users to update or change data on the form.
Delete – Allows users to delete data on the form.
Mass Update – Allows users to mass change data
Administer - Special permissions for certain tasks (covered in a separate article)
Expiration Date - Used to temporarily elevate a user’s permission. Permissions will automatically expire at the end of the date specified. Read permissions do not expire.
These boxes will be used to assign which permissions the user is allowed for each area. To set permissions for the user, click the appropriate permission boxes for each area. If no permissions are to be granted for an area, leave all that area's corresponding boxes unchecked.
Depending on the number of school years available in your Aeries configuration, there are tabs for the Current Year, Last Year, and Before Last Year. To give a user access to prior year databases, permissions must be assigned on those additional tabs. If no permissions are specified for prior years, the user will only have access to the current year.
NOTE: If permission to a form is not granted for a user, the user will not see that form on the navigation menu.
To deny certain permissions to a form, click twice on the appropriate permission box. A red X will now display in the box, and the corresponding permission will be denied to the user.
NOTE: When a user is given both Allow and Deny permission to the same area, the Deny permission takes precedence. For example, a user may have Allow Update access to Attendance through a group membership, but Deny access at the user level. In this case, the user will be denied Update to Attendance.
Once all permissions have been set for the user, select the Display Current Permissions checkbox. The form will now only display the permissions that have been assigned to the User, hiding any that have been unassigned.
NOTE: The permissions selected are saved automatically. There is no Save button on the form
To assign additional permissions for a user, deselect the Display Current Permissions option to again view all Aeries security areas.
Search for Existing User Accounts
Once accounts have been created, the Users form can be used to search for existing accounts. To search for an existing account, type the first name, last name, username, or staff ID in the text box and then click Search. Any matching account will show under the User Name column. Click a record shown in the results to view information for that account. If there are many results, the navigation arrows at the bottom of the form are available.
Change A User Account
After searching for an existing account, an Administrator can make changes to an account by clicking the name of the account in the results list.
The Account Information form will display. To make a change to the account, click the Change button and make any necessary modifications. Click the Update button to save the changes.
To Delete an account, click the Delete button. The following message will display. To confirm the deletion of the account, click the OK button.
Emulating a User
Aeries has a feature that allows an Admin user to login as or emulate another user. After searching for the user, click on the User, then click the Log in as User button to emulate the user.
If the current school is not available to the emulated user, you will be prompted to select which school to log in to. Click Continue if prompted.
You are now emulating the user, and can navigate and view Aeries as if you were the actual user. This is useful when needing to verify security is set correctly for a specific user.
To return to your account, click the Return to My Login button in the upper left of the navigation menu.
Emulating Parent/Student accounts is also possible. To emulate a parent or student account, navigate to School Info | Portal Management | Manage Parent/Student Accounts and click on the Emulate this Account icon ("person" icon) to emulate the account. Parent and Student accounts are covered in more detail in the Parent and Student Account Management documentation.