User roles and access

Roles

Paua has the concept of user roles. Each user is given one or more roles within Paua. The roles that a user has been assigned will govern what they can and cannot do within Paua.

There are four roles:

  • Sys Manager
  • Admin
  • Supervisor
  • Basic user

Only the first three roles are actually assigned in Paua. Basic user is a role that any user automatically has.

In Paua the roles have historically been hierarchical in that anything that can be done with the role Basic user can also be done by Supervisor and everything that can be done by Supervisor can be done by Admin etc.

This is not necessarily always going to be that case as there are scenarios where an Admin role should not be able to perform all tasks that a Supervisor can perform. It is therefore recommended that users given the Admin role should also be given the Supervisor role if they are required to do supervisor tasks.

Sys Manager

This is a role that can only be assigned to a user by Paua support staff. The Sys Manager role is able to perform anything that the Admin role can perform. It is not a role to take lightly because in addition to the standard administration function the role can perform many potentailly dangerous operations. Among the operations that can only be performed by the Sys Manager role are:

  • Delete a finalised Contact
  • Delete a Family Member
  • Delete a Client
  • Re-activate an Exited Client

Admin

This role allows access to all the features of the Administration sub menu which is only visible to users with the Admin role or Sys Manager role. Admin users can for example create new users, reset a user’s password, maintain the application’s dropdown lists, create user defined forms and reports, create evaluation forms and client assessments. This role also has access to the Paua Preferences where many application features can be enabled or disabled, mandatory fields may be defined and many other organisation wide preferences can be set.

Supervisor

This role is intended for users who do not need to make changes to tha Paua application but who have more privilege than a Basic user. Among the operations that can be performed by the Supervisor role are:

  • Activate new clients
  • Exit clients
  • Sign off clients
  • Change the Primary client on Family clients

Note

When setting up new users there are some additional checkboxes that refer to specific permissions that are normally only available to the Supervisor role but can be applied to Basic users. These extra permissions are:

  • Perform evaluation form analysis
  • Access all case notes (including those that would not normally visible for this user)
  • Activate clients
  • Exit clients

These extra checkboxes have been added at the request of specific agencies and are outside of the normal Paua roles. If several of them are ticked you need to ask if the user should really just be a supervisor

Basic User

This role can perform normal day to day addition of case notes and other date relating to clients and is intended for non supervisory case workers.

