Access to data on records in Veracross is controlled by security roles. Users are assigned security roles based on the level of access and update privileges they need in order to input/edit data on records. Many records also contain a “Files” tab, from which it is possible to upload files containing additional data such as immunization records, enrollment contracts, transcripts, etc. Although the record’s data is protected by security role restrictions, many schools find additional security is necessary for files that are uploaded to records. Schools may use the Veracross File Security management tool to help assign file view access.
Veracross File Security is managed through File Classifications. File Classifications are “tags” assigned to files at the time they are upload that allow view access only to those with the security role(s) associated with the File Classification. When files are uploaded to records, all File Security options, or the list of File Classifications the school has configured, will be available to assign from the Veracross File Uploader. This ensures that as files are uploaded, those who should have access to the files are simultaneously granted viewing permission. Please note, that this security provides view access only to files attached to records. Only Sysadmins have the ability to remove files.
Note: This article details the file security and permissions within Axiom. Student files may be published to the parent portal on a file-by-file basis. Read more about that here.
Configuring File Security
Security configuration for File Classifications is understood in terms of the “security context.” Schools are able to select from a list of security roles and pull their desired roles into the “Active Security Contexts.” This ensures that all users who have that security role assigned to them will be able to view the file. Security roles in the “Available Security Contexts” have two functionalities. The first is by someone’s relationship to the location of the file, or a user’s reasonable access to files based on their relationship to that file. All classifications falling within this context are denoted by an “S” prefix to the security role. An example of this kind of a classification is any files with the classification “S: Student’s Teachers'” means that any teachers of that student that year can view the file.
The second context is by specific security role, which is denoted by an “R.”
Each school also has a list of standard File Classifications which they can configure. The standard File Classification files are:
Use this classification to tag unrestricted files. This name can be changed to whatever the school would like to name their generic file classification. Although this classification may be seldom used, it is a good idea to have at least one generic file classification that can be used to tag unrestricted files.
- Enrollment Contracts
Use for all Enrollment Contracts uploaded to re-enrolling or enrolling students’ records.
Additional File Classifications may be added to encompass all of the school’s access needs to each type of file uploaded to records.
To Add a New File Classification
- From the System homepage, select the “+ Add” button and then “File Security” at the bottom of the list. This will open a New File Classification record.
- Enter the name of the file type in the “Description” field (e.g. Health, Transcripts, Admissions, etc.). This is will appear in the file type dropdown in the Veracross File Uploader when the file is attached.
- The table name corresponds to the record on which the file is being attached. Enter the name of the appropriate table in this field. A common example of a table that may be entered is the Person table, if the file is being attached to a person record (such as an applicant, a student, etc.). Ask your Account Manager for help with this field if you are unsure what to enter.
- Add the File Classification (note: the Security tab will remain unavailable until the new Classification is added).
- On the Security tab, click to add the security role from the list of “Available Security Context” column to “Active Security Context” column. All security roles in the active column will have access to the uploaded files on records.
- Update the File Classification.
The classification will now be available in the dropdown menu in the Veracross File Uploader.
Only tables that contain records will be available to select and apply to the new File Classification.
Uploading Files with File Security
Schools may upload files to records using the Veracross File Uploader. The File Uploader is best access directly from the Files tab of whatever record the document is being attached to.
- From the “Files” tab on a record, click on the Attach Files link. This will launch the file uploader in a web browser.
- Select the green “Select Files” button and find the desired file on your computer.
Please note: The recommended file size is under 10 MB. Larger files can be uploaded, but will take longer. The maximum file size that can be uploaded using the VC File Uploader is 100 MB.
- From the dropdown, select the appropriate File Classification that applies to this file. This dropdown is the list of all File Classifications that have been added in Axiom. Choose the file classification that pertains to the group of users that should have view access to this file. If restricted access is not necessary, select the “Uncategorized” option (please note, schools will likely change the name of their ‘Uncategorized’ option, so select the appropriate non-user specific classification from the list to keep the file freely accessible to everyone).
- Add any necessary notes or comments.
- Upload & Save.
Accessing Uploaded Files
Once a file has been uploaded, the file will only be accessible from the “Files” tab of a record for those with the security roles assigned to the specified File Classification. Please note that once a file has been uploaded and assigned a classification, it is not possible to change the file classification.
Those with access will be able to view and download the file. Please note that the “Download” link on the “Files” tab represents a tokenized URL, and after it expires, the page will need to be refreshed before the file can be downloaded. Users that navigate to the “Files” tab without the proper security roles will be able to view that there is an attached file on the record but are unable to access the “Download” link or view the file contents.