Staff Account Privileges

This article discusses the various Staff Account Privileges available to grant Staff specific additional levels of access in SupportAbility and covers the information below:

The following list summarises the content within this article. Click on the links below to take you to the relevant sections:


How is access in SupportAbility granted?

There are two areas in the user details tab of a Staff account where access is granted,  Security privileges and Sites and services where this staff member works.

Security privileges are where Staff accounts are made active or inactive, however, most other settings in this section are for Staff requiring high levels of access and edit functionality for specific areas of SupportAbility, including global privileges. 

    Sites and services where this staff member works is where access and edit functionality is granted according to the specific areas of the organisation the Staff member works in, as itemised in Staff Accounts.
    • Administration [ALL SERVICES] privilege grants access and edit functionality for ALL Services at a particular Site as itemised in Staff Accounts.
    • Restricted role-based privileges grant additional access and edit functionality for specific roles (Team Leader, Human Resources, Document Manager) relative to the Sites/Services itemised in Staff Accounts.  

    IMPORTANT

    As you review each of the different types of privileges in this article, it is important to note that the high level 'global' Security privileges operate in lieu of itemising the Sites and Services where a Staff member works.  

    For example, if a Staff member has been granted the 'Team Leader for ALL Services' global Security privilege, this grants them Team Leader access and functionality for all Services across your organisation and therefore Sites and Services do not need to be itemised separately. 

    If 'Team Leader' access is required for ALL Services at a  particular Site, then the Site would be itemised and 'Administration [ALL SERVICES]' selected for that Site, along with the 'Team Leader' privilege granted for that Site.

    Return to Summary


    Security Privileges 

    The purpose and functionality of each of the Security Privileges are outlined here. The Staff Account Privileges video also outlines the various privileges and related access & functionality. 

    User is Active

    When a new Staff Account is created the 'User is Active' by default. This is the only access privilege which is granted by default. When the 'User is Active' setting is deselected, this results in the Staff Account being Inactive. Inactivating the Staff Account is required when a Staff member leaves your organisation. 

    An active Staff Account means the individual can be rostered into activities and can have Human Resources information saved in their record. All current Staff in your organisation should have this turned on, provided they need access to SupportAbility. Keep in the mind that each active Staff Account forms part of your organisation’s license seat quota. Please note the 'Envision Systems' user account does not contribute to your licence seat quota. 

    An active user account grants the individual the ability to log into the system, as long as their username and password has been provided. When a Staff member leaves your organisation, their Staff Account does not need to be deleted. Simply turn this active setting off to immediately revoke their access whilst maintaining the audit trail of what they have completed historically.

    User is a Manager

    The ‘User is a Manager’ privilege grants access to information flagged as ‘managers only’ such as:

    • specific uploaded documents,
    • journal entries,
    • client warnings,
    • behaviors, and
    • medical conditions.

    Manager level access only applies to the records the user has access to. For example, a Staff member with access to selected Sites and Services e.g. Day Service at the Melbourne Site will only be able to see things set as ‘Managers Only’ for Clients who participate in the Day Service at the Melbourne Site.

    A Staff member with the 'Edit Client Records Across All Services' privilege, however, will be able to see things set as ‘Managers Only’ for  all Clients, across all Sites/Services.

    We recommend that only Staff with managerial responsibilities in your organisation have the 'User is a Manager' privilege as a point of escalation.

    View Financial Information

    The ‘View Financial Information’ privilege grants Staff access to view and edit financial information in SupportAbility. 

    Staff will require this privilege to: 

    • create and edit client funding records, 
    • see NDIS support item rates, and 
    • generate various reports related to financials.

    Similar to the ‘User is a Manager’ privilege, Financial information access only applies to the Client records the user has access to. Staff who are required to generate invoices, NDIS Bulk Payment Requests and/or timesheet batches require this privilege and access to all Clients granted via the 'Edit Client Records Across ALL Services' global privilege.

    Edit User Accounts 

    The ‘Edit User Accounts’ privilege allows Staff with this access to create and edit Staff Accounts. This provides the individual access to the User Details tab of a Staff Account and to add, or update usernames, passwords, and privileges. 

    This Staff member will only be able to grant other Staff the same privileges or less than the ones they have themselves. We recommend that only a limited number of Staff within an organisation have this level of access.

    Allow Remote Access

    SupportAbility does not restrict remote access by default, thereby all Staff can access SupportAbility remotely provided the two levels of security are entered (shared username & password, and individual username & password).  

    If your organisation chooses to restrict remote access to a limited number of Staff, then the following two actions must be completed:

    • configure a whitelist of allowable static public IP addresses in SupportAbility
    • activate the 'Allow Remote Access' privilege in the relevant Staff Accounts.

    When this privilege has been activated in individual Staff Accounts, it grants Staff the ability to access SupportAbility from outside a registered network. Please note that this privilege is only relevant and required when access has been restricted to a specific network in your installation. The Restricting Remote Access article in our Knowledge Base (linked below) provides further information regarding this.

