1 SSDT Roles
2 Permissions
3 Search for a Role
4 Edit a Role
5 Delete a Role
6 SSDT Roles Permissions
7 Available USAS Permissions:
- 7.1 ADMIN
- 7.2 LOGIN
- 7.3 MODULE
- 7.4 USAS
- 7.5 LIMITED

Roles are defined by the district to represent the basic functions, responsibilities, or tasks of users in the district. Each role is granted one or more "Permissions", each of which allows a specific functionality within the software. For example, there are separate permissions which allow create, update, delete, and/or view access to each main interface in the system. Each user is then assigned one or more roles, thus granting them the permissions related to those roles.

When creating roles you cannot use an underscore in the role id. Underscores are reserved for SSDT standard roles. You cannot edit or delete roles that contain underscores (the SSDT standard roles).

SSDT Roles

The following roles are standard SSDT created roles. For new, non-migrating instances, these roles will be available when the instance is created.

USAS Role	Classic USAS Identifier	Definition

USAS Role	Classic USAS Identifier	Definition
SYSMAN_USER	OECN_SYSMAN	Classic System Manager Role
USAS_MANAGER	OECN_USAS_GM	Classic USAS Group Manager Role
USAS_STANDARD	OECN_USAS	Classic USAS Standard Role
USAS_RO	OECN_USAS_RO	Classic USAS Read-Only Role
USAS_REQ	OECN_USAS_REQ	Classic USAS Requisition-Only Role
USAS_FILEARCHIVE	N/A	File Archive View Role
USAS_USER_PROFILE	N/A	This role grants the necessary permissions to allow a user to make limited updates to any user profile.
EMIS_SIF	N/A	EMIS SIF Role
AR_MANAGER	OECN_AR_GM	Classic ARF Group Manager Role
AR_STANDARD	OECN_AR	Classic ARF Standard Role
AR_RO	OECN_AR_RO	Classic ARF Read-Only Role

While each user's classic identifier was imported into USAS when the migration from Classic software occurred, roles may be further defined by the entity. Below are a few examples of new roles that may also be created:

TREASURER

SUPERINTENDENT

SECRETARY

ASSISTANT-TREASURER

ACCOUNTS PAYABLE

ACCOUNTS RECEIVABLE

SECRETARY

TECH COORDINATOR

TEACHER

Permissions

Permissions can be assigned when creating a role and allow a user to perform certain functions within the software. Permissions are set up in a hierarchy. Granting access to the top level grants all the access below it. For example, the following permissions are available for vendors:

USAS_VENDOR

USAS_VENDOR_CREATE

USAS_VENDOR_DELETE

USAS_VENDOR_REPORT

USAS_VENDOR_UPDATE

USAS_VENDOR_VIEW

Granting a permission of USAS_VENDOR will give the ability to create, delete, update, run reports and view vendors. Granting a permission of USAS_VENDOR_VIEW only to a user will restrict a user to view vendors only.

Limited permissions will limit the functions of another permission that has been granted. Currently, the only limited permission available is LIMITED_USAS_USER_UPDATE. If this permission is granted it will limit that user from certain functions of the USAS_USER_UPDATE permissions if granted on the role or ANY of the other roles assigned to the user.

Create a Role

From the System menu select 'Role'
Click on
Enter in an Id and description
Grant the Role Permissions
1. Highlight the desired permission
2. click the arrow to the right to assign a permission and click the arrow to the left to un-assign a permission
Click on
to create the Role, click on
to not create the Role and return to the Role grid

Search for a Role

The Role grid allows the user to search for existing account filters by clicking in the filter row in the grid columns and entering in the desired information. Click on any row of the search results to see a summary view of the record. The Advanced Search can be utilized by clicking on the

in the upper right side of the grid.

Edit a Role

Click on the

in the grid beside the Role to edit it. Only fields that are allowed to be edited will be displayed. Any user that is granted the Role that is being updated will automatically assume the updates done to that Role once the changes are saved.

Delete a Role

Click on

in the grid beside the desired Role . A confirmation box will appear asking to confirm that the Role should be deleted.

