Access levels

Who sees who? You can arrange that in Cirrus. This page explains how that works.

Cirrus offers the possibility to setup roles which define the level of access and permission for your users. In other words: 

• Roles define what users can see and do in the system.

Access levels for user management in Cirrus

The role type defines how much power a role has over other role types. Each (custom) site role you define has to be connected to one of four role type:

• System Admin
  • Admin
    • Author
      • Candidate

So if you create a new site role, you can select 1 of 4 role types. Your Role type regulates what type of users you can add / edit: 

This means for example that someone with a lower level permission will not be able to change anything from someone with a higher Role. 

In other words:

• Someone with a lower role type cannot change the settings or role of someone with higher role type, for example Admins cannot change System Admins.
• Someone with a lower role type cannot add users with a higher role type. I.e. an Admin cannot add a System Admin user.
• An Admin cannot promote him/herself to System Admin. They can create other Admins within their groups but only a System Admin can grant these new admins the permission to start creating users in certain hierarchies and below.
• The default Role Type when creating new (custom) site role (under Admin > Roles) is set to the lowest level (Candidate).
• Remember: you can always up- or down-grade a custom role.
• Users with role type System Admin are set as administrators (Administrator check-box is set) in Root hierarchy and all other hierarchies of the site initially. It is up to the customer to customize and maintain this.

Admins versus group or deputy admins

System Admins in Cirrus can deputise the user management for groups within your hierarchy. To do this you go to a selected users profile and check the groups he/she should be able to administer.

• Go to Admin > Users > Cirrus invigilator > Hierarchies > checking the Administrator check boxes for those groups the user should be able to administer:

• If a user is set as 'Administrator' for a group, he/she can only add and manage users from that hierarchy level or below.
• Only 'System Admins' can set this permission. Admins, Authors and Candidates can only view these permission if their Role (as defined by you) allows access to Admin > Users.

Let look at an example:

John Snow is added as an 'Administrator' to Test Center 2 by a System Admin. This means John kan manage users from that level and below:

• Test center 1
• Test center 2
  • Group 1
  • Group 2

John is added as Admin to Test Center 2. This means that he can only see and add users to the hierarchy levels shown in bold. He is only allowed to add/import users from the level he is an administrator and below. He can view users from this hierarchy, can edit/delete only users from his hierarchies.

Remember: as an 'Admin' type John is not able to change his own role to system admin. He can also not add new system administrators. He is able to add Admins though. He can see the 'Administrator' check boxes, but he cannot use them.