Within the context of recent regional school book challenges, much of the attention has been focused on print collections. However, librarians and school districts have started to look at digital content, too.
Sora is the K-12 platform used by many students and staff in NYS to access OverDrive content (as opposed to Libby, which is used by public library patrons). In Sora, content access levels can be implemented to restrict access to content.
Here is how OverDrive defines content access levels:
Content access levels let you control which types of users can view and borrow certain titles in your digital collection. Content access levels are customizable and can be different from the publisher-defined audience label.
Note: In the Libby app, users will be able to see all titles in your digital collection, regardless of content access levels. If a user tries to borrow a book that's restricted by content access level, the checkout won't be completed and the user will get an error message.
Content access levels are designed to let you manage access to titles based on age-appropriateness. Users are assigned a user type ("Adult," "Young Adult," or "Juvenile") when you set up authentication (for schools) or based on library card type (for libraries). Users can access titles at or below their access level:
"Adult" users can access all titles
"Young Adult" users can only access titles you label "Young Adult" or "Juvenile"
"Juvenile" users can only access titles you label "Juvenile"
A title's content access levels, which are assigned by you, may be different from the title's audience, which is assigned in its metadata by the publisher.
I am wondering if restricting digital access to content by grade level and/or to individual student could/would be another "creative work around" to limit access that may or may not be outside of board policy?
The answer is "Yes."
Of course, behind that answer is layer after layer of complexity.
Layer 1: The "you" in the policy quoted by the question (as in "Content access levels let you control which types of users can view and borrow certain...") could be the SLS, or could be an individual school, or even an individual employee of a school. It's all about who has the access to control the settings, which is not something that should be left to chance and happenstance.
Layer 2: Databases like SORA are often licensed by school library systems ("SLSs"), not individual libraries or districts. This means that the access controlled by "you" might be controlled by SLS policy, rather than that of a member library (or the SLS's policy could specify that such control is handled at the district or individual library level).
Layer 3: The American Association of School Librarians discourages this type of limit in part 5 of its "Common Beliefs": "Learners have the freedom to speak and hear what others have to say, rather than allowing others to control their access to ideas and information." This means that once content has been made a part of the school library or school library system's collection per established collection development policy, learners should have access to it.
Taking all these layers into account, a few things emerge:
First, there is a grave risk that restrictions in excess of appliable ethics, regulations, and policy could happen if such access controls are implemented without attention to applicable policy.
Second, if there is no policy that addresses restricting access (whether by age or individual student), that feature of a system should not be used.
Third, if a system with the capability to selectively bar access is acquired, that feature should only be implemented if there is clarity about what policy governs its use, whose policy is it, and who the "you" setting the limits is.
But as the question points out, even with a policy in place, this may be a dangerous game (or a "creative work-around") when it comes to intellectual freedom, because as the AASL says: "Learners have the freedom to speak and hear what others have to say, rather than allowing others to control their access to ideas and information."
The decision to limit access to content that is part of collection of a school library or library system is an ethically slippery slope. A district, school, and/or school library system should think very carefully about why it would enable such limits through policy, taking care the policy is consistent with governing ethics and regulations.
So how is a library, school district, or system to ensure students have access to appropriate content? The development of a pedagogically appropriate school library or school library system collection lies with their collection policies, NOT the ability to selectively control access to a collection once it is established. This starts with using established criteria, developed and overseen by trained professionals, assembling a collection that meets the needs of the school.
By regulation (8 NYCRR 91.1), this mandate of a school library is broad: "The library in each elementary and secondary school shall meet the needs of the pupils, and shall provide an adequate complement to the instructional program in the various areas of the curriculum." [emphasis added]
By regulation (8 NYCRR 91.1), the mandate of a school library system is also broad, and it includes developing a plan for "cooperative collection development implementation," or in other words, a written plan for how cooperatively accessed materials are acquired and made available from one district to another.
There is no one way these broad mandates are achieved, and that is where the individuality of a school library system will assert itself. But regardless of how those cooperative collection development plans are made, leaving the question "who controls collection access by age or individual identity?" unanswered is not a good option. Through attention to applicable ethics, law, regulation, and the required collaborative governance, a school library system can answer that question with clarity, even if the answer is "no one."
 Governance as required by 8 NYCRR 90.18.