Table of Contents
PASI Security
PASI has various levels of security to ensure that the right people have access to the right information.
At a high level:
- Access to the PASI Core services is controlled by granting PASI Client System Role to the PASI Client Certificate used by PASI Clients.
- Access to PASIprep functionality is controlled by granting PASIprep User Roles to the users of PASIprep via the Public Authentication System (PAS).
- Access to operational files are controlled using PASI File Active Directory Groups.
- Access to PASI databases are controlled using PASI Database Active Directory Groups.
Access to information about a specific student is controlled via Student Associations.
See PASI Core Security for more information.
See PASIprep Security Overview for more information.
PASI URLs
PASI Client System Roles
See PASI Client System Role for more detail.
- Alberta Health User
- APAS Client User
- Elections Alberta User
- Hello World User
- High School Student Sync User
- K-12 Organization Client
- Limited Access User - High Restriction
- Limited Access User - Low Restriction
- Medical Alert User
- Ministry Client User
- PASI System User
- PED User Role
- PESC Transcript User
- Submit Academic Record User
- Submit Enrolment User
- Submit Student Document User
- Submit Student User
- Submit Transcript User
- Validate Student Identity User
- View Academic Record User
- View Enrolment User
- View Student Document User
- View Transcript User
PASIprep Permission Levels
- PASIprep Level 01 Permission - PASIprep Access
- PASIprep Level 02 Permission - Modify Student
- PASIprep Level 02A Permission - Modify Student Contact Information
- PASIprep Level 02B Permission - Student Notes
- PASIprep Level 03A Permission - Manage School Enrolments
- PASIprep Level 04 Permission - Manage Mature Student Status
- PASIprep Level 05 Permission - Manage ASN Status
- PASIprep Level 06 Permission - View Courses and Marks and view access to Manage Credentials
- PASIprep Level 07A Permission - Manage Course Marks
- PASIprep Level 07C Permission - Manage Historical Course Marks (Deprecated)
- PASIprep Level 08 Permission - Approve Course Mark Values
- PASIprep Level 09 Permission - Ministry Synchronization
- PASIprep Level 10 Permission - Override Warning Work Items
- PASIprep Level 11 Permission - Manage Disclosure Restriction Details
- PASIprep Level 12 Permission - Upload GED Files
- PASIprep Level 13 Permission - Manage GED Exam Marks
- PASIprep Level 14 Permission - Manage GED Exam Registration
- PASIprep Level 14A Permission - View GED Writing Centres
- PASIprep Level 14B Permission - Manage GED Writing Centres
- PASIprep Level 15 Permission - Submit Student Credential Requirements
- PASIprep Level 16 Permission - Submit SCR Exemption Request
- PASIprep Level 17 Permission - Approve SCR Exemption Request
- PASIprep Level 18A Permission - Organizational Group - External Users
- PASIprep Level 18B Permission - Organizational Group - Student Records
- PASIprep Level 18C Permission - Organizational Group - Inclusive Learning
- PASIprep Level 18D Permission - Organizational Group - Assessment Sector
- PASIprep Level 18E Permission - Organizational Group - High School Principal
- PASIprep Level 19 Permission - Manage Credentials
- PASIprep Level 20 Permission - Manage School Years (DEPRECATED)
- PASIprep Level 21 Permission - Access Student via myPass
- PASIprep Level 22 Permission - Manage Student Connections
- PASIprep Level 23 Permission - Manage Exam Sittings
- PASIprep Level 23A Permission - View Exam Sittings
- PASIprep Level 24 Permission - Access PASI Processing Status
- PASIprep Level 25 Permission - Access Diploma Exam Registration screen
- PASIprep Level 26 Permission - View Document Order Items
- PASIprep Level 27 Permission - Manage Document Orders
- PASIprep Level 29 Permission - Manage Student External Credentials
- PASIprep Level 30 Permission - View Payment Items
- PASIprep Level 31 Permission - Manage Payment Items
- PASIprep Level 32 Permission - Manage Student Hold Information
- PASIprep Level 33 Permission - Manage Diploma Exam Registration with fees
- PASIprep Level 34 Permission - View Waived Fees
- PASIprep Level 35 Permission - Manage Diploma Exam Rescores
- PASIprep Level 36 Permission - Manage myPass Settings
- PASIprep Level 37 Permission - Manage PASI Audit Logging
- PASIprep Level 38 Permission - Can Delete Document Order Item
- PASIprep Level 39 Permission - Manage Operational Control Schedule
- PASIprep Level 40 Permission - Manage PASI Usage Agreement
- PASIprep Level 41 Permission - View PASI Usage Agreement
- PASIprep Level 42 Permission - List Credentials
- PASIprep Level 43 Permission - PASIprep Send Message
- PASIprep Level 44 Permission - Manage Student Document Types
- PASIprep Level 45 Permission - View Student Documents
- PASIprep Level 46 Permission - Manage Student Document Submissions
- PASIprep Level 47 Permission - Manage Student Document Access Requests
- PASIprep Level 48 Permission - Dispose Student Documents **OBSOLETE**
- PASIprep Level 49 Permission - Manage Special Cases Adult Equivalency Requests
- PASIprep Level 50 Permission - Manage Student Documents
- PASIprep Level 51 Permission - Manage Student Document QA
- PASIprep Level 52 Permission - Contribute to Student Documents
- PASIprep Level 53 Permission - View Digital Official Document Consumers
- PASIprep Level 54 Permission - Manage Digital Official Document Consumers
- PASIprep Level 55 Permission - Medical Alert Access
- PASIprep Level 56 Permission - Confirm Disposal of Student Documents **OBSOLETE**
- PASIprep Level 57 Permission - View PAT Results