    If access has been restricted as outlined, we recommend granting this privilege to only Staff who need access to SupportAbility outside your organisation's network, as it can pose a potential privacy threat if private Client information can be seen whilst they are in public for example.

    Edit System Preferences

    Staff with the ‘Edit System Preferences’ privilege have the ability to configure your organisation’s SupportAbility installation via System Preferences. We recommend that this privilege is centralised where possible and only the Authorised Representatives and senior managerial Staff in an organisation have this level of access.

    Edit Locked Journals

    This privilege allows the Staff member to edit Client Journals that have been automatically locked by the system as per how this setting has been configured. We generally do not recommend granting this role to anyone at an organisation. This privilege is not automatically granted to an organisation's Authorised Representatives upon commencement with SupportAbility. 

    However, if it is absolutely required, special authorisation must be provided in order for us to assign this.   This authorisation must be advised via a letter on company letterhead, signed by your organisation's Director/CEO, confirming who the 'Edit Locked Journals' Staff Account Privilege is approved for.

    Delete Records

    The ‘Delete Records’ privilege grants the Staff member the ability to delete all types of system records.

    WARNING! This privilege gives Staff the ability to delete records which contain a lot of important information, the outcome, therefore, being extensive and significant. Records are rarely recoverable, and to even investigate doing so, this must be done under a paid support contract.

    We recommend that this level of access is limited to one or two senior Staff in your organisation. Staff will only be able to grant other Staff the same privileges or less than the ones they have themselves.

    Most of our subscribers limit this to their Authorised Representatives and many prefer not to have anyone with this privilege and instead contact our Customer Success team via support@supportability.com.au if any records require deletion. When this privilege is required for Staff outside of your organisation's Authorised Representatives, special authorisation must be provided in order for us to assign this, as per the 'Edit Locked Journals' privilege authorisation.

    Return to Summary


    Global (ALL) Privileges

    The next four settings are global privileges that when granted, give Staff this level of access across the entire organisation. It is important to note that these settings can be restricted down to the specific Sites and Services that Staff members work at when they do not require organisational wide level access. This is covered further in the next section. 

    Human Resources For ALL Staff 

    The ‘Human Resources for ALL Staff’ privilege grants access for Staff to view and manage human resources (HR) information for ALL Staff across the organisation.

    Can Staff see their own Human Resources information?

    By default, Staff cannot see their own Human Resources details. The only exception to this is if the Staff member is a SupportAbility system Administrator AND a systems setting allowing them to access their own HR information is activated. Please note only the team at SupportAbility can enable these settings. If this is required, please contact us at  support@supportability.com.au.

    We recommend that only the executive and required human resources Staff in your organisation have this privilege as it allows them to access potentially sensitive Staff information.

    Restricting HR Information

    Additionally, if your organisation wishes to limit access to a particular Staff Account, for example, due to sensitive information, this can be achieved through a setting on the 'Human Resources' tab of that Staff Account called 'Restrict HR information':

    When this setting has been applied, ONLY Staff with the 'Human Resources For ALL Staff' Security privilege can access the Human Resources information for this Staff member.   

    Staff with the 'Human Resources' privilege for the Site/Services this Staff member works at, will not be able to access the Human Resources information for this Staff Account when this setting has been applied. 

    Team Leader for ALL Services  

    The ‘Team Leader for ALL Services’ privilege grants Staff the ability to:

    • See the Dashboards of other members of their team; Staff members that work in the same Site/Services as itemised in Staff accounts.
    • Access to the following tabs in the Staff members record for members of their team: Availability, Training, and the Learning Centre Log.
    • Filter the Roster to view across the Site/Service and for other members of their team.
    • View Journals that have been marked for 'Team Leaders' only for Clients that participate in the same Site/Services, as itemised in their Staff account. 
    • Along with the author, Team Leaders have the ability to edit Client Journals that have been created before they are locked. 
    • Create, edit and manage Activities. This includes adding Clients to an Activity, updating their Funding Source e.g. to their NDIS Funding and checking the 'No Charge' setting where applicable. 
    • Sign Off i.e. approve Activities for that Site/Service; approving Client's NDIS Support Allocations and Staff Timesheet data ready for Finance and/or Payroll.
    • Accept or reject Organisation Accident Incident Register (AIR) incidents and Opportunities for Improvement (OFI's). 

    Edit Client Records Across ALL Services

    The ‘Edit Client Records Across ALL Services’ privilege grants Staff access to view and edit ALL Client records across the organisation. 

    N.B. When a Staff member has both 'Edit Client Records Across ALL Services' and the 'Team Leader for ALL Services' privilege the user works across all Services and as a result, their Dashboard filter will default to 'All Staff'.

