Difference between revisions of "User Access Management"
(→Copying an existing user) |
|||
| Line 155: | Line 155: | ||
As an administrator, you can choose to copy an extisting user or create a new user from scratch. On the list of existing users identify a user you wish to copy. Click on the Copy Icon at the end of the row; [[File:Admin_users_copy.PNG]]. This will copy the security, project and system access settings from the existing user. | As an administrator, you can choose to copy an extisting user or create a new user from scratch. On the list of existing users identify a user you wish to copy. Click on the Copy Icon at the end of the row; [[File:Admin_users_copy.PNG]]. This will copy the security, project and system access settings from the existing user. | ||
| − | |||
On the following page Complete the details on the General User Details tab. When you have finsihed you can Save Details and Close, taking you back to the user list, or Save and gor to the associated person/org record. | On the following page Complete the details on the General User Details tab. When you have finsihed you can Save Details and Close, taking you back to the user list, or Save and gor to the associated person/org record. | ||
| Line 163: | Line 162: | ||
[[File:Admin_users_save.PNG]] | [[File:Admin_users_save.PNG]] | ||
| − | |||
==Limiting access for particular users== | ==Limiting access for particular users== | ||
Revision as of 12:38, 13 December 2017
Contents
- 1 Creating a user account
- 2 Limiting access for particular users
- 2.1 System Access tab
- 2.1.1 Allowed to Enter Project Sub-categories?
- 2.1.2 Allowed to Delete Uploaded Documents?
- 2.1.3 Allowed to Delete Next of Kin Records?
- 2.1.4 Allowed to Delete Extension Database Records?
- 2.1.5 Allowed to Create Private Notes?
- 2.1.6 Allowed to Log In at Weekends?
- 2.1.7 Earliest and Latest Log In Time Allowed
- 2.1.8 Allowed To Use Favourites?
- 2.1.9 Copy Favourites from Another User, and Copy Access Rights from Another User
- 2.2 Project Access tab
- 2.3 Personal Tab Access tab
- 2.1 System Access tab
- 3 Limiting access by user group
- 4 Limiting access to a specific document, etc
Since Charitylog is based online, and the whole organisation has access to the information stored on it, it is important that user access is well controlled.
We suggest that it is a good idea to be as lenient with access as possible, and to trust staff as much as possible. If you try to tightly control every single user with a set of complicated rules about what they can and can't see, it is likely to lead to an awful lot of extra work for administrators. However, there is plenty of control if you need it. Ultimately the degree to which you control access is entirely up to you.
There are three ways to limit user access within Charitylog.
Creating a user account
In the munu search box, to the left of the settings cog (top right hand corner), type 'Users' (without the quotes). This will search the menu and display the users link.
Click on Users on the displayed menu, this will take you to the list of current users. By default the display list will on show active users that can login to your system.
How to create a new user
At bottom of the list of users (you may need to scroll down the page) click on the button 'Create New User'
You will then be taken to the create new user page.
General Details
On the general details tab you will find the following options to complete;
Full Name (used in reports and lists): Enter the persons full name
Example:
John Smith
Username (used for logging in): This is case sensitive and the user will need this to login. The username must following the organisation settings in Operational Rules
Example:
JSmith
Password: enter a password for the user to use, this is case sensitive and must follow the organisation settings in Operational Rules Example:
DJ345DCF
Retype Password: This must match the password typed in the previous box. Example:
DJ345DCF
Change password at next login: Tick this box if you want the user to change the password you have set for them, when they first login.
Work Email Address: Enter the users work email address.
Work Telephone Number: Enter the users work contact number.
Work Mobile Number: Enter the users work mobile number.
Password Recovery Email Address: You can specify an email address, so the user can reset their password, if forgotten. If left blank then it will be the responsibility of your administrators, to change the password for the user. Please note that Charitylog support cannot access user passwords, nor can they change these for users. You can use the copy button on the right to use the work email address above. 
Group: Select the appropriate security group. See Group Access for details on how to setup these security groups. If you click on the button for Group Access, this will navigate away from this page and any changes will be lost.
Internal Support User: If you set the user as an administrator you can specify that they are an Internal Support User. This will display their contact details on the login screen, if a user gets the login credentials wrong.
Home Page: Use this drop down to specify which page the user will land on, once logged in. For most users the individual action list is recommended. Via Group Access you can allow users to change their own home page.
