Can I log in as another staff member?

It is not possible for school staff to log in as another staff member in the same way as you can for students or guardians.

The only way to log in as another staff member would be to log in using their username and password. We would not recommend this for security reasons.

Was this article helpful?
2 out of 6 found this helpful
I'm still stuck!

Comments

4 comments
  • Interesting as James Wetherall said that we COULD do this earlier today on the ArborFest wrap-up.

    It would be tremendously beneficial when supporting staff to be able to log in as them so that we experience Arbor as they do. I would expect that the ability to do this would be tightly controlled as we would need to log when this permission had been used, but it would be great to see some progress on this.

    0
  • Hi Dave Leonard - thanks for this. James was correct in saying this is possible, however, this permission is currently available to our support partners only.

    To clarify the use case: is it that you want to be able to complete a task/see a page that another business role can complete or quite literally navigate the system as another school user? If it's a matter of gaining access to role permissions - we can sort that for you now. If it's the latter instance, why do you feel it's necessary to assume the profile of a user rather than a business role (which offers the same access to their permissions set)? 
     

    There are two reasons we have not released this functionality to school users to date. First, data protection and privacy. By assuming the profile of another user you would have full access to personal information including medical and pay (to name a few). Aside from the obvious fact that most users would not be comfortable with individuals having access to private information, if such information is misused in any way, it could be considered a data breach and Arbor may be held accountable for it's part in that.

    Second, our audit log--which tracks the activity of each user in the system--would feature inaccurate data. This could cause quite a bit of confusion when attempting to untangle issues from both a support and training perspective, particularly if an action is completed unbeknownst to the assumed end user. As you pointed out, we'd expect folks utilise their professional judgement when using such a broad set of permissions (often referred to as 'god mode' by Arborians) but how do we absolutely ensure and safeguard this? Something perhaps we could brainstorm together?

    0
  • More than happy to brainstorm this with you. Drop me an email and we can arrange a time and date if you like. 

    One thing that I would question regarding your two points - if it's OK for external support providers to have access to this function (and therefore have access to personal info & cause audit log confusion), why not our internal support team? Is there scope for us to obtain accreditation from Arbor in a similar way to support providers? I presume that they will be given guidelines to follow when using this mode, and will sign a data sharing agreement for GDPR purposes; if we were to sign up to the same process, with the authorisation of school / trust leaders wouldn't that absolve you of responsibility?

    0
  • Great - I'll write to you now to arrange a time to chat. I can also clarify your questions re support partners but the short answer is yes - we have strict guidelines and a particular way to log/track their specific usage. Let's chat through how this would need to work a bit differently for school colleagues (and therefore why it's not a simple matter of parachuting in that functionality). 

    I do, however, believe this is possible but will take time to implement. Let's chat it through. 

    0

Article is closed for comments.