Every staff member does not need every field in a student record. Nurses need clinical context; teachers need instructional context; finance may need fee status but not counseling notes. Role-based access encodes those boundaries so human error does not become a privacy incident.
Start with roles, not with people
Define roles such as classroom teacher, department head, registrar, and school nurse. Map each role to read/write permissions for demographics, attendance, grades, health, and discipline. When someone changes jobs, you move their role—not their entire permission list by hand.
FERPA and local policy
Align access patterns with your privacy policy and training. Pair technical controls with family communication practices so external messaging matches internal access rules.
Sensitive categories
Health workflows deserve extra care—see health forms and consent—and document your approach in security and compliance materials for stakeholders.
Reviewing permissions on a predictable schedule
Access drift is real: contractors leave, coaches rotate, and interns gain temporary accounts that linger. Schedule quarterly access reviews tied to payroll or sports seasons. Automate deprovisioning where possible and require managers to confirm ongoing need for sensitive views. Pair reviews with tabletop exercises: what would you do if a device was lost or a password was shared? Document answers in your school management system runbook so incidents are boring, not chaotic.
Separate break-glass procedures for rare emergencies from everyday permissions, and log every elevated access event for later review.
Train staff to recognize phishing and social-engineering attempts that target help desks—attackers often impersonate parents to reset passwords or gain roster access.
Publish a simple chart that maps each role to sample tasks—such as “registrar: transcript” or “nurse: immunization view”—so onboarding stays consistent year to year.
Require multi-factor authentication for any account that can export rosters or download bulk student data, and review those exports monthly for unexpected patterns.