Roles and Permissions

This article describes dataset permissions in School Passport and how these permissions are acquired by users.

Roles determine what people can see and do in School Passport. There are administrative roles that are designed for people responsible for managing accounts and settings in School Passport. Non-admin roles let people work in School Passport and access key features.

There are following list of possible roles within School Passport:

The District Admin role is typically assigned to staff members who offer assistance to district users. District Admin has administrative control and access to data and settings related to the entire school district. This role grants limited permissions, including the ability to use single sign-on (SSO), browse data, and access records.
District Admin role with Primary permissions (Primary District Admin) is typically assigned to staff members who work closely with courses. This role grants access to all districts at different permission levels. The main difference between District Admin and Primary District Admin is in the ability to manage data sharing. The Primary District Admin has control over accepting the data sharing requests, Terms of Use, and Privacy Policy of GG4L and Ed-Tech Vendors. Learn more about how to get started as District Admin.
Vendor Admin role is the assigned administrator who represents an Application Partner with Ed-Tech software that integrates with School Passport. Vendor Admin has control over the integration between School Passport and their specific product, allowing them to set up rostering, access controls, and other configurations. Learn more about how to get started as Vendor Admin.
Non-Admin roles are assigned to users automatically after adding/updating data in School Passport. These users can log in with SSO and use apps assigned to them, without the ability to manage them. According to roster specification, there are four types of non-admin roles:
- Teacher roles are typically assigned to educators responsible for classroom instruction and student guidance.
- Contact (Parent/Guardian) role is usually assigned to parents or legal guardians of students. They serve as points of contact for communication with the school.
- Student roles are assigned to individuals who are enrolled in educational programs, attending classes, and accessing EdTech apps.
- School Admin role is typically assigned to school administrators and staff responsible for managing the institution's educational technology systems and settings.

Note: You can assign one or more roles to users, based on the functions those users require.

The table below provides an overview of the permissions assigned to each role.

Role	Permissions
District Admin	Run sync. Manage data sharing: duplicates, data quality, and sync issues. Customize application settings: delivery configs, mappings, filters. Create and customize Export/Import, admins, and datasets. Browse data. Access AppStore. Manage SSO and IdP. Manage sync schedules. Grant access to School Passport to different staff, admin, and non-admin users.
Primary District Admin	Includes all District Admin permissions plus the following: Add/remove applications for your organization. Send a data-sharing request to an app. Access School Year or Semester Rollover. Manage organization email notifications. Grant AppStore and Primary permissions. Accept/reject the Privacy Policy of GG4L and Ed-Tech Vendors. Reset password for a separate user.
Vendor Admin	Manage apps. Manage data sharing: data quality or sync issues, mappings. Send data-sharing request to District. Acess API Explorer. Manage SSO.
Teacher	Access and manage SSO apps in their classes. Manage QR Codes. Create bookmarks. Optionally, access to AppStore.
School Admin	Includes all Teacher permissions plus the following: Access and manage SSO apps in their school. Manage users. Access reports. Access Analytics.
Student	Access SSO apps. Create bookmarks.
Parent/Guardian	Includes all Student permissions plus the following: Access Parent Portal.