Staff Account Privileges

This article discusses the various Staff Account privileges available to grant Staff specific levels of access in SupportAbility. How access is granted,  along with Security privileges and how to limit access to the Sites and Services where the Staff Member works in the organisation is also covered. 

Audience: Authorised Representatives, HR Specialist, Team Leaders, or anyone tasked with creating or updating Staff Accounts


Summary

The following list summarises the content within this article. Click on the links below to take you to the relevant sections:


How is access in SupportAbility granted?

There are two areas in the user details tab of a Staff account where access is granted,  Security privileges and Sites and services where this staff member works.

Security privileges are where Staff accounts are made active or inactive, however, most other settings in this section are for Staff requiring high levels of access and edit functionality for specific areas of SupportAbility, including global privileges. 

Sites and services where this staff member works is where access and edit functionality is granted according to the specific areas of the organisation the Staff member works in, as itemised in Staff Accounts.

As you review each of the different types of privileges in this article, it is important to note that the high-level 'global' Security privileges operate in lieu of itemising the Sites and Services where a Staff member works.  

For example, if a Staff member has been granted the 'Team Leader for ALL Services' global Security privilege, this grants them Team Leader access and functionality for all Services across your organisation and therefore Sites and Services do not need to be itemised separately. 

If a Staff Member requires Team Leader access for a select Service at a particular Site, then this can be itemised e.g. Day Services @ Melbourne (HQ) Site, and the 'Team Leader' privilege may be granted for this Site/Service only: 

Return to Summary


Security Privileges 

The purpose and functionality of each of the Security Privileges are outlined here. The Staff Account Privileges video also outlines the various privileges and related access & functionality. 

User is Active

When a new Staff Account is created the 'User is Active' by default. This is the only access privilege which is granted by default. When the 'User is Active' setting is deselected, this results in the Staff Account being Inactive. Inactivating the Staff Account is required when a Staff member leaves your organisation. 

An active Staff Account means the individual can be rostered into activities and can have Human Resources information saved in their record. All current Staff in your organisation should have this turned on, provided they need access to SupportAbility. Keep in the mind that each active Staff Account forms part of your organisation’s license seat quota. Please note the 'Envision Systems' user account does not contribute to your licence seat quota. 

An active user account grants the individual the ability to log into the system, as long as their username and password has been provided. When a Staff member leaves your organisation, their Staff Account does not need to be deleted. Simply turn this active setting off to immediately revoke their access whilst maintaining the audit trail of what they have completed historically.

User is a Manager

The ‘User is a Manager’ privilege grants access to information flagged as ‘managers only’ such as:

  • specific uploaded documents,
  • journal entries,
  • client warnings,
  • behaviors, and
  • medical conditions.

Manager level access only applies to the records the user has access to. For example, a Staff member with access to selected Sites and Services e.g. Day Service at the Melbourne Site will only be able to see things set as ‘Managers Only’ for Clients who participate in the Day Service at the Melbourne Site.

A Staff member with the 'Edit Client Records Across All Services' privilege, however, will be able to see things set as ‘Managers Only’ for  all Clients, across all Sites/Services.

We recommend that only Staff with managerial responsibilities in your organisation have the 'User is a Manager' privilege as a point of escalation.

View Financial Information

The ‘View Financial Information’ privilege grants Staff access to view and edit financial information in SupportAbility. 

Staff will require this privilege to: 

  • create and edit client funding records, 
  • see NDIS support item rates, and 
  • generate various reports related to financials.

Similar to the ‘User is a Manager’ privilege, Financial information access only applies to the Client records the user has access to. Staff who are required to generate invoices, NDIS Bulk Payment Requests and/or timesheet batches require this privilege and access to all Clients granted via the 'Edit Client Records Across ALL Services' global privilege.

Edit User Accounts 

The ‘Edit User Accounts’ privilege allows Staff with this access to create and edit Staff Accounts. This provides the individual access to the User Details tab of a Staff Account and to add, or update usernames, passwords, and privileges. 

This Staff member will only be able to grant other Staff the same privileges or less than the ones they have themselves. We recommend that only a limited number of Staff within an organisation have this level of access.

Allow Remote Access

SupportAbility does not restrict remote access by default, thereby all Staff can access SupportAbility remotely provided the two levels of security are entered (shared username & password, and individual username & password).  

If your organisation chooses to restrict remote access to a limited number of Staff, then the following two actions must be completed:

  • configure a whitelist of allowable static public IP addresses in SupportAbility
  • activate the 'Allow Remote Access' privilege in the relevant Staff Accounts.