Roles may only be deleted if the role is not assigned to any user record

SSDT Roles Permissions

SYSMAN_USER role is equivalent to the ITC System Manager identifier in Classic. The SYSMAN_USER role contains complete access to the following permissions:
- ADMIN
- LOGIN
- MODULE
- MODULE_CONFIG
- USAS
USAS_MANAGER role is equivalent to the OECN_USAS_GM (USAS Group Manager) identifier in Classic. The USAS_MANAGER role contains the following permissions:
- ADMIN_REPORTS
- LIMITED_USAS_USER_UPDATE
- LOGIN
- MODULE_AUDIT (complete access)
- MODULE_CONFIG_ORGANIZATION
- MODULE_CUSTOMFIELD (complete access)
- MODULE_FILE (complete access)
- MODULE_IMPORT
- USAS_ACCOUNT (complete access)
- USAS_ACCOUNTCHANGEREQUEST
- USAS_ACCOUNTHISTORY
- USAS_ACCOUNTMAPPING
- USAS_ACCOUNTSUMMARY
- USAS_ACCOUNTTRANSACTION
- USAS_ACCOUNTTRANSITION
- USAS_ACTIVITYLEDGER
- USAS_ANTIPCATEDREVENUE
- USAS_APPROPRIATION
- USAS_BANKACCOUNT
- USAS_BUDGET
- USAS_BUDGETING
- USAS_CASHRECONCILIATION
- USAS_CODES
- USAS_DELIVERYADDRESS
- USAS_DISBURSEMENT
- USAS_DISTRIBUTION
- USAS_EIS
- USAS_EMIS
- USAS_FILTERS
- USAS_FISCALPERIOD
- USAS_FORECASTING
- USAS_GAAP
- USAS_GENERALLEDGER
- USAS_INTERFUNDCASH
- USAS_INVOICE
- USAS_OPU
- USAS_ORGANIZATION
- USAS_PAYABLE
- USAS_PENDINGTRANSACTION
- USAS_POSTINGPERIOD
- USAS_PRIVACY
- USAS_PROJECT
- USAS_PROPOSEDAMOUNT
- USAS_PURCHASEORDER
- USAS_RECEIPT
- USAS_REFUND
- USAS_REQUISITION
- USAS_RIGHT_REPORT
- USAS_RIGHT_VIEW
- USAS_TRANSACTION_ANTICIPATED_REVENUE
- USAS_TRANSACTION_BUDGET
- USAS_USER_REPORT
- USAS_USER_VIEW
- USAS_USER_REPORT
- USAS_USER_UPDATE
- USAS_USER_VIEW
- USAS_VENDOR

The USAS_MANAGER role contains the LIMITED_USAS_USER_UPDATE permission that will limit access granted by the USAS_USER_UPDATE permission. This role should NOT be assigned in combination with the Admin or SYSMAN_USER roles.