    Document Manager Across ALL Services 

    The ‘Document Manager Across ALL Services’ privilege grants Staff the ability to create, edit, delete and grant permissions for Documents and document folders in the Document Management System (DMS) across the organisation. Please view the videos in the Learning Centre available in the Features tab under the DMS subsection for more information: 

    Return to Summary


    Sites and services where this staff member works 

    The Creating Staff Accounts video reviews four existing Staff accounts and the privileges required for their respective roles, along with stepping through the process of creating Staff accounts. 

    It is the Sites and Services in common, as itemised in Staff Accounts and Client records, which grants Staff access to, and edit functionality within Client records. 

    I.e. the Sites and Services listed in the 'Client Service Participation' section of a Client record:

    And those itemised in the 'Sites and services where this staff member works' section on the 'User Details' tab of a Staff account:

    In the above example, the Staff member works in two different Services at the one Site. This means that the Staff member can access and edit the records of Clients that participate in each of these Services, but would not be able to access and edit Client records for other Services managed from this Site.

    Return to Summary


    Administration [ALL SERVICES]

    The Administration [ALL SERVICES] Site is included in all installations of SupportAbility and appears by default when adding a new Site/Service to a Staff Account.

    Sites and Services should be configured to itemise the specific and individual Services where a Staff member works.  Multiple line items may be necessary to reflect the different Services at a Site when Staff work in multiple Services.

    When 'Administration [ALL SERVICES]' is itemised at a particular Site, this grants the Staff member access to ALL SERVICES delivered and/or managed from that Site. 

    We recommend limiting this level of access to only those Staff e.g. Managers, who require high level access across all Services at a particular Site. Most Staff only need access to a select few Services delivered at a Site, and these must therefore be itemised separately. 

    For example, Abel works at two Sites in multiple Services which have been itemised in his Staff Account.  As he manages the Smith House Site, he has therefore been granted access to 'ALL SERVICES' at Smith House via the 'Administration [ALL SERVICES]' Service: 

    He has also been granted the 'Team Leader' & 'Human Resources' privileges for this Site, which provide him with additional functionality as outlined below.


    Restricted role-based privileges

    The Team Leader, Human Resources and/or Document Manager privileges in SupportAbility can be granted for Staff members based on the specific Site/Services they work in and the functionality they need. 

    Team Leader

    Where the 'Team Leader' privilege has been granted for specific Sites and Services:

    This gives them the ability to:

    • See the dashboards of other members of their team; Staff members that work in the same Site/Services.
    • Access to the following tabs in the Staff accounts of other members of their team; Availability, Training and the Learning Centre Log.
    • Filter the roster to view across the Site/Service and for other members of their team.
    • Ability to see Journals that have been marked for 'Team Leaders' for Clients that participate in the same Site/Services. 
    • Along with the author, Team Leaders have the ability to edit Client Journals that have been created before they are locked. 
    • Create, edit and manage Activities delivered for this Service from this Site. This includes adding Clients to an Activity, updating their Funding Source e.g. to their NDIS Funding and checking the 'No Charge' setting where applicable. 
    • Sign Off i.e. approve Activities for that Site/Service; approving Client Funding allocations and Staff Timesheet data ready for Finance and/or Payroll.
    • Accept or reject Organisation Accident Incident Register (AIR) incidents and Opportunities for Improvement (OFI's). 

    Human Resources

    Where the 'Human Resources' privilege has been granted for specific Sites and Services:

    Staff can see all tabs, other than the 'User Details' tab, in the Staff Accounts of those Staff who work in the Sites/Services which this Staff member has been granted this privilege for: 

    This means they can record and access required personnel information and use the Human Resources functionality within SupportAbility.

    Please review additional information in the Human Resources for ALL Staff section above regarding exceptions to this access. 

    Document Manager

    Where the 'Document Manager' privilege has been granted for specific Sites and Services:

    Staff can upload and manage Documents in the Document Management System (DMS) in SupportAbility for the Sites/Services they have this role granted for. 

    The DMS can be used to manage internal policies, procedures and forms for example. For further information regarding the Document Management System, please review the videos included in the Features tab > DMS sub-section of the Learning Centre:

    Return to Summary


    Primary

    Whether a Staff member works in one or multiple Services, it is important to set one of the Services as their 'Primary' Service so that it appears as the default selection for them when entering information in SupportAbility.


    Setting a Date range for Site/Services

    Entering a date range for Site/Services in Staff Accounts is not required when Staff regularly work in a Site/Service on an ongoing basis. 

    A date range may be added to reflect the period in which a Staff member is temporarily working in a Site/Service if this is for a limited period, or when a Staff member ceases working in a Service.  Adding an end date restricts ongoing access to Client records who participate in that Service. Once the end date has passed the Staff member will no longer be able to access Client records who participate in that Service. The Staff member will however still be able to access records of Clients who also participate in another Service which the Staff member currently has access to, or the Staff member has additional global Security privileges.

    Services which have an 'end date' selected and that date is in the past, the relevant line item will be greyed out:

    Return to Summary

Still need help? Contact Us Contact Us