User roles and access

Roles

Paua has the concept of user roles. Each user is given one or more roles within Paua. The roles that a user has been assigned will govern what they can and cannot do within Paua.

There are four roles:

  • Sys Manager

  • Admin

  • Supervisor

  • Basic user

Only the first three roles are actually assigned in Paua. Basic user is a role that any user automatically has.

In Paua the roles have historically been hierarchical in that anything that can be done with the role Basic user can also be done by Supervisor and everything that can be done by Supervisor can be done by Admin etc.

This is not necessarily always going to be that case as there are scenarios where an Admin role should not be able to perform all tasks that a Supervisor can perform. It is therefore recommended that users given the Admin role should also be given the Supervisor role if they are required to do supervisor tasks.

Sys Manager

This is a role that can only be assigned to a user by Paua support staff. The Sys Manager role is able to perform anything that the Admin role can perform. It is not a role to take lightly because in addition to the standard administration function the role can perform many potentially dangerous operations. Among the operations that can only be performed by the Sys Manager role are:

  • Delete a finalised Contact

  • Delete a Family Member

  • Delete a Client

  • Re-activate an Exited Client

Admin

This role allows access to all the features of the Administration sub menu which is only visible to users with the Admin role or Sys Manager role. Admin users can for example create new users, reset a user’s password, maintain the application’s dropdown lists, create user defined forms and reports, create evaluation forms and client assessments. This role also has access to the Paua Preferences where many application features can be enabled or disabled, mandatory fields may be defined and many other organisation wide preferences can be set.

Supervisor

This role is intended for users who do not need to make changes to the Paua application but who have more privilege than a Basic user. Among the operations that can be performed by the Supervisor role are:

  • Activate new clients

  • Exit clients

  • Sign off clients

  • Change the Primary client on Family clients

Note

When setting up new users there are some additional checkboxes that refer to specific permissions that are normally only available to the Supervisor role but can be applied to Basic users. These extra permissions are:

  • Perform evaluation form analysis

  • Access all case notes (including those that would not normally visible for this user)

  • Activate clients

  • Exit clients

These extra checkboxes have been added at the request of specific agencies and are outside of the normal Paua roles. If several of them are ticked you need to ask if the user should really just be a supervisor

Basic User

This role can perform normal day to day addition of case notes and other date relating to clients and is intended for non supervisory case workers.

User Permissions

Clients

Feature or action

Who can do it?

View a client record.

Generally anyone can view a client record. However if the agency has the preference set apply case note security to entire client record then only those users who have privilege to view case notes for this client will be able to view the record.

Update a client record.

Anyone who can view the client record can update it with the exception that when the client is in a final status (normally meaning exited) then it is not editable.

Delete a client record.

Only users with sys manager privilege can delete a client record and this should only be done when a record is created in error.

Activate a client.

Users with the privilege Sys Manager, Admin or Supervisor. In addition any basic user who has been assigned the privilege can activate clients

Exit a client.

Users with the privilege Sys Manager, Admin or Supervisor. In addition any basic user who has been assigned the privilege can exit clients

Sign off a client.

Sys Manager, Admin or Supervisor providing that the client is already in a Final Status

Transfer a client to a different programme

This feature is only available if Programme Transfers are enabled in preferences and then you have to be Sys Manager, Admin or Supervisor.

Create a Form Letter

Form Letters must be enabled in Preferences and the client must be the Primary Client if the Family Module is enabled.

Change the Primary Client.

Can only be performed on Active clients and then by Sys Manager, Admin or Supervisor.

Change Client Entry Date

Can only be done if the client is Active by Sys Manager or Admin

Change Client Activation date

If the client is active this can only be done by Sys Manager or Admin. If the client is in a final status, for example Exited then it can only be done by a Sys Manager

Rollback Client Status

Current client status must be something other than an Initial Status. If the client is a Subsidiary Family Client and the Primary Family Client is already exited then you cannot roll back. In addition you cannot roll back if the status was previously changed over 18 months ago. Rolling back is only intended to immediately correct mistakes. In other cases you should probably create a New Client

View Client Audit

Sys Manager or Admin

Generate Offline Data extract

Sys Manager or Admin

View Client Contacts

Anyone but depends on the settings in Preferences, Case Note Security see Case Note Security

Create New Contact

Anyone who can view contacts. However if the client is in a Final Status then it is only possible to add new contacts if the preference prevent contacts after exit is set.