When this privilege has been activated in individual Staff Accounts, it grants Staff the ability to access SupportAbility from outside a registered network. Please note that this privilege is only relevant and required when access has been restricted to a specific network in your installation. The Restricting Remote Access article in our Knowledge Base (linked below) provides further information regarding this.

If access has been restricted as outlined, we recommend granting this privilege to only Staff who need access to SupportAbility outside your organisation's network, as it can pose a potential privacy threat if private Client information can be seen whilst they are in public for example.

Edit System Preferences

Staff with the ‘Edit System Preferences’ privilege have the ability to configure your organisation’s SupportAbility installation via System Preferences. We recommend that this privilege is centralised where possible and only the Authorised Representatives and senior managerial Staff in an organisation have this level of access.

Edit Locked Journals

This privilege allows the Staff member to edit Client Journals that have been automatically locked by the system as per how this setting has been configured. We generally do not recommend granting this role to anyone at an organisation. This privilege is not automatically granted to an organisation's Authorised Representatives upon commencement with SupportAbility. 

However, if it is absolutely required, special authorisation must be provided in order for us to assign this.   This authorisation must be advised via a letter on company letterhead, signed by your organisation's Director/CEO, confirming who the 'Edit Locked Journals' Staff Account Privilege is approved for.

Delete Records

The ‘Delete Records’ privilege grants the Staff member the ability to delete all types of system records.

WARNING! This privilege gives Staff the ability to delete records which contain a lot of important information, the outcome, therefore, being extensive and significant. Records are rarely recoverable, and to even investigate doing so, this must be done under a paid support contract.

We recommend that this level of access is limited to one or two senior Staff in your organisation. Staff will only be able to grant other Staff the same privileges or less than the ones they have themselves.

Most of our subscribers limit this to their Authorised Representatives and many prefer not to have anyone with this privilege and instead contact our Customer Success team via support@supportability.com.au if any records require deletion. When this privilege is required for Staff outside of your organisation's Authorised Representatives, special authorisation must be provided in order for us to assign this, as per the 'Edit Locked Journals' privilege authorisation.

Return to Summary


Global (ALL) Privileges

The next four settings are global privileges that when granted, give Staff this level of access across the entire organisation. It is important to note that these settings can be restricted down to the specific Sites and Services that Staff members work at when they do not require organisational wide level access. This is covered further in the next section. 

Human Resources For ALL Staff 

The ‘Human Resources for ALL Staff’ privilege grants access for Staff to view and manage human resources (HR) information for ALL Staff across the organisation.

Can Staff see their own Human Resources information?

By default, Staff cannot see their own Human Resources details. The only exception to this is if the Staff member is a SupportAbility system Administrator AND a systems setting allowing them to access their own HR information is activated. Please note only the team at SupportAbility can enable these settings. If this is required, please contact us at  support@supportability.com.au.

We recommend that only the executive and required human resources Staff in your organisation have this privilege as it allows them to access potentially sensitive Staff information.

Restricting HR Information

Additionally, if your organisation wishes to limit access to a particular Staff Account, for example, due to sensitive information, this can be achieved through a setting on the 'Human Resources' tab of that Staff Account called 'Restrict HR information':

When this setting has been applied, ONLY Staff with the 'Human Resources For ALL Staff' Security privilege can access the Human Resources information for this Staff member.   

Staff with the 'Human Resources' privilege for the Site/Services this Staff member works at, will not be able to access the Human Resources information for this Staff Account when this setting has been applied. 

Team Leader for ALL Services  

The ‘Team Leader for ALL Services’ privilege grants Staff the ability to:

  • See the Dashboards of other members of their team; Staff members that work in the same Site/Services as itemised in Staff accounts.
  • Access to the following tabs in the Staff members record for members of their team: Availability, Training, and the Learning Centre Log.
  • Filter the Roster to view across the Site/Service and for other members of their team.
  • View Journals that have been marked for 'Team Leaders' only for Clients that participate in the same Site/Services, as itemised in their Staff account. 
  • Along with the author, Team Leaders have the ability to edit Client Journals that have been created before they are locked. 
  • Create, edit and manage Activities. This includes adding Clients to an Activity, updating their Funding Source e.g. to their NDIS Funding and checking the 'No Charge' setting where applicable. 
  • Sign Off i.e. approve Activities for that Site/Service; approving Client's NDIS Support Allocations and Staff Timesheet data ready for Finance and/or Payroll.
  • Accept or reject Organisation Accident Incident Register (AIR) incidents and Opportunities for Improvement (OFI's). 

