Difference between revisions of "User Access Management"

From Charitylog Manual
Jump to: navigation, search
Line 110: Line 110:
 
This tab allows you to specify whether users have access to the details which are stored on the [[Organisations_And_People#Personal_Details_tab|Personal Details]] page of the Client Record. If you wish, you can also specify that a user can see these details, but not edit them.
 
This tab allows you to specify whether users have access to the details which are stored on the [[Organisations_And_People#Personal_Details_tab|Personal Details]] page of the Client Record. If you wish, you can also specify that a user can see these details, but not edit them.
  
Usefully, these settings do not mean that the user cannot enter these details as part of [[System_Setup_Guide#Input_Field_Rules|Input Field Rules]], so your users can enter information about somebody on first contact, after which it can be hidden from them.
+
Usefully, these settings do not mean that the user cannot enter these details as part of [[Input Field Rules]], so your users can enter information about somebody on first contact, after which it can be hidden from them.
  
  

Revision as of 10:35, 2 May 2017

Helpheader small.png

Since Charitylog is based online, and the whole organisation has access to the information stored on it, it is important that user access is well controlled.

We suggest that it is a good idea to be as lenient with access as possible, and to trust staff as much as possible. If you try to tightly control every single user with a set of complicated rules about what they can and can't see, it is likely to lead to an awful lot of extra work for administrators. However, there is plenty of control if you need it. Ultimately the degree to which you control access is entirely up to you.

There are three ways to limit user access within Charitylog.

Limiting access for particular users

Click on the "Users" link in the "User Settings" submenu (Administration > Security > User Settings > Users).


File:A access 1.png


This will show you the list of users on your system. Click on the name of a user to edit their individual settings. Across the top of the resulting screen are three tabs which contain the settings around what this user can see and do.


File:A access 2.png


System Access tab

This tab contains general, system-wide preferences, as follows.


Allowed to Enter Project Sub-categories?

This preference sets whether or not the user will be able to categorise referrals using Project Subcategories on the Record a Contact screen.

If allowed, the user will see a drop-down list on the Record a Contact screen, as shown.

File:A access 4.png

Allowed to Delete Uploaded Documents?

This allows users to delete documents that are uploaded to the Client Details screen.

If allowed, the user will see a "Delete" button on the Uploaded Documents page, as shown.

File:A access 5.png

Allowed to Delete Next of Kin Records?

This allows users to delete NoK records from the link on the Client Details screen.

If allowed, the user will see a "Delete" button on the Next of Kin & Contacts page, as shown.

File:A access 5.png

Allowed to Delete Extension Database Records?

This allows users to delete extension database records. See this page for further explanation of what Extension Databases are and what they can do.

If allowed, the user will see a "Delete Record" button on Extension Database records.

File:A access 6.png

Allowed to Create Private Notes?

This allows users to create Private Notes linked to the Client Details screen. For more information on Private Notes, please see this page: Private Notes.

If allowed, users will see a "Private Notes" link at the bottom of the Client Details screen, as shown.

File:A access 7.png

Allowed to Log In at Weekends?

If set to "No", this will stop users logging into the system at weekends.

Earliest and Latest Log In Time Allowed

These time fields can be used to govern the times that this user can log in to the system. Leave both set to "00:00" to allow unrestricted access.

Allowed To Use Favourites?

This setting allows the user to use Favourites.

Copy Favourites from Another User, and Copy Access Rights from Another User

These allow you to "bring in" Favourites and Access Rights from a user that is already set up. This is useful when setting up new users.

Project Access tab

The Project Access tab shows which projects the user is allowed to view and edit.


790px


If the top two radio buttons are filled in (for "User has Unrestricted Access (i.e. can see/edit all projects"the user will be able to see and edit everything on the system.


File:A access 9.png


If either of the bottom two radio buttons are filled in (for "User has Restricted Access"), you will need to specify which projects the user in question can work with.

If you want to let the user view and work with a project, but not enter new referrals, put a tick in the first column - "Full Access (Except Enter New Referrals)".

If you want to also let the user enter new referrals, put a tick in the second column - "Enter New Referrals".

If you want to hide the detail of interactions with clients, but still show the fact that the client is active in a particular project, put a tick in the third column - "Hide Referrals In History tab". Tick this box if you want the user to be able to see simply that the client has had a referral for this project, but not see the outcome or the details of the contacts. This works irrespective of which other boxes you have ticked for this project.

Personal Tab Access tab

This tab allows you to specify whether users have access to the details which are stored on the Personal Details page of the Client Record. If you wish, you can also specify that a user can see these details, but not edit them.

Usefully, these settings do not mean that the user cannot enter these details as part of Input Field Rules, so your users can enter information about somebody on first contact, after which it can be hidden from them.


790px

Limiting access by user group

As well as the per-user access that Charitylog allows, detailed above, it is also possible to manage user's access by placing them in a user group which has a set of permissions associated with it. Charitylog comes with four user groups set up:

  • Administrator
  • Management
  • Office Staff
  • Volunteer

These are not compulsory, though, and you can add to these groups or change them as you require. Control of the access permissions of each group is done from the Group Access screen, which is found in the Administration submenu: Administration > Security > User Settings > Group Access.


