Back to Compliance Portal

Compliance document

Access Control & RBAC Overview

How VerbalCheck separates user roles and scopes access to protected academic records.

Status

Published overview

Effective date

June 2026

Audience

IT administrators, security reviewers, institutional administrators, and implementation teams

Role model

  • Students access their assignments, submissions, interview workflows, and results as permitted by the course configuration.
  • Instructors access classes, assignments, student submissions, interviews, reports, and grading workflows under their teaching context.
  • Admins manage institution, user, LTI, compliance, and support workflows according to assigned privileges.
  • System-level functions support integrations, automation, and operational workflows.

Object-level authorization

VerbalCheck authorization should verify not only that a user has the right role, but also that the requested record belongs to the correct class, assignment, student, instructor, institution, or LTI context.

Session revocation

  • Logout invalidates server-side session records.
  • User deactivation and role changes should revoke active sessions.
  • Persistent session state helps enforce access changes across deployed instances.