USAS_STANDARD role is equivalent to the OECN_USAS (USAS Standard) identifier in Classic. The USAS_STANDARD role contains the following permissions:
- LOGIN
- MODULE_FILE
- MODULE_FILE_CREATE
- MODULE_FILE_FISCALYEARREPORT
- MODULE_FILE_FISCALYEARREPORT_REPORT
- MODULE_FILE_FISCALYEARREPORT_VIEW
- MODULE_FILE_MONTHLYREPORT
- MODULE_FILE_MONTHLYREPORT_REPORT
- MODULE_FILE_MONTHLYREPORT_VIEW
- USAS_ACCOUNT (complete access)
- USAS_ACCOUNTCHANGEREQUEST
- USAS_ACCOUNTHISTORY
- USAS_ACCOUNTMAPPING
- USAS_ACCOUNTSUMMARY
- USAS_ACCOUNTTRANSACTION
- USAS_ACCOUNTTRANSITION
- USAS_ACTIVITYLEDGER
- USAS_ANTICIPATEDREVENUE
- USAS_APPROPRIATION
- USAS_BANKACCOUNT
- USAS_BUDGET
- USAS_BUDGETING
- USAS_CASHRECONCILIATION
- USAS_CODES
- USAS_DELIVERYADDRESS
- USAS_DISBURSEMENT
- USAS_DISTRIBUTION
- USAS_EIS
- USAS_EMIS
- USAS_FISCALPERIOD
- USAS_FORECASTING
- USAS_GAAP
- USAS_GENERALLEDGER
- USAS_INTERFUNDCASH
- USAS_INVOICE
- USAS_OPU_REPORT
- USAS_OPU_VIEW
- USAS_PAYABLE
- USAS_PENDINGTRANSACTION
- USAS_PRIVACY_TAXID
- USAS_PRIVACY_VENDOR_ACH
- USAS_PROJECT
- USAS_PROPOSEDAMOUNT
- USAS_PURCHASEORDER
- USAS_RECEIPT
- USAS_REFUND
- USAS_REQUISITION
- USAS_TRANSACTION_ANTICIPATED_REVENUE
- USAS_TRANSACTION_BUDGET
- USAS_VENDOR
USAS_RO role is equivalent to the OECN_USAS_RO (USAS Read-Only) identifier in Classic. The USAS_RO role contains the following permissions:
- ADMIN_AUDITEVENTS_REPORT
- LOGIN
- MODULE_FILE_FISCALYEARREPORT_REPORT
- MODULE_FILE_FISCALYEARREPORT_VIEW
- MODULE_FILE_MONTHLYREPORT_REPORT
- MODULE_FILE_MONTHLYREPORT_VIEW
- USAS_ACCOUNTCHANGEREQUEST_REPORT
- USAS_ACCOUNTCHANGEREQUEST_VIEW
- USAS_ACCOUNTHISTORY_BUDGET_REPORT
- USAS_ACCOUNTHISTORY_BUDGET_VIEW
- USAS_ACCOUNTHISTORY_CASH_REPORT
- USAS_ACCOUNTHISTORY_CASH_VIEW
- USAS_ACCOUNTHISTORY_EXPENDITURE_REPORT
- USAS_ACCOUNTHISTORY_EXPENDITURE_VIEW
- USAS_ACCOUNTHISTORY_REPORT
- USAS_ACCOUNTHISTORY_REVENUE_REPORT
- USAS_ACCOUNTHISTORY_REVENUE_VIEW
- USAS_ACCOUNTMAPPING_REPORT
- USAS_ACCOUNTMAPPING_VIEW
- USAS_ACCOUNTSUMMARY_REPORT
- USAS_ACCOUNTSUMMARY_VIEW
- USAS_ACCOUNTTRANSACTION_REPORT
- USAS_ACCOUNTTRANSITION_REPORT
- USAS_ACCOUNT_CASH_REPORT
- USAS_ACCOUNT_CASH_VIEW
- USAS_ACCOUNT_EXPENDITURE_REPORT
- USAS_ACCOUNT_EXPENDITURE_VIEW
- USAS_ACCOUNT_FUND_REPORT
- USAS_ACCOUNT_FUND_VIEW
- USAS_ACCOUNT_REPORT
- USAS_ACCOUNT_REVENUE_REPORT
- USAS_ACCOUNT_REVENUE_VIEW
- USAS_ACCOUNT_VIEW
- USAS_ACTIVITYLEDGER_REPORT
- USAS_ACTIVITYLEDGER_VIEW
- USAS_ANTICIPATEDREVENUE_REPORT
- USAS_ANTICIPATEDREVENUE_VIEW
- USAS_APPROPRIATION_REPORT
- USAS_APPROPRIATION_VIEW
- USAS_BANKACCOUNT_REPORT
- USAS_BANKACCOUNT_VIEW
- USAS_BUDGETING_REPORT
- USAS_BUDGETING_VIEW
- USAS_BUDGET_REPORT
- USAS_BUDGET_VIEW
- USAS_CASHRECONCILIATION_REPORT
- USAS_CASHRECONCILIATION_VIEW
- USAS_CODES_REPORT
- USAS_CODES_VIEW
- USAS_DISBURSEMENT_REPORT
- USAS_DISBURSEMENT_VIEW
- USAS_DISTRIBUTION_REPORT
- USAS_DISTRIBUTION_VIEW
- USAS_EIS_PENDING_REPORT
- USAS_EMIS_BUILDING_REPORT
- USAS_EMIS_CIVILPROCEEDING_REPORT
- USAS_EMIS_FEDERALASSISTANCE_REPORT
- USAS_FISCALPERIOD_REPORT
- USAS_FISCALPERIOD_VIEW
- USAS_FORECASTING_VIEW
- USAS_GAAP_EXPORT_VIEW
- USAS_GENERALLEDGER_REPORT
- USAS-GENERALLEDGER_VIEW
- USAS_INTERFUNDCASH_REPORT
- USAS_INTERFUNDCASH_VIEW
- USAS_INVOICE_REPORT
- USAS_INVOICE_VIEW
- USAS_OPU_REPORT
- USAS_OPU_VIEW
- USAS_PAYABLE_REPORT
- USAS_PAYABLE_VIEW
- USAS_PENDINGTRANSACTION_REPORT
- USAS_PENDINGTRANSACTION_VIEW
- USAS_PROJECT_REPORT
- USAS_PROJECT_VIEW
- USAS_PROPOSEDAMOUNT_REPORT
- USAS_PROPOSEDAMOUNT_VIEW
- USAS_PURCHASEORDER_REPORT
- USAS_PURCHASEORDER_VIEW
- USAS_RECEIPT_REPORT
- USAS_RECEIPT_VIEW
- USAS_REFUND_REPORT
- USAS_REFUND_VIEW
- USAS_REQUISITION
- USAS_TRANSACTION_ANTICIPATED_REVENUE_REPORT
- USAS_TRANSACTION_BUDGET_REPORT
- USAS_TRANSACTION_BUDGET_VIEW
- USAS_TRANSACTION_CASH_REPORT
- USAS_TRANSACTION_REPORT
- USAS_VENDOR_REPORT
- USAS_VENDOR_VIEW

