Security
Access Control


Group Description
Access Right
 Add Account to Group
User Group


Capture Score Team
Capture Score Option
 Student Data Access Control Team
 Student Data Access Control Option
 SLP Data Capture Team
 Capture SLP Data Option
Special Team
User Account

Search User Account
 Create Individual Account
 Create Student / Parent Account
Location Access Control
Internet Access Time Profile
Unlock Account
Login Status
Configuration
System Configuration
IP Address Configuration
System Customization
Report & Log
Audit Trail
FMP Audit Trail
Staff Audit Trai



View
Archive
Delete Archived Audit Trail



View
Archive
Delete Archived Audit Trail
Report
Purge Log
View Backup Log



View
Archive
Delete Archived Audit Trail
User Group
 For built-in STUDENT and PARENT user groups, only the pre-defined set of modules /
functions are available for maintaining access rights.
 For module-specific built-in user groups such as CDS_ADMIN and FMP_ADMIN, only the
functions of the corresponding module are available for maintaining access rights.
 New user group can be created by copying from the existing user group. The whole set of
access rights are also copied. However, the users assigned will not be copied.
 Internet Access Time Profile

Setup the internet access time profile(s) and then assign user account(s) to the
profile(s) according to their needs.
 Login Status



All the users having logged-in WebSAMS will be displayed
System Administrator can force a user to logout
User can press the “Refresh” button to display the most up-to-date login status
 IP Address Configuration

Login from a workstation in the ITED LAN will not be allowed unless its IP
address has been recorded in the IP address configuration table
Create Individual User Account
 User Accounts are classified as Staff, Student, Parent or Others.
 The STUDENT and PARENT groups are attached to Student and Parent
accounts respectively by the system. No other groups can be attached to these 2
types of accounts.
 User Code should be entered for Staff, Student and Parent accounts for data
access control. The code entered is Staff Code or Student Registration No.
 Password Expiry Date and Account Expiry Date can be set for each account
 In some modules, data access control is implemented according to “School
Level” and “School Session” attached to a user account.

Create Student / Parent User Accounts
 The user ID for student account is the Student Registration No. while that of
parent account is “G_” plus his/her child’s Student Registration No.
 Student or Parent accounts are created by school or by class in batch. When
the System Administrator batch creates accounts more than once, accounts will
be created only for those students or parents who have no user accounts.
 Password can be User ID, HKID No., Phone No. or random characters
generated by the system.

 User Group





Function access control is based only on User Group
Built-in groups cannot be deleted
For no access right, the corresponding functions at the left menu or the tabs in the main
page will not be displayed.
For no access right to certain actions such as “Add” or “Delete”, the corresponding buttons
will be dim.
A user can be assigned with 0, 1 or more than 1 user groups. Where there are assignments of
conflicting access rights to a certain function, the right with more privileges is used.
 User Account


Student/Parent user accounts can be created by the whole school or class in batch.
After the creation, an account report will be generated and stored in the report repository.
When a student is departed from the school, the corresponding student and parent
accounts will expire immediately. However when a student is graduated, the account will
expire on the last day of the school year.
 Location Access Control

Even access to WebSAMS from ITED LAN or Internet is activated, System Administrator
can limit only a certain modules and functions to be accessed outside WebSAMS LAN.
 System Configuration



All settings will take effect only after the user
re-logins
To allow access to WebSAMS from ITED LAN or
Internet can be set. The default is “access NOT
allowed”.
Normally, user should not modify the paths for
Data Backup, Server Backup and Archive files as
well as the Digital Certificate.

 System Customization



 Audit Trail




The records for adding/removing accounts to
/from user groups of STAFF, FMP and
SCHOOL_HEAD can be viewed or deleted only by
users of SCHOOL_HEAD group.
The transaction records of FMP and Staff
modules can be viewed only by users of
SCHOOL_HEAD group
For each module, the useing of certain functions is
logged.
Audit Trail records cannot be modified

School can upload its own image
files for displaying in the login
page
School can upload its school
logo for displaying in every page
School can upload its school
name image file or enter its
school name in text for displaying
in every page
The color scheme of all newly
created accounts is set here