Difference between revisions of "User Access Management"
(→Private Notes) |
|||
| Line 200: | Line 200: | ||
===Private Notes=== | ===Private Notes=== | ||
| + | |||
| + | Earlier in this chapter you saw how to enable users to create [[User_Access_Management#Allowed_to_Create_Private_Notes.3F|Private Notes]]. Private Notes are simply pieces of text, and there is no reporting available on them. They are simply to record sensitive, personal or private information about a person/organisation. When you create a private note, you will probably want strict control of who will be able to see this information once it is added to the system. As with Uploaded Documents, there is control over visibility of every note. | ||
| + | |||
| + | Clicking on the "Private Notes" link at the bottom of the any Details screen will show the notes that are already stored for this person/organisation, if there are any. Click the "Create New Notes" button to create a new one. | ||
| + | |||
| + | |||
| + | [[File:A_access_18.png|border]] | ||
| + | |||
| + | |||
| + | At the bottom of the resulting screen will be a field headed "Staff Access". | ||
| + | |||
| + | |||
| + | [[File:A_access_19.png|border]] | ||
| + | |||
| + | |||
| + | In this box you can select groups, individual users, or both. Use the "ctrl" key (Windows) or "Command" key (Mac) to select as many as you need. Remember to select yourself, or the note will be invisible to you once you have saved it. If you try and save a note without having made it visible to yourself, you will see the following error message. | ||
| + | |||
| + | |||
| + | [[File:A_access_20.png|border]] | ||
===Extension Databases=== | ===Extension Databases=== | ||
Revision as of 10:30, 30 April 2013
Contents
- 1 Limiting access for particular users
- 1.1 System Access tab
- 1.1.1 Allowed to Merge Records?
- 1.1.2 Allowed to Enter Project Sub-categories?
- 1.1.3 Allowed to Delete Uploaded Documents?
- 1.1.4 Allowed to Delete Next of Kin Records?
- 1.1.5 Allowed to Delete Extension Database Records?
- 1.1.6 Allowed to Create Private Notes?
- 1.1.7 Allowed to Log In at Weekends?
- 1.1.8 Earliest and Latest Log In Time Allowed
- 1.1.9 Allowed To Use Favourites?
- 1.1.10 Copy Favourites from Another User, and Copy Access Rights from Another User
- 1.2 Project Access tab
- 1.3 Personal Tab Access tab
- 1.1 System Access tab
- 2 Limiting access by user group
- 3 Limiting access to a specific document, etc
Since Charitylog is based online, and the whole organisation has access to the information stored on it, it is important that user access is well controlled.
We suggest that it is a good idea to be as lenient with access as possible, and to trust staff as much as possible. If you try to tightly control every single user with a set of complicated rules about what they can and can't see, it is likely to lead to an awful lot of extra work for administrators. However, there is plenty of control if you need it. Ultimately the degree to which you control access is entirely up to you.
There are three ways to limit user access within Charitylog.
Limiting access for particular users
Click on the "Users" link in the "User Settings" submenu (Administration > Security > User Settings > Users).
This will show you the list of users on your system. Click on the name of a user to edit their individual settings. Across the top of the resulting screen are three tabs which contain the settings around what this user can see and do.
System Access tab
This tab contains general, system-wide preferences, as follows.
Allowed to Merge Records?
If set to "Yes", this user will be allowed to merge organisations and people together, as you might need to when a client is entered onto the system twice.
If allowed, the user will see a "Merge Records" link at the bottom of the Client Details screen.
Allowed to Enter Project Sub-categories?
This preference sets whether or not the user will be able to categorise referrals using Project Subcategories on the Record a Contact screen.
If allowed, the user will see a drop-down list on the Record a Contact screen, as shown.
Allowed to Delete Uploaded Documents?
This allows users to delete documents that are uploaded to the Client Details screen.
If allowed, the user will see a "Delete" button on the Uploaded Documents page, as shown.
Allowed to Delete Next of Kin Records?
This allows users to delete NoK records from the link on the Client Details screen.
If allowed, the user will see a "Delete" button on the Next of Kin & Contacts page, as shown.
Allowed to Delete Extension Database Records?
This allows users to delete extension database records. See this page for further explanation of what Extension Databases are and what they can do.
If allowed, the user will see a "Delete Record" button on Extension Database records.
Allowed to Create Private Notes?
This allows users to create Private Notes linked to the Client Details screen. For more information on Private Notes, please see this page: Private Notes.
If allowed, users will see a "Private Notes" link at the bottom of the Client Details screen, as shown.
Allowed to Log In at Weekends?
If set to "No", this will stop users logging into the system at weekends.
Earliest and Latest Log In Time Allowed
These time fields can be used to govern the times that this user can log in to the system. Leave both set to "00:00" to allow unrestricted access.
Allowed To Use Favourites?
This setting allows the user to use Favourites.
Copy Favourites from Another User, and Copy Access Rights from Another User
These allow you to "bring in" Favourites and Access Rights from a user that is already set up. This is useful when setting up new users.
Project Access tab
The Project Access tab shows which projects the user is allowed to view and edit.
If the top two radio buttons are filled in (for "User has Unrestricted Access (i.e. can see/edit all projects"the user will be able to see and edit everything on the system.
If either of the bottom two radio buttons are filled in (for "User has Restricted Access"), you will need to specify which projects the user in question can work with.
If you want to let the user view and work with a project, but not enter new referrals, put a tick in the first column - "Full Access (Except Enter New Referrals)".
If you want to also let the user enter new referrals, put a tick in the second column - "Enter New Referrals".
