Designate users with temporary class access

Supported editions for this feature: Education Plus. Compare your edition

As an administrator, you can give designated users, such as school administrators or support staff, temporary access to visit classes in Classroom without being added as a permanent teacher or student to the class.

Temporary access to classes is useful to support educators, view student profiles, post announcements, and more.

Set up temporary access

Create an admin role with the Manage classes privilege and assign it to designated users or security groups. Also, you can restrict access to classes by organizational unit.

Step 1: Create a custom admin role

You must be signed in as a super administrator for this task.
  1. Sign in with a super administrator account to the Google Admin console.

    If you aren’t using a super administrator account, you can’t complete these steps.

  2. Go to Menu and then Account > Admin roles.
  3. Click Create new role.
  4. Enter a name and, optionally, a description for the role and click Continue.
  5. From the Privilege Name list, at Classroom, check the Manage Classes box.
  6. Click Continue.
  7. Click Create role.

    Note: You can add other privileges to this role. For example, if you have the same users assigned the View analytics data for users and their classes privilege, you can add both privileges to one custom admin role.

Continue to Step 2 to assign the custom admin role to users or security groups.

Step 2: Assign the custom admin role to a user or security group

You must be signed in as a super administrator for this task.
  1. Sign in with a super administrator account to the Google Admin console.

    If you aren’t using a super administrator account, you can’t complete these steps.

  2. Go to Menu and then Account > Admin roles.
  3. Click the custom admin role you created and thenAdminsand thenAssign members.
  4. Enter the first few letters of the email address of the user or the security group, and select the address from the list.
  5. (Optional) To limit access to an organizational unit, click Edit , select an organizational unit, and click Done.

    (Optional) To grant access to more than one organizational unit, follow the steps in Assign or unassign the role for multiple organizational units on this page.

  6. Click Assign role.

Note: When you restrict access to an organizational unit, the user or group can access only classes whose primary teacher is in that organizational unit.

After you assign the custom admin role to a user or a security group, they can visit a class as an education leader or staff.

Assign or unassign the role for multiple organizational units

Repeat Step 2 above and select a different organizational unit each time to grant a user or security group access to more than one organizational unit.

In the Admins list, the user or security group name appears separately for each organizational unit they can access.

Or, you can follow these steps:

To complete these steps, you need the appropriate User management privilege. Without the correct privilege, you won't see all the controls needed to complete these steps.
  1. Sign in with an administrator account to the Google Admin console.

    If you aren’t using an administrator account, you can’t access the Admin console.

  2. Go to Menu and then Directory > Users.
  3. Open the user's account page: Click the user's name. Or, at the top, in the search box, enter the user's name and open their account page. For more options, go to Find a user account

  4. Scroll down and click Admin roles and privileges.

  5. At the custom admin role you created, under Scope of role, click Edit .
  6. Do one of the following:
    • To select an organizational unit, check the box for the organizational unit.
    • To unselect an organizational unit, uncheck the organizational unit box.
  7. Click Done.
  8. Click Save.

Manage the custom admin role using APIs

Instead of assigning the custom admin role to users and security groups manually in the Admin Console, you can designate temporary class access using APIs. To do so, review the developer guide on automating the process: Developer Guide - Provide Temporary Access.

Manage sensitive information

You can control access to sensitive information and resources using security groups. You can create a new security group or update an existing group by adding the security setting. For details, go to Control access to sensitive data with security groups.

Remove temporary class access permissions

To complete these steps, you need the appropriate User management privilege. Without the correct privilege, you won't see all the controls needed to complete these steps.
  1. Sign in with an administrator account to the Google Admin console.

    If you aren’t using an administrator account, you can’t access the Admin console.

  2. Go to Menu and then Directory > Users.
  3. Click the user’s nameand thenAdmin roles and privileges.
  4. At the custom admin role you created, under Assigned state, click Assigned .
  5. Click Save.

Note: If the role was assigned to a security group, removing users from the security group also removes their access permissions.

Related topics

Was this helpful?

How can we improve it?

Need more help?

Try these next steps:

Post to the help community Get answers from community members
Contact us Tell us more and we’ll help you get there
true
Start your free 14-day trial today

Professional email, online storage, shared calendars, video meetings and more. Start your free Google Workspace trial today.

9902701068354815285
true
Search Help Center
true
true
true
true
true
73010
Search
Clear search
Close search
Main menu
false
false
false
false