General Display Style: This is useful if the user as difficulties seeing or reading from a computer display.
Page Tint: The background of the system is very light. The page tint can be used to reduce the brightness of the background.
Create New Org/Person Record or Link to Existing?: Each user record must have an associated Person/organisation record. This is used to save time sheet information in the background, required for reporting. You can select to link to an existing record or to create a new record, that is appropriate for this user.
Is this user a Referrer With Referrer Only Access - Select Referrer: For a standard user, leave this set to 'Not a limited access referrer'. If you are providing access for a third part organisation, select the organisation from the drop down list.
Outcome Star user?: If you have licences available to use for the Outcome Star, you can specify this user to have access to use these stars.
Allowed To Use Favourites?:The system has a favourite's page, specify if the user can use favourites.
Copy Favourites from Another User: Use this to copy another users favourites.
Allowed to Enter Project Sub-categories?: If you use Project Subcategories then specify if this user is allowed to enter referrals in these subcategories.
Allowed to Delete Extension Database Records?: This will allow the user to delete information in Extension Database records. Deleting this data cannot be undone.
Allowed to Create Private Notes?: This will allow the user to have hidden notes. See Private Notes for details.
Active User?: This means the user account is enabled, if set to No, the user will not be able to access the system.
Referrals/Actions Settings
Action List
The Action List displays the referrals on the system. This list can be tailored per user, so that they can see outstanding work, completed work and work of team members. The below settings control the default view for the user, the user can change the view when required.
Own, Selected or All Users: This will set the default of the Action List so the user will be first displayed the selected option. If you have created a user as a group, you can select the new user and the group user. Example
P Jones Advice Team
Days to show into Past: This will display the number of days in the past that the user will see on their Action List. If you are setting the user to see their outstanding actions, you may wish to use 9999. Setting the display to 9999 will then show all outstanding work, prompting the user to complete this work.
Days to show into Future: This will show the future actions, work that is upcoming. You may wish to consider 7 to 14 days, this will show the upcoming actions in the near future. Setting the future display too large will mean a longer page load on the Action List.
View Selection: Here you can specify what type of actions the user will see. Generally it is recomended that the user is displayed the outstanding actions by default, their current work load.
Previous or Default?: This will determin how the Action List will be displayed when the user next logs in to the system. Set to default will mean the configuration set here will be used, previous will remember any changes the user has made.
List Order: Her you can set if the user will see the oldest actions at the top, or the newest. You may wish to set this to oldest, this will display older outstanding work at the top of the list.
History Tab
These settings determine how the referrals will be displayed on a Persoan or Organisation record.
Referral Order: This determines which order the referrals are displayed. Generally you may wish to select Referral Date (Newest On Top),m this will show the latest referral at the top of the history tab.
Order of Actions Within Each Referral: This will show how the individual actions are display under the referral header
Referrals Diary
This is a depricated feature and is no longer available on the system.
Project Access
The Project Access tab shows which projects the user is allowed to view and edit.
If the top two radio buttons are filled in (for "User has Unrestricted Access (i.e. can see/edit all projects"the user will be able to see and edit everything on the system.
If either of the bottom two radio buttons are filled in (for "User has Restricted Access"), you will need to specify which projects the user in question can work with.
If you want to let the user view and work with a project, but not enter new referrals, put a tick in the first column - "Full Access (Except Enter New Referrals)".
If you want to also let the user enter new referrals, put a tick in the second column - "Enter New Referrals".
If you want to hide the detail of interactions with clients, but still show the fact that the client is active in a particular project, put a tick in the third column - "Hide Referrals In History tab". Tick this box if you want the user to be able to see simply that the client has had a referral for this project, but not see the outcome or the details of the contacts. This works irrespective of which other boxes you have ticked for this project.
Personal Tab Access tab
This tab allows you to specify whether users have access to the details which are stored on the Personal Details page of the Client Record. If you wish, you can also specify that a user can see these details, but not edit them.
Usefully, these settings do not mean that the user cannot enter these details as part of Input Field Rules, so your users can enter information about somebody on first contact, after which it can be hidden from them.
Copying an existing user
As an administrator, you can choose to copy an extisting user or create a new user from scratch. On the list of existing users identify a user you wish to copy. Click on the Copy Icon at the end of the row; . This will copy the security, project and system access settings from the existing user.
On the following page Complete the details on the General User Details tab. When you have finsihed you can Save Details and Close, taking you back to the user list, or Save and gor to the associated person/org record.
