Prepare to map roles
Overview
Role mapping in MyPowerHub can be based on:
PowerSchool SIS roles
PowerSchool SIS security groups
Customized PowerSchool SIS roles
Any combination of PowerSchool SIS roles, PowerSchool SIS security groups, and customized PowerSchool SIS roles
Before you begin mapping roles for your OneRoster integration, follow these steps to confirm how your district manages roles and security groups in PowerSchool SIS.
1. Identify how your district assigns roles
Review the Admin Access and Roles page and note the role or security group assigned for:
A district-level admin
A principal
2. Check for PowerSchool SIS roles
Determine if your district uses PowerSchool SIS roles to identify system administrators.
If yes:
Confirm the role is only assigned to system administrators.
If no:
Confirm whether security groups are used to identify system administrators.
A PowerSchool SIS user access role can only be mapped to one OneRoster role.
3. Check for PowerSchool SIS security groups
Determine if your district uses security groups to identify system administrators and principals.
If yes:
Confirm the security group is only assigned that role type.
If no:
Consider creating custom SIS roles for these user types.
A PowerSchool SIS security group can only be mapped to one OneRoster role.
When mapping security groups, the OneRoster role applies only to schools listed in Account Access and Affiliations. If a user needs access to an additional school, add it to School Affiliations to apply the mapped role.
4. Determine if you need custom PowerSchool SIS roles
Create custom roles if:
Your district’s existing roles aren’t unique enough to match OneRoster roles.
Your security groups include a wide range of user types.
Add the customized role to all users who should have those permissions in MyPowerHub.
5. Understand default role assignment
Users in a user access role or security group not mapped to a OneRoster role will be assigned the Staff role in MyPowerHub.