User accounts are the primary method for granting and preventing access to the system. All user accounts are assigned to at least one organization. User accounts also contain a user's personal and system-related information such as their user ID and email address.
The organization to which a user account belongs defines what data the user will be able to view and manage. Each user account has a user role(s) and a set of permissions associated with it.
A user can only access data for their assigned organization(s) and the data for any organizations lower in the hierarchy. For example, if the user account is assigned to a school, the user only has access to data for that school. If the user account is assigned to a district, the user can access district data, as well as data from all the schools assigned to that district.
See Create and Edit User Accounts for information about viewing user accounts.
You can learn more about tasks and how to perform tasks by viewing additional information as described in Perform Tasks.
This section tells you how to manage user accounts.
- Create and Edit User Accounts
- User Account Data Fields
- Disable and Enable User Accounts
- Delete and Restore User Accounts
- Reset Passwords for Users You Administer
User accounts for training and operational sites use the same login and password. However, before a user account can be used to access data, the user account must be assigned to an organization. Other details are also site-specific such as the role and permissions assigned to the user account.
When you create a user account, it is assigned to an organization in only the one site in which you created the account, such as the operational site. For the user account to be used in the other site, for example, the training site, the account must also be assigned to an organization there. You must do this even if you are giving the user account access to the same organization in both sites. This is similar to when you use your account from a social media site to login to another site; the social media account is only used to authenticate your identity while other data about you is stored locally in the second site. So, if you want a user account to be available on both sites, then after you create and set up an account in one site, go and log in to the other site, use search to find the user account, and enter the rest of the user account data into the account on the second site.
For example, StateCustomer has an operational site and a training site. An administrator in StateCustomer creates a user account for TeacherUser in the operational site and assigns that account to the LocalSchool organization in the operational site. Even though the TeacherUser account exists in the shared login system, so far it can only be used in the operational site. Why? Because the two sites contain different data, stored in locations that are isolated from each other, and TeacherUser has not yet been assigned to an organization in the training site.
Data in the shared login system include username, password, and related account metadata, such as the last date the account was used to log in and whether the account is active. This metadata is not site-specific. Metadata updates resulting from actions in either site are stored in the shared login system and the metadata updated affects both sites. For example, regardless of which site you visited most recently, the time and date you most recently logged in will read the same from either site.