For full details of each tab please see Creating a new client
Limiting access for particular users
Click on the "Users" link in the "User Settings" submenu (Administration > Security > User Settings > Users).
This will show you the list of users on your system. Click on the name of a user to edit their individual settings. Across the top of the resulting screen are three tabs which contain the settings around what this user can see and do.
System Access tab
This tab contains general, system-wide preferences, as follows.
Allowed to Enter Project Sub-categories?
This preference sets whether or not the user will be able to categorise referrals using Project Subcategories on the Record a Contact screen.
If allowed, the user will see a drop-down list on the Record a Contact screen, as shown.
Allowed to Delete Uploaded Documents?
This allows users to delete documents that are uploaded to the Client Details screen.
If allowed, the user will see a "Delete" button on the Uploaded Documents page, as shown.
Allowed to Delete Next of Kin Records?
This allows users to delete NoK records from the link on the Client Details screen.
If allowed, the user will see a "Delete" button on the Next of Kin & Contacts page, as shown.
Allowed to Delete Extension Database Records?
This allows users to delete extension database records. See Extension Databases for further explanation of what Extension Databases are and what they can do.
If allowed, the user will see a "Delete Record" button on Extension Database records.
Allowed to Create Private Notes?
This allows users to create Private Notes linked to the Client Details screen. For more information on Private Notes, please see this page: Private Notes.
If allowed, users will see a "Private Notes" link at the bottom of the Client Details screen, as shown.
Allowed to Log In at Weekends?
If set to "No", this will stop users logging into the system at weekends.
Earliest and Latest Log In Time Allowed
These time fields can be used to govern the times that this user can log in to the system. Leave both set to "00:00" to allow unrestricted access.
Allowed To Use Favourites?
This setting allows the user to use Favourites.
Copy Favourites from Another User, and Copy Access Rights from Another User
These allow you to "bring in" Favourites and Access Rights from a user that is already set up. This is useful when setting up new users.
Project Access tab
The Project Access tab shows which projects the user is allowed to view and edit.
If the top two radio buttons are filled in (for "User has Unrestricted Access (i.e. can see/edit all projects"the user will be able to see and edit everything on the system.
If either of the bottom two radio buttons are filled in (for "User has Restricted Access"), you will need to specify which projects the user in question can work with.
If you want to let the user view and work with a project, but not enter new referrals, put a tick in the first column - "Full Access (Except Enter New Referrals)".
If you want to also let the user enter new referrals, put a tick in the second column - "Enter New Referrals".
If you want to hide the detail of interactions with clients, but still show the fact that the client is active in a particular project, put a tick in the third column - "Hide Referrals In History tab". Tick this box if you want the user to be able to see simply that the client has had a referral for this project, but not see the outcome or the details of the contacts. This works irrespective of which other boxes you have ticked for this project.
Personal Tab Access tab
This tab allows you to specify whether users have access to the details which are stored on the Personal Details page of the Client Record. If you wish, you can also specify that a user can see these details, but not edit them.
Usefully, these settings do not mean that the user cannot enter these details as part of Input Field Rules, so your users can enter information about somebody on first contact, after which it can be hidden from them.
Limiting access by user group
As well as the per-user access that Charitylog allows, detailed above, it is also possible to manage user's access by placing them in a user group which has a set of permissions associated with it. Charitylog comes with four user groups set up:
- Administrator
- Management
- Office Staff
- Volunteer
These are not compulsory, though, and you can add to these groups or change them as you require. Control of the access permissions of each group is done from the Group Access screen, which is found in the Administration submenu: Administration > Security > User Settings > Group Access.
Group Access screen
The Group Access screen allows administrators to control what each User Group has access to throughout the Charitylog system. It is one of the most powerful tools that administrators have in running the system. We advise that when getting up and running, you start with the user groups that are already set up on the system, rather than creating new ones from scratch. In general it is best to keep the number of user groups to a minimum, as each group will require some administration and housekeeping - so, the simpler your system is, the better. Some organisations work with only one or two user groups, and there is no reason that this can't work perfectly well. If you need some guidance on how strict you should be with your user groups, discuss this with Charitylog support on 01989 763 691, or with your assigned trainer.
After clicking on the menu link, you will need to select which group you want to edit, and then click "Set Group Access Rights".
