What this guide covers
- the difference between teacher, coordinator, and admin access
- how private, linked, and pending school states change what a user can see
- which role checks are used before student, evidence, and export data is returned
Quick answer
Superadjust does not use one broad access rule for everyone. The backend checks both role and school context before returning student data. Teachers see their own workspace data, coordinators see school-level data in the same school context, and admins have separate global access that is different from coordinator workflows.
Step 1: Understand the core roles
Superadjust does not use one broad access rule for everyone. The backend checks both role and school context before returning student data.
- Teacher: can access their own workspace data first.
- Coordinator: can access school-level data in the same school context and manage approval, nomination, archive, and export actions where the controller allows it.
- Admin role: the global admin path is separate from school coordinator access. In the backend this appears as a superadmin role, not a normal coordinator account.
Important distinction: A school coordinator is not the same thing as a platform-wide admin.
Step 2: Know what each role can see
Row-level access is narrowed in the controller, not just by login status.
- A private teacher can see their own students, evidence, archives, and exports, but not other teachers' records unless a direct student link exists.
- A linked teacher can see their own students and any student linked to them through an active student_teachers relationship.
- A coordinator can see same-school students and teachers when the owning teacher is actually school-linked and not just pending or soft-linked.
Shared logic: The same owner, linked-teacher, and same-school coordinator logic is reused across student detail, profile, progress, archived evidence, and export flows.
| Role | What They Can Usually Do | Important Limit |
|---|---|---|
| Teacher | Own students, own evidence, own exports | Cannot see school-wide records without a valid link or school-level permission |
| Linked teacher | Own students plus linked students | Still limited by active links and school approval state |
| Coordinator | Same-school students, nominations, archives, school-mode exports | School-only scope; not the same as a platform-wide admin |
| Admin / superadmin | Separate global admin subsystem access | Different from normal teacher and coordinator workflows |
Step 3: Check role and status together
Role alone is not enough. School membership and approval state also affect access.
- The backend checks fields such as school_id, pending_school_id, status, awaiting_approval, and is_school_coordinator.
- Statuses such as linked, soft_linked, owner, and pending change how a teacher is treated at read time and write time.
- A teacher can be visible in their own workspace but still not count as a fully approved school member for coordinator-level access.
This is why two users with the same visible role can still have different access until approval is complete.
Access Matrix by Role
| Feature | Teacher | Coordinator | Admin |
|---|---|---|---|
| Own students | ✓ | ✓ | — |
| Linked students | — | ✓ | — |
| School-wide students | — | ✓ | — |
| Own evidence & exports | ✓ | ✓ | — |
| School-mode exports | — | ✓ | — |
| Confirm nominations | — | ✓ | — |
| Unarchive evidence | — | ✓ | ✓ |
| Global admin access | — | — | ✓ |
Approval status and school link still affect final visibility for all roles
Why this matters
Account roles affect more than menus. They control who can open student records, who can confirm nominations, who can unarchive evidence, and who can export school data. Superadjust applies these checks at controller level so access follows real ownership, real school membership, and real approval state.
Common mistake
Login does not mean broad access: The most common mistake is assuming that having a login or a teacher role means broad access. It does not. The backend still checks ownership, active student links, school membership, and approval status before it returns sensitive records.
What to do next
Next, read Who can see student records for the practical row-level rules, or Encryption for the technical details on how sensitive student fields are protected at rest and on read.