Update a Client Contact

Anyone who has viewing access to the contact provided it is still in a draft state. Once the contact is finalised then it can no longer be edited. (Note that contacts are automatically finalised after 10 days.

Delete Client Contact

Once the contact is set to final status it cannot be deleted except by a Sys Manager. Whilst the contact is in draft state it can be deleted by an Admin user.

Reset Contact to draft state

This can only be done by a Sys Manager and then only if the client is not in a final status

Add an Interested Party to the client

Any user who can see the client

Edit/update an Interested Party

Any user provided that the client is editable ie. Not exited.

Delete an Interested Party

Sys Manager or Admin user, provided that the client is editable ie. not exited.

View Client Notes

Anyone but depends on the settings in Preferences in particular whether Apply case note security to general notes is set. see Case Note Security

View Client Attachments

Anyone but depends on the settings in Preferences in particular whether Apply case note security to attachments is set. see Case Note Security

Delete Client Attachments

Admin users can delete an attachment but it also depends on the settings in Preferences in particular whether Apply case note security to attachments is set. see Case Note Security

Delete Client Assessments/Evaluations.

If the assessment/evaluation has not been finalised then anyone can delete it. However once it has been finalised only a Sys Manager can do this.

Add Client Reminder

Anyone who can view the client record unless the client is in a Final status

Reset a Client Reminder

Anyone can reset a reminder if the reminder date is in the next seven days.

Delete a Client Issue.

Sys Manager or Admin.

Delete Client’s user defined form responses

Sys Manager only

People

Feature or Action

Who can do it?

Change a person’s name

Normally anyone can edit a person’s name. However if the agency have the limit person name change to admin users preference set then once the person record has been saved then only a Sys Manager or Admin user can change their name. set.then once the person record has been saved then only a Sys Manager or Admin user can change their name.

Add or edit a safety alert

Supervisor or a basic user with the special privilege can create safety alerts

Custom Fields

Feature or action

Who can do it

Change Custom Field data type

This can be done by an Admin user with the provision that there is no data already stored against that custom field.

Auditing

Feature or action

Who can do it

View Audit records

Sys Manager or Admin

Backup

Feature or action

Who can do it?

View/Download Agency Backups

Sys Manager or Admin

Enquiries

Feature or action

Who can do it

Create View Edit Enquiries

Anybody

Delete Enquiries

Admin User

Evaluation / Assessment Forms

Feature or action

Who can do it

Create Evaluation/Assessment Forms

Sys Manager or Admin

Delete Form

If there are no answers on record for this particular form then a Sys Manager or Admin user can delete it.

Make a copy of a form

Any Sys Manager or Admin user

Add New Questions to a Form

If the form has no answers already recorded for clients then an Admin user can add more questions. If there are already answers on the database then only a Sys Manager can add more questions.

Change Questions

If the form has no answers on the database then any Admin user can change the questions, Otherwise nobody can change the questions.

Delete questions

If the form has no answers on the database then any Admin user can delete a question, Otherwise nobody can do so.

Goals

Feature or action

Who can do it

View / Edit Client Goals

Any user who has access to the client

Create a new goal for a client

Any user who has access to the client unless the client is in a Final status

Delete a goal

Sys Manager or Admin user

Reset a goal

Anybody with access to the client record can reset a goal provided that the client is not in a Final status and the date achieved is not blank.

Groups

Feature or action

Who can do it

Create / Update Group

Any user with the proviso that a group cannot be updated once it is marked as concluded

Add new Group Session

Any user so long as the group is not concluded

Add new group member

Any user so long as the group is not concluded

Delete group

Any user so long as there are no Group Sessions

Reactivate concluded group

Sys Manager user

Remove Group Members

Any user provided that the member has not attended any Group Sessions

Add Group Attachment

Any user

Delete Group Attachment

Sys Manager or Admin user