Admin and User user types will automatically have the Query node in their navigation tree and basic Query functionality without any additional security setup. If the User or Group needs to have more advanced Query features such as saving their queries, creating Query Letters, or using the Query Change command then the appropriate permissions will need to be set up in the Aeries Query Features area of the Security node. 

For security reasons, some tables cannot be queried.

Mass Update to the Query Change Command permission set allows non-Admin users and Groups to use both the Query Change command and the Query Change button. However, users and groups must have update rights to the underlying tables and fields that they are trying to edit. In the below example, the user is able to edit data in the Supplemental (SUP) table with a Change command or the Change button, but they are not permitted to edit data in the Emergency Contacts (CON) table. Also, certain key fields, such as the ID field, are never editable through Query.

The Teacher Portal group will need to have Read permission to the Query for Teacher permission set in order for the teachers to have the Query node in their navigation.

Note: When a teacher gets the 'Query for Teachers' security permission added to their account, and they use Query, they will have access to all data for the student and not just data added by the teacher. An Example of this functionality would be all Attendance Notes can be viewed for the student that were submitted by any user and not just those added by the logged in teacher regardless of Portal Options settings for attendance notes.  

All non-Admin users and Groups can only query the information that they have permission to. In the below example the user will be able to query Attendance (ATT), but not any of the other tables under the Attendance/Enrollment security area.

Please see the Security article for more detailed information on how to set up permissions for users and groups.