User Maintenance
Overview
The ‘User Maintenance’ program allows your school’s TASS.web administrator to create and maintain TASS.web User Accounts. It can also be used to establish and maintain user permissions for individual users (when they are not part of a Security Role Group) and to generate a report listing users with permissions in specific areas.
This program can be accessed by navigating to TASS.web System Admin > Users.
About TASS.web User Security Permissions
There are three ways for a school administrator to set user permissions in TASS.web:
Option 1: Assign permissions to individual users in TASS.web System Admin > Users > User Maintenance.
Option 2: Create a 'Security Role Group' with appropriate permission points in TASS.web System Admin > Users > Security Role Permissions, then assign users to the Role in TASS.web System Admin > Users > Assign Security Roles. Each user assigned to a role will inherit the permissions associated with that role.
Option 3: Use a combination of both roles and individual permissions for the user. To do this, follow the instructions in Option 2 above, then go back into TASS.web System Admin > Users > User Maintenance to enter additional permissions for the user.
Role-based permissions simplify maintenance. Assigning a user to a role automatically grants the required permissions, enabling quick operation in TASS.web.
Check out the ▶️ System Admin Licensing and Users Video for more information.
Important!
Only users with TASS.web administration permissions can access this program. Schools must establish procedures to control user access for data security purposes.
To obtain user permissions for a specific TASS.web program area or to extend your existing functionality, please contact your school’s TASS.web administrator.
User Security Permissions
Access to this program is controlled by the ‘User Maintenance’ security point in TASS.web System Admin > Users > User Maintenance or TASS.web System Admin > Users > Security Role Permissions.
To access the ‘Employee Mappings’ tab, users must have permissions applied to the ‘---Employee Mappings tab’ security point.
Contact your school administrator for access.
About User Maintenance
A TASS.web user can be registered to operate in one or more of the following 'areas' within the TASS.web software:
Financial Administration (FIN).
Payroll/HRM (PHR).
Student Administration (SAD).
When a user registers in an 'area', the system consumes one user license from that 'area'.
The initial 'User Maintenance' screen displays the school's current licence registration information at the top of the User Grid.
Example
In the example directly above, the school is licensed for:
32 Financial Administration licences (FIN), of which 19 have been registered against users
32 Payroll/HR licences (PHR), of which 18 have been registered against users
32 Student Administration licences (SAD) of which 20 have been registered against users.
A 'Y' appears in these columns when the TASS.web user account has a license assigned.
The system will prevent a user from registering in an area when the school does not have enough licences. When this occurs, a warning message stating “The maximum number of licensed users for this area has already been allocated” will be displayed.
Licences can be removed from a user when that user no longer needs to access TASS.web (or an 'area' of TASS.web). To remove a licence, edit the user record and un-tick the appropriate checkbox (or checkboxes) in the 'Licence Registrations' section on the 'General' tab.
The root user has access to all areas and does not take up a licence.
Refer to TASS.web System Admin > Utilities > TASS Licencing for more information about licenses.
TASS.web prevents multiple PCs from logging in to the same user account simultaneously. When a user logs into TASS.web from another PC, it automatically terminates all other sessions for that user on the other PCs. However, the system does allow multiple logins from the same PC.
Adding a New User
To create a new TASS.web user account, click the 'New' icon at the top of the User Maintenance landing page. See the 'General Tab' section below for details, then click 'Save'. After saving, the 'Company Tab' and 'Employee Mappings Tab' become available. See the sections below for more information.
Viewing and Editing a User
To 'View' or 'Edit' an existing TASS.web user account, click the relevant link in the 'Action' column.
The ‘Login History' link in the Action column displays this user's TASS.web login history, including the Date, Time, LDAP/SAML Username, Login Status, Company and Remote IP Status. The 'TASS.web Login History’ pop-up shows the last 25 logins. Click the 'Print All' button to generate a listing of this user's entire login history.
User Security Permissions
The ‘Login History' link requires the 'View' permission for the 'User Maintenance’ security point in TASS.web System Admin > Users > User Maintenance or TASS.web System Admin > Users > Security Role Permissions.
