SchoolDeck

Your Data is Confidential.
Keep it That Way.

A school deals with sensitive data—Finances, Grades, and Staff Salaries. SchoolDeck's Role-Based Access Control (RBAC) ensures that every user sees only what they need to see, and nothing more.

The Principle of "Least Privilege"

Data leaks often happen internally. Why should a Class Teacher have access to the school's Balance Sheet? Why should an Accountant have the ability to change a student's marks?

SchoolDeck comes with pre-configured roles based on the principle of Least Privilege. We ensure strict segregation of duties, protecting the integrity of your institution's data.

  • Custom Roles: Create unique roles like "Exam Head," "Transport Manager," or "Front Desk" with specific rights.
  • Granular Permissions: Define permissions down to the action level: View, Create, Edit, or Delete.
  • Field-Level Security: Hide sensitive fields (e.g., "Salary" or "Parent Phone Number") from junior staff.
RBAC Permission Settings

Real-World Access Scenarios

Our system adapts to your hierarchy. Here is how schools typically configure access:

👨‍🏫 Teachers: Can enter Marks and Attendance.
Restriction: Cannot see Fees, Salaries, or modify locked Report Cards.

💰 Accountants: Can collect Fees and manage Petty Cash.
Restriction: Cannot change Student Grades or access Teacher Profiles.

🎓 Principal/Trustee: "Super Admin" access. View all dashboards, approve sensitive deletions, and manage user accounts.

  • Data Privacy: Ensures compliance with data protection norms by limiting exposure of student PII (Personally Identifiable Information).
User Role Management Dashboard

Audit Trails & Accountability

Security isn't just about prevention; it's about accountability. If a student's grade changes from 'C' to 'A' overnight, you need to know who did it.

SchoolDeck maintains a comprehensive Audit Log. Every critical action—deleting a fee receipt, changing a mark, or editing a student profile—is logged with a Timestamp, User ID, and IP Address.

  • Activity Timeline: "User 'Admin' deleted Receipt #1045 on 12th Oct at 10:45 AM."
  • Login History: Track when users log in and from which device/IP to detect suspicious activity.
  • IP Restriction: Optional setting to restrict Admin logins only to the school network (School Wi-Fi), preventing access from home.
Security Audit Logs

Frequently Asked Questions

What happens if a staff member resigns?

You can "Deactivate" their user account with one click. This instantly revokes access to the app and web portal while preserving their historical data.

Can parents see other students' data?

Never. The system is architected so that a Parent Login is strictly bound to their own child's ID. Data leakage between parents is impossible.

Can I create a temporary role for an Auditor?

Yes. You can create a "View-Only" role for external auditors that allows them to see financial reports but prevents them from editing or deleting any data.

Take Control of Your Data.

Security is not a feature; it's a necessity.