Pendahuluan
Modul Organisasi membantu Anda mengelola tim sekolah dengan sistem role-based access control (RBAC) dan permission yang fleksibel.Konsep Organisasi
Organisasi
Satu organisasi = satu sekolah dengan:- Data terisolasi sepenuhnya
- Member/staff sendiri
- Billing sendiri
- Domain sendiri (custom + subdomain cekolah.com)
Struktur Organisasi
Role & Permissions
Built-in Roles
Owner- Akses penuh ke semua fitur
- Kelola billing dan subscription
- Kelola anggota organisasi
- Tidak bisa remove diri sendiri
- Punya 1 owner minimal per org
- Akses penuh ke fitur operasional
- Kelola member (invite, remove, role)
- Kelola data (HRIS, siswa, jadwal, dll)
- Tidak bisa ubah billing
- Tidak bisa hapus owner
- Akses sesuai permission yang diberikan
- Default: limited access
- Bisa lihat data diri sendiri
- Bisa update profil sendiri
Custom Roles
Buat role custom sesuai kebutuhan:- Buka Settings → Roles & Permissions
- Klik Create Custom Role
- Isi:
- Nama role: “Guru Senior”, “Koordinator HRIS”, dll
- Deskripsi
- Pilih permissions (checkboxes)
- Simpan
- Guru Senior: lihat & edit HRIS, jadwal
- Koordinator Akademik: manage siswa, jadwal, nilai
- HR Staff: manage HRIS, rekrutmen (read-only kehadiran)
Manajemen Anggota
Invite Member
- Buka Settings → Members
- Klik Invite Member
- Isi:
- Email address
- Nama (opsional, bisa edit nanti)
- Role: Owner, Admin, atau custom role
- Klik Send Invite
- Click link untuk create akun
- Atau join jika sudah punya akun Cekolah
Manage Member
- Buka Settings → Members
-
Lihat daftar semua member:
- Nama
- Role
- Status (active, pending invite, etc)
- Join date
-
Untuk setiap member:
- Change Role - Ubah role member
- Change Permissions - Ubah permission granular
- Remove - Hapus dari organisasi
- Resend Invite - Jika pending
Remove Member
- Klik member yang ingin dihapus
- Klik Remove from Organization
- Confirm removal
- Member kehilangan akses semua data org
Permission System
Permission Levels
Cekolah memiliki permission granular per modul: HRIS Module:hris.employees.view- Lihat data karyawanhris.employees.create- Tambah karyawanhris.employees.edit- Edit karyawanhris.employees.delete- Hapus karyawanhris.recruitment.*- Semua permission recruitment- etc
students.view- Lihat siswastudents.manage- Kelola siswastudents.enroll- Enroll siswa- etc
attendance.view_all- Lihat semua kehadiranattendance.approve- Approve izin/cutiattendance.manage_calendar- Kelola kalender- etc
Set Custom Permission
Untuk fine-grained control:- Buka Settings → Members
- Klik member
- Klik Custom Permissions
- Check/uncheck permission sesuai kebutuhan
- Simpan
- ✅ HRIS: view, create, edit (not delete)
- ✅ Schedule: manage
- ✅ Attendance: view_all
- ❌ Billing: none
- ❌ Settings: none
Permission Templates
Preset permission untuk common roles:| Role | HRIS | Students | Schedule | Attendance | Recruitment | Billing |
|---|---|---|---|---|---|---|
| Teacher | View | View | Manage own | View own | - | - |
| HR Staff | Full | - | - | Manage | Full | - |
| Coordinator | View | Full | Full | Full | - | - |
| Admin | Full | Full | Full | Full | Full | - |
| Owner | Full | Full | Full | Full | Full | Full |
Access Control Examples
Skenario 1: Guru
Guru hanya bisa:- Lihat dan kelola jadwal mengajar
- Submit attendance (check-in)
- View data siswa di kelas mereka
- Upload nilai (segera)
- Role: Teacher (predefined)
- Atau custom dengan permission terbatas
Skenario 2: HR Manager
HR manager bisa:- Manage semua data HRIS (create, edit, delete)
- Kelola rekrutmen
- Tidak bisa kelola siswa/jadwal
- Tidak bisa akses billing
- Role: Custom “HR Manager”
- Permissions: HRIS full, Recruitment full, siswa read-only
Skenario 3: Koordinator Akademik
Akademik coordinator:- Manage siswa & enrollment
- Manage jadwal & kurikulum
- View HRIS (guru/staff)
- Approve attendance izin
- Tidak bisa akses karyawan edit
- Role: Custom “Koordinator Akademik”
- Permissions: Students full, Schedule full, HRIS limited, Attendance approve
Activity & Audit
Activity Log
Track semua aktivitas member:- Buka Settings → Activity Log
-
Lihat:
- Who: Member mana yang action
- What: Aksi apa (create, edit, delete)
- When: Kapan
- Target: Data apa yang di-action
- Details: Perubahan detail
-
Filter by:
- Member
- Modul (HRIS, Students, dll)
- Aksi (create, update, delete)
- Date range
Export Audit Log
Untuk compliance/audit:- Klik Export
- Format: CSV, PDF
- Date range
- Download laporan
Multi-Organization
User dapat member di multiple organization:- Switch between org di dropdown
- Access berbeda per organization
- Billing separate per org
- Activity log separate
Security
Session Management
- Each device = separate session
- Logout dari satu device tidak affect device lain
- Admin dapat force logout user dari settings
- Session timeout otomatis (idle 30 min)
Password & 2FA
- Member manage password di settings profil
- Optional 2FA untuk security extra
- Password reset via email
Data Privacy
- Member hanya see data sesuai permission
- Database query di-filter by org & permission
- Audit log mencatat semua access
Tips & Best Practices
- ✅ Use roles yang sudah ada (Owner, Admin, Member)
- ✅ Buat custom role hanya jika perlu
- ✅ Assign least privilege (minimal permission needed)
- ✅ Review member permission secara berkala
- ✅ Remove member yang tidak lagi aktif
- ✅ Monitor activity log untuk suspicious activity
- ✅ Keep owner/admin count minimal (security)
Troubleshooting
Member tidak bisa akses fitur?
Member tidak bisa akses fitur?
- Cek role dan permission member
- Pastikan permission sudah include fitur yang diakses
- Refresh halaman member
- Clear cache browser
- Hubungi admin untuk update permission
Tidak bisa remove member?
Tidak bisa remove member?
- Cek apakah owner (tidak bisa remove diri sendiri)
- Punya owner minimal 1 di org
- Jika member adalah owner lain, tidak bisa remove
- Hubungi support jika perlu
Invite member tidak diterima?
Invite member tidak diterima?
- Cek email yang diinvite
- Lihat folder spam/promotions
- Resend invite dari settings
- Cek email address typo
- Member bisa direct login jika sudah punya akun
Related Pages: