Staff Account Privileges
This article discusses the various Staff Account privileges available to grant Staff specific levels of access in SupportAbility. How access is granted, along with Security privileges and how to limit access to the Sites and Services where the Staff Member works in the organisation is also covered.
Audience: Authorised Representatives, HR Specialist, Team Leaders, or anyone tasked with creating or updating Staff Accounts.
The following list summarises the content within this article. Click on the links below to take you to the relevant sections:
- How is access in SupportAbility granted?
- Security privileges
- User is Active
- User is a Manager
- View Financial Information
- Edit User Accounts
- Allow Remote Access
- Edit System Preferences
- Edit Locked Journals
- Delete Records
- Global (ALL) privileges
- Sites and services where this staff member works
- Privileges required to access Reports in SupportAbility
How is access in SupportAbility granted?
There are two areas in the user details tab of a Staff account where access is granted, Security privileges and Sites and services where this staff member works.
Security privileges are where Staff accounts are made active or inactive, however, most other settings in this section are for Staff requiring high levels of access and edit functionality for specific areas of SupportAbility, including global privileges.
Sites and services where this staff member works is where access and edit functionality is granted according to the specific areas of the organisation the Staff member works in, as itemised in Staff Accounts.
As you review each of the different types of privileges in this article, it is important to note that the high-level 'global' Security privileges operate in lieu of itemising the Sites and Services where a Staff member works.
For example, if a Staff member has been granted the 'Team Leader for ALL Services' global Security privilege, this grants them Team Leader access and functionality for all Services across your organisation and therefore Sites and Services do not need to be itemised separately.
If a Staff Member requires Team Leader access for a select Service at a particular Site, then this can be itemised e.g. Day Services @ Melbourne (HQ) Site, and the 'Team Leader' privilege may be granted for this Site/Service only:
The purpose and functionality of each of the Security Privileges are outlined here. The Staff Account Privileges video also outlines the various privileges and related access & functionality.
User is Active
When a new Staff Account is created the 'User is Active' by default. This is the only access privilege which is granted by default. When the 'User is Active' setting is deselected, this results in the Staff Account being Inactive. Inactivating the Staff Account is required when a Staff member leaves your organisation.
An active Staff Account means the individual can be rostered into activities and can have Human Resources information saved in their record. All current Staff in your organisation should have this turned on, provided they need access to SupportAbility. Keep in mind that each active Staff Account forms part of your organisation’s license seat quota. Please note the 'SupportAbility' user account does not contribute to your licence seat quota.
An active user account grants the individual the ability to log into the system, as long as their username and password have been provided. When a Staff member leaves your organisation, their Staff Account does not need to be deleted. Simply turn this active setting off to immediately revoke their access whilst maintaining the audit trail of what they have completed historically.
N.B. The Deactivating a Staff Account article, linked below for reference, outlines the considerations and required actions in SupportAbility when a Staff member leaves an organisation. Several actions are required to be completed by your organisation in SupportAbility as part of managing the exit process. We recommend completing these prior to making a Staff Account inactive, where possible, so the actions can easily be completed.
User is a Manager
The ‘User is a Manager’ privilege grants access to information flagged as ‘managers only’ such as:
- specific uploaded documents,
- journal entries,
- client warnings,
- behaviours, and
- medical conditions.
Manager level access only applies to the records the user has access to. For example, a Staff member with access to selected Sites and Services e.g. Day Service at the Melbourne Site will only be able to see things set as ‘Managers Only’ for Clients who participate in the Day Service at the Melbourne Site.
A Staff member with the 'Edit Client Records Across All Services' privilege, however, will be able to see things set as ‘Managers Only’ for all Clients, across all Sites/Services.
We recommend that only Staff with managerial responsibilities in your organisation have the 'User is a Manager' privilege as a point of escalation.
View Financial Information
The ‘View Financial Information’ privilege grants Staff access to view and edit financial information in SupportAbility.
Staff require this privilege in combination with either the 'Edit Client Records Across ALL Services' privilege OR 'Team Leader for ALL Services' privilege to access the 'Finance' menu on the Dashboard. This is where NDIS Bulk Payment Requests (BPRs), Invoice Batches, Time Sheet Batches and related Reports are generated.
Those with only the 'View Financial Information' privilege will be able to access financial information as follows, for those Clients they have access to:
- access the 'Funding' tab in a Client record and create and edit Client Funding records
- see NDIS Support Item rates in the NDIS Support Allocations window from an Activity
- access the 'Client Funding Search' from the Reports menu
Edit User Accounts
The ‘Edit User Accounts’ privilege allows Staff with this access to create and edit Staff Accounts. This provides the individual access to the User Details tab of a Staff Account and to add, or update usernames, passwords, and privileges.
This Staff member will only be able to grant other Staff the same privileges or less than the ones they have themselves. We recommend that only a limited number of Staff within an organisation have this level of access.
Allow Remote Access
SupportAbility does not restrict remote access by default, thereby all Staff can access SupportAbility remotely provided the two levels of security are entered (shared username & password, and individual username & password).
If your organisation chooses to restrict remote access to a limited number of Staff, then the following two actions must be completed:
- configure a whitelist of allowable static public IP addresses in SupportAbility
- activate the 'Allow Remote Access' privilege in the relevant Staff Accounts.
When this privilege has been activated in individual Staff Accounts, it grants Staff the ability to access SupportAbility from outside a registered network. Please note that this privilege is only relevant and required when access has been restricted to a specific network in your installation. The Restricting Remote Access article in our Knowledge Base (linked below) provides further information regarding this.
If access has been restricted as outlined, we recommend granting this privilege to only Staff who need access to SupportAbility outside your organisation's network, as it can pose a potential privacy threat if private Client information can be seen whilst they are in public for example.
Edit System Preferences
Staff with the ‘Edit System Preferences’ privilege have the ability to configure your organisation’s SupportAbility installation via System Preferences. We recommend that this privilege is centralised where possible and only the Authorised Representatives and senior managerial Staff in an organisation have this level of access.
Edit Locked Journals
This privilege allows the Staff member to edit Client Journals that have been automatically locked by the system as per how this setting has been configured. We generally do not recommend granting this role to anyone at an organisation. This privilege is not automatically granted to an organisation's Authorised Representatives upon commencement with SupportAbility.
However, if it is absolutely required, special authorisation must be provided in order for us to assign this. This authorisation must be advised via a letter on company letterhead, signed by your organisation's Director/CEO, confirming who the 'Edit Locked Journals' Staff Account Privilege is approved for.
The ‘Delete Records’ privilege grants the Staff member the ability to delete all types of system records.
WARNING! This privilege gives Staff the ability to delete records which contain a lot of important information, the outcome, therefore, being extensive and significant. Records are rarely recoverable, and to even investigate doing so, this must be done under a paid support contract.
We recommend that this level of access is limited to one or two senior Staff in your organisation. Staff will only be able to grant other Staff the same privileges or less than the ones they have themselves.
Most of our subscribers limit this to their Authorised Representatives and many prefer not to have anyone with this privilege and instead contact our Customer Success team via email@example.com if any records require deletion. When this privilege is required for Staff outside of your organisation's Authorised Representatives, special authorisation must be provided in order for us to assign this, as per the 'Edit Locked Journals' privilege authorisation.
Global (ALL) Privileges
The next four settings are global privileges that when granted, give Staff this level of access across the entire organisation. It is important to note that these settings can be restricted down to the specific Sites and Services that Staff members work at when they do not require organisational wide level access. This is covered further in the next section.
Human Resources For ALL Staff
The ‘Human Resources for ALL Staff’ privilege grants access for Staff to view and manage human resources (HR) information for ALL Staff across the organisation.
Can Staff see their own Human Resources information?
By default, Staff cannot see their own Human Resources details. The only exception to this is if the Staff member has been granted the 'Administrator' privilege AND the 'Administrators Can Access Their Own HR Details' system setting has been activated, thereby allowing that Staff Member the ability to access their own HR information. Please note that these settings are only visible to SupportAbility, and only the team at SupportAbility can enable these settings on your behalf. If this is required, please contact us at firstname.lastname@example.org.
N.B. When provisioning a new installation, the Authorised Representatives at that time, are automatically granted the 'Administrator' privilege.
We generally recommend that only the executive and required human resources Staff in your organisation have this privilege as it allows them to access potentially sensitive Staff information.
Restricting HR Information
Additionally, if your organisation wishes to limit access to a particular Staff Account, for example, due to sensitive information, this can be achieved through a setting on the 'Human Resources' tab of that Staff Account called 'Restrict HR information':
When this setting has been applied, ONLY Staff with the 'Human Resources For ALL Staff' Security privilege can access the Human Resources information for this Staff member.
Staff with the 'Human Resources' privilege for the Site/Services this Staff member works at, will not be able to access the Human Resources information for this Staff Account when this setting has been applied.
Team Leader for ALL Services
The ‘Team Leader for ALL Services’ privilege grants Staff access to ALL Client and ALL Staff records across the organisation, as well as the ability to view and manage the following functionality for ALL Site/Services:
- View the Dashboards of ALL Staff members. 'Show Dashboard for' view can be filtered by 'All Staff' or an individual 'Site' or 'Staff Member'.
- Access and edit information in the following tabs in a Staff Account: Availability, Training, and the Learning Centre Log.
- Filter the Roster to view 'All Services', or view for an individual 'Site', 'Service' or 'Staff Member'.
- View Journals for Clients participating in ALL Services, that have been marked for 'Team Leaders Only'.
- Along with the author, Team Leaders have the ability to edit Client Journals that have been created before they are locked.
- Create, edit and manage Activities. This includes adding Clients to an Activity, Rostering Staff, updating the Client's Funding Source e.g. to their NDIS Funding and checking the 'No Charge' setting where applicable.
- Perform the Activity Sign Off thereby approving Client's NDIS Support Allocations and Staff Timesheet data in readiness for Finance and/or Payroll processing.
- Accept or reject Organisation Accident Incident Register (AIR) incidents and Opportunities for Improvement (OFI's).
Edit Client Records Across ALL Services
The ‘Edit Client Records Across ALL Services’ privilege grants Staff access to view and edit ALL Client records across the organisation.
N.B. When a Staff member has both 'Edit Client Records Across ALL Services' and the 'Team Leader for ALL Services' privilege the user works across all Services and as a result, their Dashboard filter will default to 'All Staff'.
Document Manager Across ALL Services
The ‘Document Manager Across ALL Services’ privilege grants Staff the ability to create, edit, delete and grant permissions for Documents and document folders in the Document Management System (DMS) across the organisation. Please view the videos in the Learning Centre available in the Features tab under the DMS subsection for more information:
Sites and services where this staff member works
The Creating Staff Accounts video reviews four existing Staff accounts and the privileges required for their respective roles, along with stepping through the process of creating Staff accounts.
It is the Sites and Services in common, as itemised in Staff Accounts and Client records, which grants Staff access to, and edit functionality within Client records.
For example, the Sites and Services listed in the 'Client Service Participation' section of a Client record:
and those itemised in the 'Sites and services where this staff member works' section on the 'User Details' tab of a Staff account:
N.B. In the above example, the Staff member works in two different Services at the one Site. This means that the Staff member can access and edit the records of Clients that participate in each of these Services, but would not be able to access and edit Client records for other Services managed from this Site.
Administration [ALL SERVICES]
The 'Administration' Service is included by default in all installations of SupportAbility.
When 'Administration [ALL SERVICES]' is itemised at a particular Site in the 'Sites and services where this staff member works' section of a Staff Account, this grants the Staff member access to ALL SERVICES delivered and/or managed from that Site.
Ideally, Sites and Services should be configured to itemise the specific individual Services where a Staff member works. Multiple line items may be necessary to reflect the different Services when Staff work in multiple Services at a Site:
We recommend limiting the level of access granted by 'Administration [ALL SERVICES]' to only those Staff e.g. Managers, who require high-level access across all Services at a particular Site. Most Staff only need access to a select few Services delivered at a Site, and these must, therefore, be itemised separately.
For example, Mary works at two Sites, Melbourne HQ and Smith House. She works in multiple Services at the Smith House Site and these have been itemised separately. Mary also manages the Melbourne HQ Site, and requires access to all Services delivered from that Site, therefore 'Administration [ALL SERVICES]' at the Melbourne HQ Site has been granted:
She has also been granted the 'Team Leader' & 'Human Resources' privileges for this Site, which provide her with additional functionality as outlined below.
Restricted role-based privileges
The Team Leader, Human Resources and/or Document Manager privileges in SupportAbility can be granted for Staff members based on the specific Site/Services they work in and the functionality they need.
Where the 'Team Leader' privilege has been granted for specific Sites and Services:
This gives the Staff member the ability to access Client and Staff records for the specified Site/Service/s, as well as the ability to view and manage the following functionality, for the Site/Service/s they have the Team Leader privilege for:
- View the Dashboards of Staff members working at this Site/Service. 'Show Dashboard for' view can be filtered by any one of these individual Staff Members.
N.B. When a Staff Member has been granted the 'Team Leader' privilege for 'Administration [ALL SERVICES]' at a Site, they will be able to filter the Dashboard view by the Site holistically, or by an individual Staff Member who works in any of the Services delivered at this Site.
- Access and edit information in the following tabs of Staff Accounts: Availability, Training, and the Learning Centre Log.
- Filter the roster to view it for individual Staff Members.
N.B. When a Staff Member has been granted the 'Team Leader' privilege for 'Administration [ALL SERVICES]' at a Site, they will be able to filter the Roster by Site holistically, an individual Service delivered at this Site, or individual Staff Member working at any of the Services delivered at this Site.
- View Client Journals for this Site/Service, that have been marked for 'Team Leaders Only'.
- Along with the author, Team Leaders have the ability to edit Client Journals for this Site/Service that have been created before they are locked.
- Create, edit and manage Activities for this Site/Service. This includes adding Clients to an Activity, updating the Client's Funding Source e.g. to their NDIS Funding and checking the 'No Charge' setting where applicable.
- Perform the Activity Sign Off for Activities related to this Site/Service, thereby approving Client's NDIS Support Allocations and Staff Timesheet data in readiness for Finance and/or Payroll processing.
- Accept or reject Organisation Accident Incident Register (AIR) incidents and Opportunities for Improvement (OFI's) related to this Site/Service.
Where the 'Human Resources' privilege has been granted for specific Sites and Services:
Staff can see all tabs, other than the 'User Details' tab, in the Staff Accounts of those Staff who work in the Sites/Services which this Staff member has been granted this privilege for:
This means they can record and access required personnel information and use the Human Resources functionality within SupportAbility.
Please review additional information in the Human Resources for ALL Staff section above regarding exceptions to this access.
Where the 'Document Manager' privilege has been granted for specific Sites and Services:
Staff can upload and manage Documents in the Document Management System (DMS) in SupportAbility for the Sites/Services they have this role granted for.
The DMS can be used to manage internal policies, procedures and forms for example. For further information regarding the Document Management System, please review the videos included in the Features tab > DMS sub-section of the Learning Centre:
Privileges required to access Reports in SupportAbility
The Reports menu is visible to all Staff Members on their Dashboard:
However, not all Reports within this menu are accessible to everyone, with some requiring specific privileges to access them, and the results List generated by Searches and Reports is limited to the access the Staff member has granted in their Staff Account.
Report/Search results determined by Site/Service access and Security privileges
The privacy of Client information and Staff Accounts is managed at the Site/Service level or via high-level or global Security privileges as configured in Staff Accounts.
This means that even though a Staff Member may have access to a Report or Search within the Reports menu, the results generated in these Reports and Searches will be limited to those records which the Staff Member has access to:
- For example, Staff member Abel only works in 'Day Services' at the 'Melbourne (HQ)' Site as listed in his Staff Account and he has not been granted any high-level privileges, so when generating Reports the List results will only display those records related to 'Day Services'.
- Staff member Carter, however, has 'Administration [ALL SERVICES]' at the 'Melbourne (HQ)' Site listed in his Staff Account, and therefore when generating Reports the List results will display records related to ALL Services at the 'Melbourne (HQ)' Site.
- Staff member Athena has the 'Team Leader for ALL Services' global Security privilege granted in her Staff Account, and when generating Reports the List results will display records related to ALL Services across the organisation.
Restricted access to Reports - managed via specific Security Privileges
In addition to the above restrictions, some Reports require specific Staff Account privileges to access, generate and view them, as follows:
- Client Funding Search - requires the 'View Financial Information' privilege:
- All Reports and other features in the 'Staff Reports' section - require the 'Human Resources For ALL Staff' privilege:
- Victorian HACC MDS Export - requires both the 'View Financial Information' as well as the 'Edit Client Records Across ALL Services' privilege