Security: How to Configure Desktop Security for Clients
Security setup for access to clients can be found in the Configure Desktop under security in the Configure Security Roles menu. Different levels of access can be created for each role, so once a role is selected, administrators can decide how each user assigned to that role will work with client information.
Start by checking clients. This will automatically allow access to every section of the client record, so be sure to expand this section for full visibility to each area. Remove the checks for areas users should not have access to. Notice that the first 3 options can also be further expanded.
In order to best determine what to allow, administrators should become familiar with each of these categories in the client record. To do so, go to the Clients Desktop and search for a client. Open the client record and walk through each category. Each of these sections, and the tabs within these sections, are what are being allowed in securities.
The General, History, and Medical sections can be further expanded in security. This allows administrators to choose the specific tabs within each section to grant access to. At the simplest level, a role may only be allowed to see the Identification tab in the General section. If no other tab or section is allowed, this is the only component of the client chart each user in that role would see.
After becoming familiar with the full client record, administrators should be ready to start the security set up. If any of the tabs within the section is not suitable for a role, then simply do not put a check next to the corresponding category. Then users will not have any visibility at all to that area of the client record.
Once the appropriate areas have been opened up for a role, the data contained within each section can be made read-only or denied. This is managed in the Data Security tab. It is only necessary to complete this step if you have allowed access to a particular section and want to control how the data is used. If access has not be allowed to a section altogether under the desktop security tab, then the users do not even have the rights to get to the data.
The Data Group “All Clients” defaults to affect all clients within the database. Expand this to see the various folders that contain the data fields of the client record. For example, when expanding client, each data field will be presented in the Identification section under desktop security. If access has been allowed to this section and the goal is to limit the users from editing the data, then apply checkmarks in the read-only column for each field to be protected. If denied is marked for a field, the data is replaced with an asterisk so that the information is blocked. For example, administrators may want to block the Social Security number from being seen, while the remaining fields can be seen, but not edited. Continue on this path for all relative folders.
Additional data groups may need to be created if these read-only and denied settings should be isolated to a particular group of clients. For example, if a user should be able to have full access, both viewing and editing rights, for the clients in their cost center, but should only have read-only rights for clients in other cost centers, then the settings should not be applied to the default All clients group. Rather, a new data grouping should be created.
That is done by going to Configure–>Security–>Configure Data Groupings. Add a data grouping and give it a name. In the example below, the group is being created to protect client data. Add Parameters to define the group; whether it will be by specific client, Q-supervisor, or cost center. Then select accordingly. Once the data grouping has been saved, then apply the read-only and denied settings accordingly for each role in the data security tab.