File Archive View

This role does not contain access to the File Archive Reports. Some reports in the File Archive may contain sensitive information like the Vendor Tax ID. To grant users access to all reports in the file archive, the USAS_FILEARCHIVE role can be granted.

USAS_REQ role is equivalent to the OECN_USAS_REQ (USAS REQ-Only) identifier in Classic. The USAS_REQ role contains the following permissions:
- LOGIN
- USAS_ACCOUNTHISTORY_BUDGET_VIEW
- USAS_ACCOUNTHISTORY_EXPENDITURE_VIEW
- USAS_ACCOUNT_EXPENDITURE_VIEW
- USAS_BUDGET_VIEW
- USAS_REQUISITION
- USAS_REQUISITION_CREATE
- USAS_REQUISITION_DELETE
- USAS_REQUISITION_REPORT
- USAS_REQUISITION_UPDATE
- USAS_REQUISITION_VIEW
- USAS_TRANSACTION_BUDGET_VIEW
- USAS_VENDOR_VIEW
USAS_FILEARCHIVE role may be granted to users who need to view the File Archive Reports. Reports may contain sensitive information related to Vendor Tax ID information.
- LOGIN
- MODULE_FILE_AUDITREPORT
- MODULE_FILE_AUDITREPORT_REPORT
- MODULE_FILE_AUDITREPORT_VIEW
- MODULE_FILE_CALENDARYEARREPORT
- MODULE_FILE_CALENDARYEARREPORT_REPORT
- MODULE_FILE_FISCALYEARREPORT
- MODULE_FILE_FISCALYEARREPORT_REPORT
- MODULE_FILE_FISCALYEARREPORT_VIEW
- MODULE_FILE_MONTHLYREPORT
- MODULE_FILE_MONTHLYREPORT_REPORT
- MODULE_FILE_MONTHLYREPORT_VIEW
- MODULE_FILE_OTHER
- MODULE_FILE_OTHER_REPORT
- MODULE_FILE_OTHER_VIEW

USAS_FILEARCHIVE_MANAGER role may be granted to users who need to view and manage the File Archive Reports. This role includes the ability to delete folders and individual reports from the File Archive. Reports may contain sensitive information related to Vendor Tax ID information.
- LOGIN
- MODULE_FILE
- MODULE_FILE_AUDITREPORT
- MODULE_FILE_AUDITREPORT_REPORT