User roles and access
Roles
Paua has the concept of user roles. Each user is given one or more roles within Paua. The roles that a user has been assigned will govern what they can and cannot do within Paua.
There are four roles:
Sys Manager
Admin
Supervisor
Basic user
Only the first three roles are actually assigned in Paua. Basic user is a role that any user automatically has.
In Paua the roles have historically been hierarchical in that anything that can be done with the role Basic user can also be done by Supervisor and everything that can be done by Supervisor can be done by Admin etc.
This is not necessarily always going to be that case as there are scenarios where an Admin role should not be able to perform all tasks that a Supervisor can perform. It is therefore recommended that users given the Admin role should also be given the Supervisor role if they are required to do supervisor tasks.
Sys Manager
This is a role that can only be assigned to a user by Paua support staff. The Sys Manager role is able to perform anything that the Admin role can perform. It is not a role to take lightly because in addition to the standard administration function the role can perform many potentially dangerous operations. Among the operations that can only be performed by the Sys Manager role are:
Delete a finalised Contact
Delete a Family Member
Delete a Client
Re-activate an Exited Client
Admin
This role allows access to all the features of the Administration sub menu which is only visible to users with the Admin role or Sys Manager role. Admin users can for example create new users, reset a user’s password, maintain the application’s dropdown lists, create user defined forms and reports, create evaluation forms and client assessments. This role also has access to the Paua Preferences where many application features can be enabled or disabled, mandatory fields may be defined and many other organisation wide preferences can be set.
Supervisor
This role is intended for users who do not need to make changes to the Paua application but who have more privilege than a Basic user. Among the operations that can be performed by the Supervisor role are:
Activate new clients
Exit clients
Sign off clients
Change the Primary client on Family clients
Note
When setting up new users there are some additional checkboxes that refer to specific permissions that are normally only available to the Supervisor role but can be applied to Basic users. These extra permissions are:
Perform evaluation form analysis
Access all case notes (including those that would not normally visible for this user)
Activate clients
Exit clients
These extra checkboxes have been added at the request of specific agencies and are outside of the normal Paua roles. If several of them are ticked you need to ask if the user should really just be a supervisor
Basic User
This role can perform normal day to day addition of case notes and other date relating to clients and is intended for non supervisory case workers.
User Permissions
Clients
Feature or action |
Who can do it? |
|---|---|
View a client record. |
Generally anyone can view a client record. However if the agency has the preference set apply case note security to entire client record then only those users who have privilege to view case notes for this client will be able to view the record. |
Update a client record. |
Anyone who can view the client record can update it with the exception that when the client is in a final status (normally meaning exited) then it is not editable. |
Delete a client record. |
Only users with sys manager privilege can delete a client record and this should only be done when a record is created in error. |
Activate a client. |
Users with the privilege Sys Manager, Admin or Supervisor. In addition any basic user who has been assigned the privilege can activate clients |
Exit a client. |
Users with the privilege Sys Manager, Admin or Supervisor. In addition any basic user who has been assigned the privilege can exit clients |
Sign off a client. |
Sys Manager, Admin or Supervisor providing that the client is already in a Final Status |
Transfer a client to a different programme |
This feature is only available if Programme Transfers are enabled in preferences and then you have to be Sys Manager, Admin or Supervisor. |
Create a Form Letter |
Form Letters must be enabled in Preferences and the client must be the Primary Client if the Family Module is enabled. |
Change the Primary Client. |
Can only be performed on Active clients and then by Sys Manager, Admin or Supervisor. |
Change Client Entry Date |
Can only be done if the client is Active by Sys Manager or Admin |
Change Client Activation date |
If the client is active this can only be done by Sys Manager or Admin. If the client is in a final status, for example Exited then it can only be done by a Sys Manager |
Rollback Client Status |
Current client status must be something other than an Initial Status. If the client is a Subsidiary Family Client and the Primary Family Client is already exited then you cannot roll back. In addition you cannot roll back if the status was previously changed over 18 months ago. Rolling back is only intended to immediately correct mistakes. In other cases you should probably create a New Client |
