ConexED's permission structure is multi-layered to ensure that data and features are only accessible to those with assigned access.
The user role determines the access to data and features they COULD have; their group assignments, CRM assignments, and Alert/Case Management assignments determine what they actually DO have.
The below resources break down the permissions structure - by defining and outline access inthe first document, and by module via the second link.