User Permissions

Clients

Feature or action Who can do it?
View a client record. Generally anyone can view a client record. However if the agency has the preference set apply case note security to entire client record then only those users who have privilege to view case notes for this client will be able to view the record.
Update a client record. Anyone who can view the client record can update it with the exception that when the client is in a final status (normally meaning exited) then it is not editable.
Delete a client record. Only users with sys manager privilege can delete a client record and this should only be done when a record is created in error.
Activate a client. Users with the privilege Sys Manager, Admin or Supervisor. In addition any basic user who has been assigned the privilege can activate clients
Exit a client. Users with the privilege Sys Manager, Admin or Supervisor. In addition any basic user who has been assigned the privilege can exit clients
Sign off a client. Sys Manager, Admin or Supervisor providing that the client is already in a Final Status
Transfer a client to a different programme This feature is only available if Programme Transfers are enabled in preferences and then you have to be Sys Manager, Admin or Supervisor.
Create a Form Letter Form Letters must be enabled in Preferences and the client must be the Primary Client if the Family Module is enabled.
Change the Primary Client. Can only be performed on Active clients and then by Sys Manager, Admin or Supervisor.
Change Client Entry Date Can only be done if the client is Active by Sys Manager or Admin
Change Client Activation date If the client is active this can only be done by Sys Manager or Admin. If the client is in a final status, for example Exiuted then it can only be done by a Sys Manager
Rollback Client Status Current client status must be something other than an Initial Status. If the client is a Subsidiary Family Client and the Primary Family Client is already exited then you cannot roll back. In addition you cannot roll back if the status was previously changed over 18 months ago. Rolling back is only intended to immediatly correct mistakes. In other cases you should probably create a New Client
View Client Audit Sys Manager or Admin
Generate Offline Data extract Sys Manager or Admin
View Client Contacts Anyone but depends on the settings in Preferences, Case Note Security see Case Note Security
Create New Contact Anyone who can view contacts. However if the client is in a Final Status then it is only possible to add new contacts if the preference prevent contacts after exit is set.
Update a Client Contact Anyone who has viewing access to the contact provided it is still in a draft state. Once the contact is finalised then it can no longer be edited. (Note that contacts are automatically finalised after 10 days.
Delete Client Contact Once the contact is set to final status it cannot be deleted except by a Sys Manager. Whilst the contact is in draft state it can be deleted by an Admin user.
Reset Contact to draft state This can only be done by a Sys Manager and then only if the client is not in a final status
Add an Interested Party to the client Any user who can see the client
Edit/update an Interested Party Any user provided that the client is editable ie. Not exited.
Delete an Interested Party Sys Manager or Admin user, provided that the client is editable ie. not exited.
View Client Notes Anyone but depends on the settings in Preferences in particular whether Apply case note security to general notes is set. see Case Note Security
View Client Attachments Anyone but depends on the settings in Preferences in particular whether Apply case note security to attachments is set. see Case Note Security
Delete Client Attachments Admin users can delete an attachment but it also depends on the settings in Preferences in particular whether Apply case note security to attachments is set. see Case Note Security
Delete Client Assessments/Evaluations. If the assessment/evaluation has not been finalised then anyone can delete it. However once it has been finalised only a Sys Manager can do this.
Add Client Reminder Anyone who can view the client record unless the client is in a Final status
Reset a Client Reminder Anyone can reset a reminder if the reminder date is in the next seven days.
Delete a Client Issue. Sys Manager or Admin.
Delete Client’s user defined form responses Sys Manager only
   

People

Feature or Action Who can do it?
Change a person’s name Normally anyone can edit a person’s name. However if the agency have the limit person name change to admin users preference set then once the person record has been saved then only a Sys Manager or Admin user can change their name. set.then once the person record has been saved then only a Sys Manager or Admin user can change their name.
Add or edit a safety alert Supervisor or a basic user with the special privilege can create safety alerts

Custom Fields

Feature or action Who can do it
Change Custom Field data type This can be done by an Admin user with the provision that there is no data already stored against that custom field.

Auditing

Feature or action Who can do it
View Audit records Sys Manager or Admin

Backup

Feature or action Who can do it?
View/Download Agency Backups Sys Manager or Admin

Enquiries

Feature or action Who can do it
Create View Edit Enquiries Anybody
Delete Enquiries Admin User

Evaluation / Assessment Forms

Feature or action Who can do it
Create Evaluation/Assessment Forms Sys Manager or Admin
Delete Form If there are no answers on record for this particular form then a Sys Manager or Admin user can delete it.
Make a copy of a form Any Sys Manager or Admin user
Add New Questions to a Form If the form has no answers already recorded for clients then an Admin user can add more questions. If there are already answers on the database then only a Sys Manager can add more questions.
Change Questions If the form has no answers on the database then any Admin user can change the questions, Otherwise nobody can change the questions.
Delete questions If the form has no answers on the database then any Admin user can delete a question, Otherwise nobody can do so.

Goals

Feature or action Who can do it
View / Edit Client Goals Any user who has access to the client
Create a new goal for a client Any user who has access to the client unless the client is in a Final status
Delete a goal Sys Manager or Admin user
Reset a goal Anybody with access to the client record can reset a goal provided that the client is not in a Final status and the date achieved is not blank.

Groups

Feature or action Who can do it
Create / Update Group Any user with the proviso that a group cannot be updated once it is marked as concluded
Add new Group Session Any user so long as the group is not concluded
Add new group member Any usre so long as the group is not concluded
Delete group Any user so long as there are no Group Sessions
Reactivate concluded group Sys Manager user
Remove Group Members Any user provided that the member has not attended any Group Sessions
Add Group Attacment Any user
Delete Group Attachment Sys Manager or Admin user