General Tab
User General Details | |
User ID | Enter a User ID code. It can be alphanumeric, up to 8 characters. This is the code that the user will use to log on to TASS.web when LDAP/SAML is not enabled. TASS recommends using unique User ID codes that do not match any previously used TASS.web ‘User ID’ codes from User Maintenance, ‘Employee Codes’ from Employee Records and ‘Teacher Codes’ from Teacher Records. |
Name | Enter a user name for the TASS.web user account. This is a 40-character field. |
* Password | Enter a Password for the user account. The minimum password length is ten (10) characters. The maximum password length is one hundred (100) characters. This is the password the user will use to access TASS.web when LDAP/SAML is not enabled. TASS.web supports mapping for individual users to an LDAP directory structure or SAML. An LDAP mapping allows maintaining password security using the features available in Microsoft Active Directory, Novell eDirectory, or Apple Open Directory. If SAML is enabled, the user will be automatically logged into TASS.web if their credentials have already been authenticated in another application. See the ‘LDAP/SAML Maintenance’ article for more information. Important! When LDAP or SAML is enabled, you must enter a password in this field, even though it will not be used. |
* Company | This will determine the default school (company) for this user. If this user will work in multiple schools/companies, you will need to assign them on the 'Company' tab in this program. When creating a new user, the ‘Company' tab becomes available after you click the 'Save' button on the 'General’ tab. Only companies assigned to your TASS.web user account appear in this picklist. |
* Language | English is the only option available at the moment. |
TASS.web Home | This is an optional field. This area is used to determine the user's default home page. Example You could make this your school’s website. Users can change their TASS.web homepage preferences from the TASS.web User Interface > ‘Bookmarks’ tab by bookmarking a page and selecting the ‘Homepage’ checkbox. |
Enter the user's email address. | |
Phone | This is an optional field. Enter the user's contact phone number. |
Licence Registrations | |
Financial Administration User | Tick this checkbox if this user is to be allocated a Financial Administration Licence. The TASS.web Finance modules included in this licence are: User access to programs in these modules depends on the User Security Permissions assigned to each user in TASS.web System Admin > Users > User Maintenance via the 'Permissions' link or in TASS.web System Admin > Users > Security Role Permissions. To grant user access to this module, your school must be licensed for this module in TASS.web System Admin > Utilities > TASS Licencing. |
Payroll/HRM User | Tick this box if this user is to be allocated a Payroll/HRM Licence. The TASS.web Payroll HRM modules included in this licence are: User access to programs in these modules depends on the User Security Permissions assigned to each user in TASS.web System Admin > Users > User Maintenance via the 'Permissions' link or in TASS.web System Admin > Users > Security Role Permissions. To grant user access to this module, your school must be licensed for this module in TASS.web System Admin > Utilities > TASS Licencing. |
Student Administration User | Tick this box if this user is to be allocated a Student Administration Licence. The TASS.web Student Admin modules included in this licence are: User access to programs in these modules depends on the User Security Permissions assigned to each user in TASS.web System Admin > Users > User Maintenance via the 'Permissions' link or in TASS.web System Admin > Users > Security Role Permissions. To grant user access to this module, your school must be licensed for this module in TASS.web System Admin > Utilities > TASS Licencing. |
The system will prevent a user from registering in an area when the school does not have enough licences. When this occurs, a warning message stating “The maximum number of licensed users for this area has already been allocated” will be displayed. Refer to TASS.web System Admin > Utilities > TASS Licencing for more information.
Click the 'Save' button to save your changes.
When creating a new user, the ‘Company' tab becomes available after you click the 'Save' button. This is where you can add access for additional schools/companies for this user when your school is operating in Enterprise Mode.
Company Tab
The ‘Company’ tab is where you can add access to additional schools/companies for this user.
Company details can be maintained in TASS.web Finance > General Ledger > Setup Information > Company Information.
The ‘Unassigned Companies’ section lists companies the user cannot access, while the ‘Assigned Companies’ section lists companies the user can access.
To change user access, select the company name, then use the ‘Selected’ buttons to move the company to the appropriate section. Click ‘Save’ when complete.
This is a multi-select field. Hold the 'Shift' key while clicking to select a range, and hold the 'Ctrl' key to select additional fields individually.
Companies that you do not have the authority to assign will appear in grey and cannot be moved between sections.
The root user will have access to all companies.
Important!
User Maintenance records are global across all companies. License registrations and user security permissions assigned to a user in one company apply to all assigned companies.
Employee Mappings Tab
The ‘Employee Mappings’ tab establishes connections between TASS.web User Accounts and their Employee Record to enable specific features.
User Security Permissions
The ‘Employee Mappings’ tab displays to users who have the ‘Employee Mappings tab' permission point located in the 'Administration' section of TASS.web System Admin > Users > User Maintenance via the 'Permissions’ or TASS.web System Admin > Users > Security Role Permissions.
Example
Payroll, HR, or relevant staff must have their TASS.web User ID mapped to an Employee ID to edit or cancel Employee Leave applications imported from Staff Kiosk.
The grid lists each company that the User has access to on the ‘Company’ tab.
Click ‘Edit’ next to the relevant company. Enter the user's ‘Employee Code’ in the ‘Employee Code / Name’ field if known, or click the binoculars icon to search and select from the Employee list. Click 'Save’ when complete.
You can only modify mappings for companies assigned to your TASS.web User Account in TASS.web System Admin > Users > User Maintenance on the ‘Company’ tab.
Deleting a User
You can delete a TASS.web User Account, but it is not required each time a user leaves the school.
TASS recommends retaining all user records to identify the full name of the user who last updated a record or processed a function in your system. Best practice is to remove all User Security Permissions for that user while keeping them in the system.
Important!
Never reuse the ‘User ID’ of a deleted user.
Each user record is linked to added or edited records, as well as Audit Log processes, in your database. Deleting a user removes this data from your system.
To delete a TASS.web User Account, navigate to the User Maintenance screen and click ‘View’ or ‘Edit’ in the Action column. Then, select the 
‘Delete’ icon at the top of the screen.
Setting Permissions for a User
The ‘User Maintenance’ program landing page displays a list of current users. Click ‘Permissions' in the Action column to add or modify an individual’s TASS.web user security permissions.
Information about security points and their access controls is detailed in program articles within the TASS Knowledge Base. If you cannot find details about a specific security point, contact TASS Customer Care for assistance.
User security permissions can be applied in bulk using Security Role Groups. You can define users assigned to each group in TASS.web System Admin > Users > Assign Security Roles. Then, define the Security Role and permission points for each group of users in TASS.web System Admin > Users > Security Role Permissions.
The ‘User Permissions’ screen lists all TASS.web security points grouped by module. It displays security points for all modules and program areas, even if the user lacks a licence on the ‘General’ tab. You can assign permissions, but the user cannot access that area without the appropriate licence registration.
Each security point has columns labelled 'View', 'Add', 'Edit', and 'Delete' on the right side of the screen. We call these 'permissions'.
You can select each security point and permission combination for this user individually.
As a quicker alternative, use the 'Fill Down' arrows to assign this user's permissions to all modules or to a single module. Please note that there is a difference between the fill-down icon for all modules and that for a single module.
Example
When an 'R' appears next to a permission, it indicates the permission derives from the user's assigned 'Security Role' in TASS.web System Admin > Users > Assign Security Roles.
You cannot remove a security point permission derived from a role (marked with an 'R'), but you can add permissions for those not derived from a role (without an 'R').
In other words, you can add selected security point permissions for a user to complement the ones they automatically get from a role assigned to them.
For details on assigning users to a role, see the article for TASS.web System Admin > Users > Security Role Permissions.
Click ‘Save’ to record the user's account permission change in the database.
User Permissions Listing
To generate the ‘User Permissions Listing’, click the 'User Permissions' icon on the User Maintenance landing page. This listing shows the TASS.web Security Points and Permissions assigned to each user.
On the ‘General' tab, select the user permission 'Modules’ to include in the report.
The modules correspond to the headings shown when modifying Individual User Permissions or Security Role Permissions.
You can generate a User Permissions Listing for Parent Accounts, Accounts Payable, Purchasing, General Ledger, Fundraising, Fixed Assets, Commercial Debtors, School Shop, Enrolments, Parent Records, Student Records, Student Note Categories, Timetable, Teacher Records, Attendance, Medical Reports, Academic Reporting, Extra Curricular, Past Students, Book Hire, Boarders, Equipment Hire, Employee/HR, Payroll, Administration, Community Plus, or Listings.
On the ‘Print’ tab, select your preferred sort order: User ID or Module. Excel is the only export option.
Click ‘GO’ to generate the report.
This report may take a few minutes to generate. When the report has been generated successfully, the file download should start immediately. The browser may prompt you to accept the download of this file.
This listing exports to Excel with columns for Module, Security Point, Permission, User ID, and User Name.