If you want to hide the detail of interactions with clients, but still show the fact that the client is active in a particular project, put a tick in the third column - "Hide Referrals In History tab". Tick this box if you want the user to be able to see simply that the client has had a referral for this project, but not see the outcome or the details of the contacts. This works irrespective of which other boxes you have ticked for this project.
Personal Tab Access tab
This tab allows you to specify whether users have access to the details which are stored on the Personal Details page of the Client Record. If you wish, you can also specify that a user can see these details, but not edit them.
Usefully, these settings do not mean that the user cannot enter these details as part of Input Field Rules, so your users can enter information about somebody on first contact, after which it can be hidden from them.
Limiting access by user group
As well as the per-user access that Charitylog allows, detailed above, it is also possible to manage user's access by placing them in a user group which has a set of permissions associated with it. Charitylog comes with four user groups set up:
- Administrator
- Management
- Office Staff
- Volunteer
These are not compulsory, though, and you can add to these groups or change them as you require. Control of the access permissions of each group is done from the Group Access screen, which is found in the Administration submenu: Administration > Security > User Settings > Group Access.
Group Access screen
The Group Access screen allows administrators to control what each User Group has access to throughout the Charitylog system. It is one of the most powerful tools that administrators have in running the system. We advise that when getting up and running, you start with the user groups that are already set up on the system, rather than creating new ones from scratch. In general it is best to keep the number of user groups to a minimum, as each group will require some administration and housekeeping - so, the simpler your system is, the better. Some organisations work with only one or two user groups, and there is no reason that this can't work perfectly well. If you need some guidance on how strict you should be with your user groups, discuss this with Charitylog support on 01989 763 691, or with your assigned trainer.
After clicking on the menu link, you will need to select which group you want to edit, and then click "Set Group Access Rights".
This will take you to a screen with a series of tabs across the top - each tab relates to a different area of the system. Each tab has three columns below it (or occasionally four if there is a "delete" option available);
- View - controls whether the usergroup can see this part of the system
- Create new - controls whether the usergroup is allowed to add to this part of the system
- Edit - controls whether the usergroup is allowed to change previously added parts of the system
- Delete - controls whether the usergroup is allowed to delete these sections.
However, exactly how each "line" in Group Access relates to the system itself is variable, and trial and error is the best way to get what you need out of Group Access. If somebody does not have access to a part of the system, and it seems that they should have it, a Group Access setting is very likely to be the issue. It is easiest to address these issues with the person in question logged in to Charitylog on one computer, and you (the administrator) logged in on another. Have a look at Group Access, starting from the relevant tab if you can narrow it down. Tick boxes, ask the other user to refresh their browser window, and then try to access the feature they need. If this does not work, reset the tick boxes and move on to something else.
It sounds odd that trial and error is the way to do this, but it really is the quickest way to address issues here. Because there are so many options, and every time a feature is added a new Group Access entry is needed, the screens change often. An exhaustive guide of what each line in Group Access does would be long-winded and very difficult to maintain. It's better to just have a go!
- Note: remember you can always call the support line on 01989 763 691 for help with Group Access.
- Note of caution: if you are an administrator, do not un-tick the "Administration" view access boxes on the "Administration" tab. This will disallow access to the Administration menu itself for the Administrator usergroup, meaning that you will not be able to get back into Group Access and reset it! If this happens, you will need to call the support line, and one of our team will reset the permissions for you.
At the top of the Group Access screen is a tick box, as shown:
Ticking this box will select every option on all tabs. You may like to create a special "Chief Executive" usergroup or similar, just for your CE, so that somebody in the organisation always has access to everything.
Limiting access to a specific document, etc
Uploaded documents
Uploaded Documents are files which you upload to keep in the same place as somebody's details. They are usually used with clients, to upload scanned forms, risk assessments and so on, but you can upload documents to any person/organisation in Charitylog if you wish. When you upload a document, you can specify who is able to see this document after upload. Click on the "Uploaded Documents" button on the person/organisation's Details screen (Client Details screen shown).
The button shows how many documents are uploaded, if any. Click on the button to see the list of uploaded files, then click the "Upload Document" button to upload a new one.
At the bottom of the page will be a box headed "Users These Documents Will Be Visible To". Here you can set who will be able to see the document. You can select usergroups, individual people, or a combination of both (e.g. you can make a document available to all administrators, plus two other particular members of staff). You can do this by holding the "ctrl" button (PC) or "Command" (Mac) and clicking the combination of people you want. You can also use shift-click (PC or Mac) to select a range.
Once you have selected all the required options and the document to be uploaded, click "Save Details". Note: if you do not select yourself when you specify who the document is to be visible to, once it is uploaded you will not be able to see it. This may be appropriate, but more often you will want to keep documents that you upload visible to yourself. If you are about to save a document which will be invisible to you, you will see this error message.
For more details of how to use Uploaded Documents, see the end user manual: Uploaded Documents.
Private Notes
Earlier in this chapter you saw how to enable users to create Private Notes. Private Notes are simply pieces of text, and there is no reporting available on them. They are simply to record sensitive, personal or private information about a person/organisation. When you create a private note, you will probably want strict control of who will be able to see this information once it is added to the system. As with Uploaded Documents, there is control over visibility of every note.
Clicking on the "Private Notes" link at the bottom of the any Details screen will show the notes that are already stored for this person/organisation, if there are any. Click the "Create New Notes" button to create a new one.
At the bottom of the resulting screen will be a field headed "Staff Access".
In this box you can select groups, individual users, or both. Use the "ctrl" key (Windows) or "Command" key (Mac) to select as many as you need. Remember to select yourself, or the note will be invisible to you once you have saved it. If you try and save a note without having made it visible to yourself, you will see the following error message.