View Client Audit |
Sys Manager or Admin |
Generate Offline Data extract |
Sys Manager or Admin |
View Client Contacts |
Anyone but depends on the settings in Preferences, Case Note Security see Case Note Security |
Create New Contact |
Anyone who can view contacts. However if the client is in a Final Status then it is only possible to add new contacts if the preference prevent contacts after exit is set. |
Update a Client Contact |
Anyone who has viewing access to the contact provided it is still in a draft state. Once the contact is finalised then it can no longer be edited. (Note that contacts are automatically finalised after 10 days. |
Delete Client Contact |
Once the contact is set to final status it cannot be deleted except by a Sys Manager. Whilst the contact is in draft state it can be deleted by an Admin user. |
Reset Contact to draft state |
This can only be done by a Sys Manager and then only if the client is not in a final status |
Add an Interested Party to the client |
Any user who can see the client |
Edit/update an Interested Party |
Any user provided that the client is editable ie. Not exited. |
Delete an Interested Party |
Sys Manager or Admin user, provided that the client is editable ie. not exited. |
View Client Notes |
Anyone but depends on the settings in Preferences in particular whether Apply case note security to general notes is set. see Case Note Security |
View Client Attachments |
Anyone but depends on the settings in Preferences in particular whether Apply case note security to attachments is set. see Case Note Security |
Delete Client Attachments |
Admin users can delete an attachment but it also depends on the settings in Preferences in particular whether Apply case note security to attachments is set. see Case Note Security |
Delete Client Assessments/Evaluations. |
If the assessment/evaluation has not been finalised then anyone can delete it. However once it has been finalised only a Sys Manager can do this. |
Add Client Reminder |
Anyone who can view the client record unless the client is in a Final status |
Reset a Client Reminder |
Anyone can reset a reminder if the reminder date is in the next seven days. |
Delete a Client Issue. |
Sys Manager or Admin. |
Delete Client’s user defined form responses |
Sys Manager only |
People
Feature or Action |
Who can do it? |
|---|---|
Change a person’s name |
Normally anyone can edit a person’s name. However if the agency have the limit person name change to admin users preference set then once the person record has been saved then only a Sys Manager or Admin user can change their name. set.then once the person record has been saved then only a Sys Manager or Admin user can change their name. |
Add or edit a safety alert |
Supervisor or a basic user with the special privilege can create safety alerts |
Custom Fields
Feature or action |
Who can do it |
|---|---|
Change Custom Field data type |
This can be done by an Admin user with the provision that there is no data already stored against that custom field. |
Auditing
Feature or action |
Who can do it |
|---|---|
View Audit records |
Sys Manager or Admin |
Backup
Feature or action |
Who can do it? |
|---|---|
View/Download Agency Backups |
Sys Manager or Admin |
Enquiries
Feature or action |
Who can do it |
|---|---|
Create View Edit Enquiries |
Anybody |
Delete Enquiries |
Admin User |
Evaluation / Assessment Forms
Feature or action |
Who can do it |
|---|---|
Create Evaluation/Assessment Forms |
Sys Manager or Admin |
Delete Form |
If there are no answers on record for this particular form then a Sys Manager or Admin user can delete it. |
Make a copy of a form |
Any Sys Manager or Admin user |
Add New Questions to a Form |
If the form has no answers already recorded for clients then an Admin user can add more questions. If there are already answers on the database then only a Sys Manager can add more questions. |
Change Questions |
If the form has no answers on the database then any Admin user can change the questions, Otherwise nobody can change the questions. |
Delete questions |
If the form has no answers on the database then any Admin user can delete a question, Otherwise nobody can do so. |
Goals
Feature or action |
Who can do it |
|---|---|
View / Edit Client Goals |
Any user who has access to the client |
Create a new goal for a client |
Any user who has access to the client unless the client is in a Final status |
Delete a goal |
Sys Manager or Admin user |
Reset a goal |
Anybody with access to the client record can reset a goal provided that the client is not in a Final status and the date achieved is not blank. |
Groups
Feature or action |
Who can do it |
|---|---|
Create / Update Group |
Any user with the proviso that a group cannot be updated once it is marked as concluded |
Add new Group Session |
Any user so long as the group is not concluded |
Add new group member |
Any user so long as the group is not concluded |
Delete group |
Any user so long as there are no Group Sessions |
Reactivate concluded group |
Sys Manager user |
Remove Group Members |
Any user provided that the member has not attended any Group Sessions |
Add Group Attachment |
Any user |
Delete Group Attachment |
Sys Manager or Admin user |