Data access objects (DAOs) are a part of Terra Dotta's permission system that allows a site admin to filter access to programs, applications, applicants, and information. Instead of these permissions being specific to the administrative tools themselves, they determine what data the administrator is able to view and interact with using the tools to which they have access.
This article covers the following topics related to Data Access Objects:
Important Note: The Admin Console for Terra Dotta Study Abroad Knowledgebase article contains information specific to how DAOs function in the Admin Console. Refer to the section "Access and Permissions".
Like the standard permissions, DAOs can be assigned both at the individual level and at the user group level. To take action, navigate to Staff > Staff Permissions. From here, you can click the edit pencil next to a user group to make edits to that group, or you can search for a specific user to make edits on an individual level.
There are three groupings of DAOs that can be applied to the user or group:
- Access Restricted to Specific Programs and Applications
- Access Restricted to Specific Profiles and Applicants
- Access Restrictions to Data Objects
Access Restricted to Specified Programs and Applications
There are three types of restrictions under this heading:
- Program Name
- Program Group
Administrators that have these restrictions will only see and have access to the programs and applications to those programs when using the application admin and program admin tools. This is most commonly used to assign administrators as reviewers of specific programs or to provide a third-party program provider with access to only the applications of programs sponsored by that provider.
I assign the "Program Group" data access object of "Asia Programs" to a user. Now, when that user logs in and runs application and program searches, they will only see the programs and applications to programs that are in the "Asia Programs" program group.
Important Note: This restriction does not impact access to the Process Admin tools. Even though a staff member may have program, program group, or sponsor DAOs, if they are given access to a Process Admin tool, they will see all process elements, not just the ones that apply to their sub-set of programs/applicants.
Access Restricted to Specified Profiles and Applicants
There are two types of restrictions under this heading:
- Home Institution
- Applicant Parameter Value
Administrators that have these DAO's assigned will only see and have access to the profiles and applications of users that match at least one of the assigned values when using the Profile Admin and Application Admin. These are most commonly used to provide external administrative access to external applicants as well as access based on profile criteria such as department or college.
I assign the "Applicant Parameter Value" of "Major: Business" to a user. Now, when that user logs in and runs profile and application searches, they will only see the profiles and applications in which the applicant has a value of "Business" for the applicant parameter "Major".
Important Note: Only the following parameter types are options for this type of DAO:
- Multiple Selection
- Single Selection
- Yes or No
Access Restrictions to Data Objects
There are four types of restrictions under this heading:
- Applicant Parameters
- CER: (Multiselect 1)
- CER: (Multiselect 2)
Administrators that have these options assigned to their account will have their views and access to the data filtered to the assigned options. This is most commonly used to restrict views of sensitive user data.
I assign the "Applicant Parameters" values of "Major" and "GPA" to a user. Now, when that user logs in and looks at profiles and runs reports, they will only be able to view and export the applicant parameter values for "Major" and "GPA". None of the other applicant parameter will appear to this user.Using Multiple DAOs
When a user has multiple DAOs affecting their access to a site, the access-level of that user will be a union of all the assigned objects rather than an intersection of those objects. When a user is assigned a DAO, the access is always considered additive to what they can see/access.
A staff member is assigned a program name DAO of "Paris Semester Abroad" and an institution DAO of "Terra Dotta University". When this user logs in and runs an application search for all available applications, they will see:
- All applications to the program "Paris Semester Abroad" (including non-Terra Dotta University applicants).
- All applications where the applicant has Terra Dotta University as their home institution (including non-Paris Semester Abroad applications).
Advising Application Considerations
Any user that has a DAO for either programs or program groups assigned to their permissions will be unable to access the advising applications on the site.
DAOs act as permissions gateways to determine which applications/programs the user has the ability to view/edit. Advising applications are not assigned to a specific program ID and therefore will not be accessible by any users that have these permissions assigned to them.
Should an administrative user be required to function both as an administrator of all applications, but also as a reviewer to a specific program/program group, it may be necessary to have a second login created for the user that allows them to function in the reviewer capacity as it is not possible to configure a single user login with both of these access levels.
It is not possible to configure a user to only have access to the advising applications on a site.