Local API - Granting Access Permissions to SIMS 7
The most common data exchange application for SIMS 7 from Technical Integrators (TI) takes the form of a scheduled task / service which is run on a server.
To enable access, a user login is required within SIMS System Manager. This user should only be granted the minimum permissions required. We recommend the username should contain a clear inference to the TI or to their product, for example:
- <TI Name> [User] ‘
- <Product Name> [User]
- <TI Name> <Product Name> [User] ‘
An individual user should be set up for each TI / TI Product. This will enable clear identification of all TI users and provide the ability to ensure each TI / TI Product has been granted the minimum level of permissions required. TIs are responsible for identifying the access rights required by their product and may require an account per product if they offer a set of wide-ranging solutions and would normally identify the permission set required during the testing of their product.
To add a user choose the menu route System Manager | Manage Users
Click on New
Please use the guidance above when choosing an indicative name which the school can easily identify later.
The click add to provide the required permission groups.
The set of permissions requested must be appropriate for the the service that the TI is providing, for example an HR system may have full access to staff data but the school / Group / LA should set alarm bells ringing if a request is made for pupil data access or system manager access for the HR System Service Account. The best advice to TI's is to select from the groups which are effectively roles and only select the minimum group. TIs should create users as described here and define and document their minimum viable user which usually helps customers to grant the access request whilst adhering to GDPR best practice.
Don't forget to save!
Windows Users are also supported which removes the need for entering passwords into TI systems which will be stored if this is required.
Once the account is setup, it needs to be tested to ensure it is a 'working SIMS Login'. During that process you will be required to set a password to replace the default password. It is essential that strong passwords are set to ensure that accounts with usually significant access to SIMS systems is correctly and appropriately secured.
Setting strong passwords ensures that security set at a high standard. Please also ensure that these are communicated to technical integrators by a secure means and that it is never shared in the same email as the user name.