Though in many cases users can be set up and rarely need to be amended, there will inevitably be circumstances in which you will need to edit the accounts, privileges and roles of users. At the end of their time with the Local Authority – or in a commissioned role – you will also need to ensure that you terminate their access to the NCER Nexus system.
Only staff with the Can Add, Delete and Manage Users permission can create, edit and terminate the account of another user within the organisation.
Amendment of user accounts is handled through Admin > Users
Hint:
By default, Admin > Users will display your LA users, but any user has the option to select any other LA. You can only edit and create users within your own LA, but this capability can be useful if you wish to make contact with users in another LA.
When you select a user (in your own LA) details about that user will be displayed including their username, email and any school groups they have been assigned to – some of which can be edited by the Administrator by clicking ‘Edit User Details’ and some are automatically assigned (such as the Local Authority).
Most of these options are self-explanatory but the ‘Default School Group’ option allows you to set a default for the user – which is picked up in reporting - for group options that will appear when the report opens. This saves that user time if their area of interest will usually be a specific group of schools.
Three tabs are displayed at the bottom of the screen:
Communications – this tab is under the control of the user themselves. It allows the user to their communications preferences in terms of what they wish to receive. (NCER recommends that all users subscribe to ‘NCER & Nexus News & Updates’ communications.)
Schools – this tab is visible to anyone with the and editable by anyone with the It allows you to select and add any school in the Local Authority to the user's profile. This allows them to pick ‘My Schools’ when reporting in Nova reports and run reports on that custom grouping or to view them in the Schools tab.
Typically you would use this to help a School Improvement officer or commissioned consultant who is focused on only certain schools and wants to access information on them quickly rather than see all the others mixed in.
For each school added, you can also record the role that the user performs in relation to that school. There is an extensive list of roles, but typically – if you are restricting users to certain schools – ‘School Improvement Partner’ and ‘Consultant’ roles will be more common (particularly if they are commissioned and not an LA salaried employee.) This role is largely for information and has no real effect on the rest of the system.
By clicking the ‘Remove’ link at the end of any line, you can remove existing schools that a user previously had included in ‘My Schools’
Hint:
In some LA's it may need to be an annual or termly task to update and modify this assignment of schools, particularly where that may be a product of the LA’s assessment of risk in the school.
Privileges – This tab is where the user permissions are assigned. You will note that the ‘Type of User’ is specified at the top of this section, with a dropdown pick list. By picking a role for the user the privileges further down the section and automatically populated but they can be amended by ticking and unticking specific permissions.
For more information on this tab, click here.
Terminating a User Account
Nexus users with the Can Add, Delete and Manage Users permission have the ability to choose whether to delete or archive user accounts.
Once deleted, a user’s account cannot be recovered and would need to be set up again if done in error. There is also an option to archive the account (preventing access but can be recovered without re-creating it) as an alternative. This may be appropriate where you are not certain whether the account will come back into use and need to check.
If the account is archived then it will be suspended for 30 days, during which time it can be recovered if it is still required. At the end of 30 days, it will automatically be deleted.
The account can still be deleted outright where you are already certain that the user has left or no longer requires access in a different or changed role.
Regular Review of All Accounts
Due to the requirements of data protection legislation, Local Authorities will wish to ensure that all of their Nexus account holders are:
- Still employed by the Local Authority (directly or in a commissioned role) – remember that standard LA IT account close down procedures rarely include systems such as Nexus or DfE Sign-in systems.
- Still in posts requiring access to Nexus – if a user has changed role they should not be left with access to Nexus just because they have always had it
- Have the ability to see pupil level information (or not) as appropriate to their role – some users with only summary data permissions may benefit from the addition of pupil level data but others may need this taken away – ‘Include access to batch reporting and pupil level reports’ should be ticked/unticked as necessary
- Have access (or not) to CiN / CLA information as appropriate to their role. The addition of CLA permissions should be agreed with the Virtual Head, but if a user no longer supports those functions then the permissions should be reviewed
One indication of whether a user requires access is how long it is since they last logged in. New functionality in the Users screen now allows you to specify users who have not logged in for a user-defined number of months or greater.
No user who has left the employment of the LA will ever have any legitimate reason to access Nexus via an LA provided log-in and if this should ever occur it should be considered a data breach, reported to LA Information Governance for investigation and appropriate action.
Hint:
You should remember that Nexus can be accessed from personal devices from anywhere in the world. As such, the termination of access to the Local Authority network by the ICT team when a member of staff leaves does not prevent them from logging into Nexus. Nexus Administrators using personal devices for 2FA means that an ex-employee with Admin permissions could disrupt, view or modify the system and data held in it. Shutting down the account for leavers is essential and even more so for Admin users.
The NCER Nexus Admin Digest email – received by Nexus Administrators on a weekly basis – includes a section highlighting users who have not accessed the system for some time. The same facility to identify these users exists in the Admin > Users screen where the last login is displayed and a filter for the period since the last login is now available. As a matter of good practice, accounts that have been inactive for more than a year (i.e. more than a full assessment cycle) should be considered for either deletion or archiving.
Comments
0 comments
Please sign in to leave a comment.