From our many customers in the school segment, we know that hardly any school is like another. For example, there are different pedagogical concepts and framework conditions in the various federal states, which have created a wide variety of roles and task profiles. But that’s not all. In education, we often see ourselves in completely different roles. For example, a teacher can teach at one school, take on administrative tasks at another school, and at the same time be a student at a vocational college. That means that this person fills different roles at each school, and thus also requires different authorizations in each school’s IT landscape. So far, it has not been easy to implement these scenarios using the UCS@school roles and rights model – not to mention individual roles that are only used in special types of schools. Previously, individual solutions had to be developed here, which are error-prone and require maintenance.
We think it is time to break up the existing model of roles. We want to enable school boards and state ministries to create exactly the roles they need themselves, and equip them with a freely defined authorization profile that remains flexible in the future. Of course, we continue to deliver predefined standard roles with UCS@school, with which a variety of scenarios can already be implemented and which can be adapted as needed. This will give you extensive scope for customization. As part of this process, we will be adding a few more new roles to our standard roles, and will include, for example, the roles “guardian” and “helpdesk staff”.
Not an easy task to trim a system for every imaginable role and combination of permissions, but we’re up for the challenge! This applies not only to UCS@school but also to our core product UCS.
A New Concept for Organizing and Evaluating Authorizations
Access privileges determine what a “role” is allowed to see and do. They decide which modules are displayed, which data, for example, a teacher may see from a pupil, or which actions may be performed by a “school admin” as opposed to a “domain admin”.

Exemplary representation of how access permissions can influence the display of attributes in the detail view.