Trying to think through access issues with a school app

I am about to get started on an app for a small private elementary school, to manage their enrollment and other issues. I’ve built apps like this before (mostly in FileMaker) so I don’t have big problems with most of the data-modeling issues. But I am not sure how, in Tadabase, to control user access the way I’d like.

Staff members of the school will have normal email + password logins providing them with more-or-less complete access. I know how to set that up. What I’m wondering about is giving limited access to parents.

If I were going to give parents normal logins (email + password) I wouldn’t have a problem: I’d know how to do that, and how to restrict what they see based on what records are connected to them. But I’m wondering if it would be possible to obviate the need for a parent to have a password or passphrase. What I’m thinking is,

  1. Parents go to the Parent Login page and enter their email addresses
  2. Tadabase (well, my app) then sends a time-sensitive code to their email address.
  3. They provide the code, and they get in.

This basically pushes the problem of user authentication back to their email provider, which would (I think) be fine.

Is this possible in Tadabase? I know that Tadabase already does something like this for me as developer. I have enabled 2FA, so after I provide my email address and password, I have to get a code through my email. But what I’m asking about is, would it be possible to do this without demanding that the user provide a password?

If it’s possible: Is this a reasonable and secure approach? Is there a better approach that I’m overlooking? Any security risks here I’m overlooking?

William

Hi William,

This is just an off-the-cuff idea that may or may not help you. If you had a list of parents’ email addresses, you could add them to your Users table with the Parent role. Then the parents would be able to log in by using the password reset and set their own passwords.

Best regards,
Henry

Hi William,
Do you mean a system generated password which can be kept and used as the parent login credentials rather than forcing a new password.

I used the school template last year, im keen to know how you will build the class attendance register and how you will store the records for the end of year student reports.
.

Thanks, Henry. Yes, this I’d thought of already and I think it would indeed work. I’m just a little nervous about what happens when parents forget their credentials. If they forget their password but they do know what email they used to sign up, they can have a new password mailed to them. But if they forget what email they used? I don’t want them to be calling the school (or me) for resets all the time.

This is probably the way to go. But as I’m just getting started I thought I’d try to think this through in advance and find out if I have any options. Maybe not. :slight_smile:

Thanks.

Thanks, Shumon. What I’m thinking about is a system-generated TOTP but one that is generated immediately after the parents enter their email addresses, so they are NOT required to remember a password or passphrase. As it’s a TOTP, it would be different each time they login (which I don’t expect to be daily or even weekly).

I’ve seen this used in many systems, including (if memory serves) the Tadabase community, maybe not now but in the past. It pushes the authentication process over to Gmail or Outlook or whoever they use for email.

I’ll try to remember to report back here after I get something built. And I’m grateful to you for mentioning that a school template exists. I hadn’t even thought of that! I’ll check that out this weekend.

THANKS.

Hi William, there are 2 templates. ‘Online Course Registration’ and ‘Student Grades and Attendance’ both were useful as baseline but in the end I had to create alot of it from scratch, which is normal i guess becuase everyone’s requirements will vary.

My table relationship is attached below incase you find it useful.

I found the class attendance register to be most challenging, thats why i was asking you the other day…im sure others will have a better design than mine but I got there in the end by creating an instance ( session ) of a blank enrolment then appending the register data to a archive table which holds the historical attedance records. There were couple of ‘Task’ actions attached to the submit button and resent button which clears the register after data is submitted to archive table. These tasks are also automated to run daily so that each time teacher opens the register is ready without the need for teacher to press ‘reset’ button.



Gosh, thanks for that detailed description of your project, which I find interesting. More complex than my project will be at the beginning. For one thing I don’t know what I will need to track attendance.

I couldn’t tell from your description: Did you create an attendance record for every student for every class for every day, and then mark that record “Present” or “Absent”? That would create records at a pretty rapid rate. I think I’d be more likely to track absences only. But curious how you did it.

Also if you have another second to explain, what’s the “Archive” table you referred to?

Yes William, just like normal register at school every class and every student every day. I used ‘Present’ = 100 and ‘Absent’ = 0. These numbers were used to calculate average attendance as part of end of term/year parents report. The archive table is good practice technique i use to tag data which can be deleted or exported to keep the tb db small as possible. For example at the end of the school year all the attendance records can be taken out of tb after a given process is completed.

Sorry William regarding the Archive table I gave the wrong explanation. In the context of the school application the archive table is the ‘Attendance’ register itself. which holds all records for all students all class all days.

@Shumon, thanks for the follow up. Always appreciate it when someone does that.

William