Edit Client Records Across ALL Services

The ‘Edit Client Records Across ALL Services’ privilege grants Staff access to view and edit ALL Client records across the organisation. 

N.B. When a Staff member has both 'Edit Client Records Across ALL Services' and the 'Team Leader for ALL Services' privilege the user works across all Services and as a result, their Dashboard filter will default to 'All Staff'.

Document Manager Across ALL Services 

The ‘Document Manager Across ALL Services’ privilege grants Staff the ability to create, edit, delete and grant permissions for Documents and document folders in the Document Management System (DMS) across the organisation. Please view the videos in the Learning Centre available in the Features tab under the DMS subsection for more information: 

Return to Summary


Sites and services where this staff member works 

The Creating Staff Accounts video reviews four existing Staff accounts and the privileges required for their respective roles, along with stepping through the process of creating Staff accounts. 

It is the Sites and Services in common, as itemised in Staff Accounts and Client records, which grants Staff access to, and edit functionality within Client records. 

I.e. the Sites and Services listed in the 'Client Service Participation' section of a Client record:

And those itemised in the 'Sites and services where this staff member works' section on the 'User Details' tab of a Staff account:

In the above example, the Staff member works in two different Services at the one Site. This means that the Staff member can access and edit the records of Clients that participate in each of these Services, but would not be able to access and edit Client records for other Services managed from this Site.

Return to Summary


Administration [ALL SERVICES]

The Administration [ALL SERVICES] Site is included in all installations of SupportAbility and appears by default when adding a new Site/Service to a Staff Account.

Sites and Services should be configured to itemise the specific and individual Services where a Staff member works.  Multiple line items may be necessary to reflect the different Services at a Site when Staff work in multiple Services.

When 'Administration [ALL SERVICES]' is itemised at a particular Site, this grants the Staff member access to ALL SERVICES delivered and/or managed from that Site. 

We recommend limiting this level of access to only those Staff e.g. Managers, who require high-level access across all Services at a particular Site. Most Staff only need access to a select few Services delivered at a Site, and these must, therefore, be itemised separately. 

For example, Abel works at two Sites in multiple Services which have been itemised in his Staff Account.  As he manages the Smith House Site, he has therefore been granted access to 'ALL SERVICES' at Smith House via the 'Administration [ALL SERVICES]' Service: 

He has also been granted the 'Team Leader' & 'Human Resources' privileges for this Site, which provide him with additional functionality as outlined below.


Restricted role-based privileges

The Team Leader, Human Resources and/or Document Manager privileges in SupportAbility can be granted for Staff members based on the specific Site/Services they work in and the functionality they need. 


Team Leader

Where the 'Team Leader' privilege has been granted for specific Sites and Services:

This gives them the ability to:

  • See the dashboards of other members of their team; Staff members that work in the same Site/Services.
  • Access to the following tabs in the Staff accounts of other members of their team; Availability, Training and the Learning Centre Log.
  • Filter the roster to view across the Site/Service and for other members of their team.
  • Ability to see Journals that have been marked for 'Team Leaders' for Clients that participate in the same Site/Services. 
  • Along with the author, Team Leaders have the ability to edit Client Journals that have been created before they are locked. 
  • Create, edit and manage Activities delivered for this Service from this Site. This includes adding Clients to an Activity, updating their Funding Source e.g. to their NDIS Funding and checking the 'No Charge' setting where applicable. 
  • Sign Off i.e. approve Activities for that Site/Service; approving Client Funding allocations and Staff Timesheet data ready for Finance and/or Payroll.
  • Accept or reject Organisation Accident Incident Register (AIR) incidents and Opportunities for Improvement (OFI's). 

Human Resources

Where the 'Human Resources' privilege has been granted for specific Sites and Services:

Staff can see all tabs, other than the 'User Details' tab, in the Staff Accounts of those Staff who work in the Sites/Services which this Staff member has been granted this privilege for: 

This means they can record and access required personnel information and use the Human Resources functionality within SupportAbility.

Please review additional information in the Human Resources for ALL Staff section above regarding exceptions to this access. 


Document Manager

Where the 'Document Manager' privilege has been granted for specific Sites and Services:

Staff can upload and manage Documents in the Document Management System (DMS) in SupportAbility for the Sites/Services they have this role granted for. 

The DMS can be used to manage internal policies, procedures and forms for example. For further information regarding the Document Management System, please review the videos included in the Features tab > DMS sub-section of the Learning Centre:

Return to Summary

Still need help? Contact Us Contact Us