This will take you to a screen with a series of tabs across the top - each tab relates to a different area of the system. Each tab has three columns below it (or occasionally four if there is a "delete" option available);
- View - controls whether the usergroup can see this part of the system
- Create new - controls whether the usergroup is allowed to add to this part of the system
- Edit - controls whether the usergroup is allowed to change previously added parts of the system
- Delete - controls whether the usergroup is allowed to delete these sections.
Exactly how each "line" in Group Access relates to the system itself is variable. If somebody does not have access to a part of the system, and it seems that they should have it, a Group Access setting is very likely to be the issue. It is easiest to address these issues with the person in question logged in to Charitylog on one computer, and you (the administrator) logged in on another. Have a look at Group Access, starting from the relevant tab if you can narrow it down. Tick boxes, ask the other user to refresh their browser window, and then try to access the feature they need. If this does not work, reset the tick boxes and move on to something else.
- Note: remember you can always call the support line on 01989 763 691 for help with Group Access.
- Note of caution: if you are an administrator, do not un-tick the "Administration" view access boxes on the "Administration" tab. This will disallow access to the Administration menu itself for the Administrator usergroup, meaning that you will not be able to get back into Group Access and reset it! If this happens, you will need to call the support line, and one of our team will reset the permissions for you.
At the top of the Group Access screen is a tick box, as shown:
Ticking this box will select every option on all tabs. You may like to create a special "Chief Executive" usergroup or similar, just for your CE, so that somebody in the organisation always has access to everything.
Deleting user groups
Clicking on "Group Access" displays the groups that are set up on your system. You may wish to delete old or obsolete groups. Next to each group is text telling you how many users are in that group, or a red cross. Clicking on the red cross will delete the group in question.
You will not be allowed to delete a user group until all users have been moved out of it. This includes inactive users, so you may like to create an "Old Users" group with no permissions, and move all inactive users into this group when you make them inactive. This will allow you to delete groups which are not being used any more.
Limiting access to a specific document, etc
Uploaded documents
Uploaded Documents are files which you upload to keep in the same place as somebody's details. They are usually used with clients, to upload scanned forms, risk assessments and so on, but you can upload documents to any person/organisation in Charitylog if you wish. When you upload a document, you can specify who is able to see this document after upload. Click on the "Uploaded Documents" button on the person/organisation's Details screen (Client Details screen shown).
The button shows how many documents are uploaded, if any. Click on the button to see the list of uploaded files, then click the "Upload Document" button to upload a new one.
At the bottom of the page will be a box headed "Users These Documents Will Be Visible To". Here you can set who will be able to see the document. You can select usergroups, individual people, or a combination of both (e.g. you can make a document available to all administrators, plus two other particular members of staff). You can do this by holding the "ctrl" button (PC) or "Command" (Mac) and clicking the combination of people you want. You can also use shift-click (PC or Mac) to select a range.
Once you have selected all the required options and the document to be uploaded, click "Save Details". Note: if you do not select yourself when you specify who the document is to be visible to, once it is uploaded you will not be able to see it. This may be appropriate, but more often you will want to keep documents that you upload visible to yourself. If you are about to save a document which will be invisible to you, you will see this error message.
For more details of how to use Uploaded Documents, see the end user manual: Uploaded Documents.
Private Notes
Earlier in this chapter you saw how to enable users to create Private Notes. Private Notes are simply pieces of text, and there is no reporting available on them. They are usually used to record sensitive, personal or private information about a person/organisation. When you create a private note, you will probably want strict control of who will be able to see this information once it is added to the system. As with Uploaded Documents, there is control over visibility of every note.
Clicking on the "Private Notes" link at the bottom of the any Details screen will show the notes that are already stored for this person/organisation, if there are any. Click the "Create New Notes" button to create a new one.
At the bottom of the resulting screen will be a field headed "Staff Access".
In this box you can select groups, individual users, or both. Use the "ctrl" key (Windows) or "Command" key (Mac) to select as many as you need. Remember to select yourself, or the note will be invisible to you once you have saved it. If you try and save a note without having made it visible to yourself, you will see the following error message.
Extension Databases
Extension Databases have control over who can see them. Click on the name of the Extension Database.
At the bottom of the resulting screen is a field labelled "Available to users in these groups", where you can control who will be able to see the Extension Database. Unlike Uploaded Documents or Private Notes, Extension Databases can only have their visibility controlled by usergroup, not by individual user.
Select the groups you want the Extension Database to be visible to.