File:A access 11.png


Group Access screen

The Group Access screen allows administrators to control what each User Group has access to throughout the Charitylog system. It is one of the most powerful tools that administrators have in running the system. We advise that when getting up and running, you start with the user groups that are already set up on the system, rather than creating new ones from scratch. In general it is best to keep the number of user groups to a minimum, as each group will require some administration and housekeeping - so, the simpler your system is, the better. Some organisations work with only one or two user groups, and there is no reason that this can't work perfectly well. If you need some guidance on how strict you should be with your user groups, discuss this with Charitylog support on 01989 763 691, or with your assigned trainer.

After clicking on the menu link, you will need to select which group you want to edit, and then click "Set Group Access Rights".


File:A access 12.png


This will take you to a screen with a series of tabs across the top - each tab relates to a different area of the system. Each tab has three columns below it (or occasionally four if there is a "delete" option available);

  • View - controls whether the usergroup can see this part of the system
  • Create new - controls whether the usergroup is allowed to add to this part of the system
  • Edit - controls whether the usergroup is allowed to change previously added parts of the system
  • Delete - controls whether the usergroup is allowed to delete these sections.

Exactly how each "line" in Group Access relates to the system itself is variable. If somebody does not have access to a part of the system, and it seems that they should have it, a Group Access setting is very likely to be the issue. It is easiest to address these issues with the person in question logged in to Charitylog on one computer, and you (the administrator) logged in on another. Have a look at Group Access, starting from the relevant tab if you can narrow it down. Tick boxes, ask the other user to refresh their browser window, and then try to access the feature they need. If this does not work, reset the tick boxes and move on to something else.

  • Note: remember you can always call the support line on 01989 763 691 for help with Group Access.
  • Note of caution: if you are an administrator, do not un-tick the "Administration" view access boxes on the "Administration" tab. This will disallow access to the Administration menu itself for the Administrator usergroup, meaning that you will not be able to get back into Group Access and reset it! If this happens, you will need to call the support line, and one of our team will reset the permissions for you.

At the top of the Group Access screen is a tick box, as shown:


File:A access 13.png


Ticking this box will select every option on all tabs. You may like to create a special "Chief Executive" usergroup or similar, just for your CE, so that somebody in the organisation always has access to everything.


Deleting user groups

Clicking on "Group Access" displays the groups that are set up on your system. You may wish to delete old or obsolete groups. Next to each group is text telling you how many users are in that group, or a red cross. Clicking on the red cross will delete the group in question.


File:A access 23.png


You will not be allowed to delete a user group until all users have been moved out of it. This includes inactive users, so you may like to create an "Old Users" group with no permissions, and move all inactive users into this group when you make them inactive. This will allow you to delete groups which are not being used any more.

Limiting access to a specific document, etc

Uploaded documents

Uploaded Documents are files which you upload to keep in the same place as somebody's details. They are usually used with clients, to upload scanned forms, risk assessments and so on, but you can upload documents to any person/organisation in Charitylog if you wish. When you upload a document, you can specify who is able to see this document after upload. Click on the "Uploaded Documents" button on the person/organisation's Details screen (Client Details screen shown).


File:A access 14.png


The button shows how many documents are uploaded, if any. Click on the button to see the list of uploaded files, then click the "Upload Document" button to upload a new one.


File:A access 15.png


At the bottom of the page will be a box headed "Users These Documents Will Be Visible To". Here you can set who will be able to see the document. You can select usergroups, individual people, or a combination of both (e.g. you can make a document available to all administrators, plus two other particular members of staff). You can do this by holding the "ctrl" button (PC) or "Command" (Mac) and clicking the combination of people you want. You can also use shift-click (PC or Mac) to select a range.


File:A access 16.png


Once you have selected all the required options and the document to be uploaded, click "Save Details". Note: if you do not select yourself when you specify who the document is to be visible to, once it is uploaded you will not be able to see it. This may be appropriate, but more often you will want to keep documents that you upload visible to yourself. If you are about to save a document which will be invisible to you, you will see this error message.


File:A access 17.png


For more details of how to use Uploaded Documents, see the end user manual: Uploaded Documents.

Private Notes

Earlier in this chapter you saw how to enable users to create Private Notes. Private Notes are simply pieces of text, and there is no reporting available on them. They are usually used to record sensitive, personal or private information about a person/organisation. When you create a private note, you will probably want strict control of who will be able to see this information once it is added to the system. As with Uploaded Documents, there is control over visibility of every note.

Clicking on the "Private Notes" link at the bottom of the any Details screen will show the notes that are already stored for this person/organisation, if there are any. Click the "Create New Notes" button to create a new one.


File:A access 18.png


At the bottom of the resulting screen will be a field headed "Staff Access".


File:A access 19.png


In this box you can select groups, individual users, or both. Use the "ctrl" key (Windows) or "Command" key (Mac) to select as many as you need. Remember to select yourself, or the note will be invisible to you once you have saved it. If you try and save a note without having made it visible to yourself, you will see the following error message.


File:A access 20.png

Extension Databases

Extension Databases have control over who can see them. Click on the name of the Extension Database.


File:A access 21.png


At the bottom of the resulting screen is a field labelled "Available to users in these groups", where you can control who will be able to see the Extension Database. Unlike Uploaded Documents or Private Notes, Extension Databases can only have their visibility controlled by usergroup, not by individual user.

Select the groups you want the Extension Database to be visible to.


File:A access 22.png



Helpheader small.png