'Delete Records' and 'Edit Locked Journals' Staff Account privileges
There are two Security Privileges in a Staff Account which grant high-level access to delete records and edit locked Journals in SupportAbility: Delete Records and Edit Locked Journals.
Audience: Authorised Representatives, Executive Management
Authorisation to grant these privileges
Given that these privileges allow Staff to edit and/or delete important information, we recommend providers exercise caution with regards to who in your organisation is granted these privileges.
The 'Delete Records' privilege is usually reserved for an organisation's Authorised Representatives, and the 'Edit Locked Journals' privilege is not one that is granted to anyone in an organisation by default.
Please be aware that if a Staff member at your organisation has the privileges to 'Edit User Accounts' as well as either of these privileges, they will be able to provision these privileges to other Staff members.
However, if it is absolutely required, special authorisation must be provided in order for us to provision this. This authorisation must be advised via a letter on company letterhead, signed by your organisation's Director/CEO, authorising SupportAbility Software to provision the required privilege for the approved Staff member/s submitted via a support ticket to us.
Please be aware that Client records cannot be deleted in cases where they are attached to records such as:
- External Invoices (for providers of Plan Management Services)
- Client Incidents
- Organisational Accident Incident Register (AIR) Incidents - People Involved
- Organisational Accident Incident Register (AIR) Incidents - Injured Parties
In addition, even though SupportAbility prompts the Staff Member to confirm that they are absolutely sure before they delete a record, any records deleted using this privilege will be deleted permanently and are rarely recoverable. Related records are also deleted. For example, if a Client record is deleted, all of their associated data is also deleted (Goals, Documents, etc.).
To even investigate recovering a record, must be done under a paid support contract as this often takes our Engineering team a significant amount of time with no guarantee on the outcome of recovering the record successfully.
For these reasons, we recommend that the delete privilege be limited to one or two senior Staff Members within your organisation.
'Edit Locked Journals'
Please also note that any changes made through the use of this access privilege will still generate auditable logs in the SupportAbility database backend and as such could potentially still be subject to a subpoena under legislation.