- PASIprep Level 58 Permission - View Home Education Notifications
- PASIprep Level 59 Permission - Manage Home Education
- PASIprep Level 60 Permission - View Home Education Registrations
- PASIprep Level 61 Permission - Manage Organization Email Notification Override
- PASIprep Level 62 Permission - View Diploma Official Mark Blend Weight
- PASIprep Level 63 Permission - Manage Diploma Official Mark Blend Weight
- PASIprep Level 64 Permission - View Documents Eligible for Disposal
- PASIprep Level 65 Permission - Manage Documents Eligible for Disposal
- PASIprep Level 66 Permission - List Operational Reports
- PASIprep Level 67 Permission - Synch Hash Value Calculator
- PASIprep Level 68 Permission - View List Students by Responsible School
- PASIprep Level 69 Permission - View Environment Configuration
- PASIprep Level X Permission - Beta Access
PASIprep PAS Roles
Permitted for Ministry Users
- Admin.PrivacyAdmin PASIprep User Role
- Admin.SysAdmin PASIprep User Role
- BaseRole.BOSS PASIprep User Role
- BaseRole.CertSchoolCompl PASIprep User Role
- BaseRole.ExamAdmin PASIprep User Role
- BaseRole.HelpDeskSupport PASIprep User Role
- BaseRole.Home Education Program Area PASIprep User Role
- BaseRole.ManageOfficialDiplomaExamMarkWeights_PASIprep User Role
- BaseRole.OperationalSupport PASIprep User Role
- BaseRole.RecordsManagement PASIprep User Role
- BaseRole.SchoolFinance PASIprep User Role
- BaseRole.SpecialCases PASIprep User Role
- BaseRole.StudentRecords PASIprep User Role
- BaseRole.ViewOnly PASIprep User Role
- GEDRegistrations.Manage PASIprep User Role
- Level X - Access Beta Features PASIprep User Role
- Manage Organization Email Notification Override PASIprep User Role (1172)
Permitted for Non-Ministry Users
- Approve High School Courses & Marks PASIprep User Role
- Bulk Load Student Document PASIprep User Role
- Contribute Student Document PASIprep User Role
- GEDRegistrations.Manage PASIprep User Role
- Manage Diploma Exam Sittings PASIprep User Role
- Manage High School Courses & Marks PASIprep User Role
- Manage myPass Access PASIprep User Role
- Manage Student & School Enrolments PASIprep User Role
- Manage Student Document PASIprep User Role
- View High School Courses & Marks PASIprep User Role
- View PAT Results PASIprep User Role
- View Student Document PASIprep User Role
- View Student Information PASIprep User Role
Permitted for Delegated Administration
These roles are available for non-ministry users to delegate to users within their organization.
- Approve High School Courses & Marks PASIprep User Role
- Bulk Load Student Document PASIprep User Role
- Contribute Student Document PASIprep User Role
- Manage Diploma Exam Sittings PASIprep User Role
- Manage High School Courses & Marks PASIprep User Role
- Manage myPass Access PASIprep User Role
- Manage Student & School Enrolments PASIprep User Role
- Manage Student Document PASIprep User Role
- View High School Courses & Marks PASIprep User Role
- View PAT Results PASIprep User Role
- View Student Document PASIprep User Role
- View Student Information PASIprep User Role
Data Access Rules
- Associated Organization
- Classroom Accommodation
- Course Enrolment
- Digital Official Document Consumer
- Diploma Exam Mark
- Diploma Exam Sitting
- Diploma Exam Waived Fee
- Diploma Official Mark Blend Weight
- Document Type
- Evaluated Mark
- GED Exam Mark Audit Event
- GED Exam Mark Data Access Rules
- GED Examinee
- Information Disclosure Restriction Data Access Rules
- Medical Alert
- myPass Connection
- Official Mark Audit Event
- Organization Email Notification Override
- Parent/Guardian
- PAT Result
- Responsible School
- Section
- Student Address
- Student Citizenship
- Student Credential
- Student Credential Requirement
- Student Document
- Student Document Quality Assurance
- Student Email
- Student External Credential
- Student Hold
- Student Name
- Student Phone Number
- Student School Enrolment
New Permissions and Roles
Creating a new PASIprep permission
When a new PASIprep permission is required the following steps are to be followed:
- Advise the BA that attends the iTAB meetings to inform the committee of the intent of the new permission and Production delivery date. (part of the Perform GOA System Impact Assessment task)
- Business Support will need to:
- advise the AE Help Desk
- update their documentation
Creating a new Role in PED
When a new Role is required the following steps are to be followed:
- Advise the BA that attends the iTAB meetings to inform the committee of the intent of the new role and Production delivery date. (part of the Perform GOA System Impact Assessment task)
- Request for a PED permission ID (the number that appends the role name)
- use the ServiceNow Portal to submit PED Service Requests https://goaprod.service-now.com/esm?id=sc_home
- provide the following details:
- The Role name
- The Role description
- If it is available to school users and /or Ministry users
- What PASI permissions are in the role
- If this Role is dependent on another role, similar to how 1027 is dependent on 1030 and 1029
- If anyone assigned with this role should also have access to PASIPrep and PASI Community Site links in the application tab (similar to 1027)
- Prod deployment date
- Once the 4 digit code is received the developer will add this to the Role name
- Business Support will need to:
- Submit a request to add this new role to BERNIE
- Need to coordinate with our Prod deployment
- advise the AE Help Desk
- update their documentation
Note: PASI calls these Roles where PED calls them Permissions
also detailed on the Creating a New PED Role for PASIprep page