Roles & Permissions

EduCore uses role-based access control to ensure every user sees only the data and features relevant to their responsibilities. This page describes each built-in role and explains how to create custom roles.

How Roles Work

Every user account is assigned exactly one role.
The role determines which modules, pages, and actions the user can access.
Roles are configured at the school (tenant) level and apply across all branches the user has access to.
Built-in roles cannot be deleted but can be used as templates for custom roles.

Role Hierarchy

graph TD
    SA[Super Admin] --> A[School Admin]
    A --> P[Principal]
    A --> AC[Accountant]
    P --> T[Teacher]
    P --> L[Librarian]
    T --> PA[Parent]
    PA --> S[Student]

Permission Summary

Permission	Admin	Principal	Teacher	Accountant	Parent	Student
View Students	Yes	Yes	Own classes	Yes	Own children	Own profile
Manage Fees	Yes	No	No	Yes	View only	View only
Mark Attendance	Yes	Yes	Own classes	No	No	No
Enter Marks	Yes	Yes	Own subjects	No	No	No
View Reports	Yes	Yes	Limited	Financial	No	No
Settings	Yes	No	No	No	No	No

Built-In Roles

School Admin

The School Admin has full, unrestricted access to every module and setting in EduCore.

Area	Permissions
Students	Add, edit, delete, promote, import, export
Fees	Collect, refund, manage structure, view all reports
Attendance	Mark, edit, view all classes
Exams	Create, enter marks, generate report cards
Timetable	Create, edit, manage substitutions
Staff	Add, edit, deactivate
Leaves	Apply, approve, reject for all staff
Library	Full catalog management
Transport	Full route management
Notices	Create, edit, delete
Expenses	Record, edit, delete, view reports
Certificates	Issue all certificate types
Reports	Access all reports and analytics
Settings	Full access — school profile, academic year, classes, subjects, fee structure, grading, users, custom fields

Tip: There should be at least one School Admin at all times. If the only admin account is deactivated, contact EduCore support to regain access.

Principal

The Principal has access to all academic and operational data but cannot modify system-level settings.

Area	Permissions
Students	View, edit (cannot delete)
Fees	View collections and reports (cannot collect or refund)
Attendance	View all classes, mark attendance
Exams	View results, generate report cards
Timetable	View, manage substitutions
Staff	View all staff profiles
Leaves	Approve or reject leave requests
Library	View catalog and reports
Transport	View routes and assignments
Notices	Create and view notices
Expenses	View expense reports
Certificates	Issue all certificate types
Reports	Access all reports
Settings	View only (cannot modify)

Teacher

Teachers have access limited to their assigned classes and subjects.

Area	Permissions
Students	View students in assigned classes only
Fees	No access
Attendance	Mark attendance for assigned classes
Exams	Enter marks for assigned subjects in assigned classes
Timetable	View own timetable
Staff	View own profile only
Leaves	Apply for own leave
Library	No access
Transport	No access
Notices	View notices
Reports	View attendance and exam reports for own classes
Settings	No access

Accountant

The Accountant role is focused on financial operations.

Area	Permissions
Students	View student list and profiles (for fee lookup)
Fees	Full access — collect, refund, manage structure, discounts, reports
Attendance	No access
Exams	No access
Timetable	No access
Staff	View staff list (for staff-related discounts)
Leaves	No access
Library	No access
Transport	View transport fees
Notices	No access
Expenses	Full access — record, edit, reports
Certificates	No access
Reports	Fee and expense reports only
Settings	Fee structure and discounts only

Librarian

The Librarian manages the book catalog and circulation.

Area	Permissions
Students	View student list (for book issue)
Fees	No access
Attendance	No access
Exams	No access
Timetable	No access
Staff	View staff list (for book issue)
Leaves	Apply for own leave
Library	Full access — catalog, issue, return, fines, accession register
Transport	No access
Notices	View notices
Expenses	No access
Certificates	No access
Reports	Library reports only
Settings	No access

Parent

Parents can view information related to their own children only.

Area	Permissions
Students	View own children’s profiles
Fees	View fee status and payment history for own children
Attendance	View attendance records for own children
Exams	View exam results and report cards for own children
Timetable	View class timetable for own children
Notices	View notices targeted to parents or all
All other modules	No access

Student

Students can view their own information only.

Area	Permissions
Own Profile	View only
Fees	View own fee status and payment history
Attendance	View own attendance records
Exams	View own exam results
Timetable	View own class timetable
Notices	View notices targeted to students or all
All other modules	No access

Permission Details

Permissions in EduCore are organized by module and action type:

Action Type	Description
View	Can see the data but cannot modify it
Create	Can add new records (e.g., add a student, create an exam)
Edit	Can modify existing records
Delete	Can remove records (with confirmation)
Export	Can download data as CSV
Print	Can print documents (report cards, receipts, certificates)

Creating a Custom Role

If the built-in roles do not match your school’s structure, you can create custom roles with specific permissions.

Navigate to Settings > User Management > Roles.
Click the Create New Role button.
Enter a Role Name (e.g., “Vice Principal”, “Section Head”, “Front Desk”).
Optionally enter a Description explaining the role’s purpose.
In the permissions grid, check or uncheck permissions for each module:
- Each module lists available actions (View, Create, Edit, Delete, Export, Print).
- Check the actions this role should have access to.
- Use the Select All checkbox at the top of a module to grant full access to that module.
Click Save Role.

Tip: Start by cloning an existing role that is closest to what you need. Click the Clone button next to any role to create a copy, then modify the permissions.

Example Custom Roles

Custom Role	Based On	Modifications
Vice Principal	Principal	Add leave approval, add staff edit
Section Head	Teacher	Add view access to all sections of a class
Front Desk	Accountant	Add student admission, add certificate issuing
Data Entry Operator	Teacher	Add student edit, add bulk import
Transport Manager	Librarian	Replace library access with full transport access

Assigning Roles to Users

Navigate to Settings > User Management.
Find the user you want to modify (or create a new user).
In the Role dropdown, select the appropriate role.
Click Save.
The user’s access will update immediately — they may need to refresh their browser.

Tip: When a teacher is promoted to Vice Principal, change their role instead of creating a new account. Their login credentials remain the same, but their access expands.

Role-Based Dashboard

Each role sees a tailored dashboard. The metric cards, recent activity, and attention items are filtered based on what is relevant to that role. See Navigating the Dashboard for details.

Best Practices

Use the principle of least privilege. Give each user only the access they need. A teacher should not have access to fee data unless they have a specific reason.
Review roles periodically. At the start of each academic year, review who has which role and adjust as needed.
Do not share accounts. Each person should have their own login. This ensures the activity log accurately shows who did what.
Deactivate, do not delete. When a staff member leaves, deactivate their account rather than deleting it. This preserves the audit trail.
Test custom roles. After creating a custom role, log in as a test user with that role to verify the permissions are correct.

EduCore — User Guide