There are five permissions layers that operate in a hierarchy to control the programs and features to which a user has access in AWARDS. These layers, in order of how they are checked when determining access, are: Individual, User Group, Work Role, Job Title, and Global.
When a login is created, the new user gets default permissions based on the explicitly granted (checked off) or denied (unchecked) permissions in the layers above Individual. Once granted or denied permissions are located on a layer, the subsequent layers are not checked and the default permissions are set.
NOTE: The Job Title layer is an exception to this rule. If permissions are found on that layer, the system takes those permissions into account when determining access; however, it still checks the next layer as well.
This diagram shows the order of layer checks in single agency non-divisional AWARDS databases.
When working in a multi-agency, HMIS, or single agency divisional database, each permissions layer above the Individual layer may be checked twice - once for the user's division, and if there are no permissions for any of the layers on that level, once for the continuum, as shown here.
A new user's default permissions control his or her access to program records and AWARDS functionality, and can be seen the first time his or her Individual permissions layer is opened. Once an update is completed on the new user's Individual layer, the default permissions no longer apply, and access is based solely on any explicitly granted or denied Individual layer permissions and any work role requirements.
TIP: If at any time it is necessary to remove assigned permissions for a user or a permissions layer so that the layers above it determine access, the Remove Permissions feature is available. For more information on using this feature, see the Removing Permissions portion of the Maintaining User Permissions page.
Additional information on each permissions layers is provided below. To skip to the detail for a specific layer, click its name here:
The Individual permissions layer is composed of those permissions assigned to or denied for a specifically selected user(s). This layer overrides any permissions that may apply to the user on other layers, unless one or more of the following conditions apply:
The user's login was just created and the Individual permissions layer has not yet been updated for him or her.
NOTE: An update is defined as any time the Individual permissions for a user are opened and the UPDATE PERMISSIONS button is clicked, regardless of whether any actual changes are made.
Assigned permissions have been removed for the user on the Individual layer using one of the Remove Permission options, without clicking UPDATE PERMISSIONS so that permissions inherited from higher layers are re-applied.
The Role Required option has been set for internal audit message permissions on the Work Role layer, the user does not have any of the required roles, and he or she has not been given the NO Role Required exception for those permissions on the Individual layer.
When working with the Individual layer, please note that it allows for the updating of all permissions for all users at once; however, the functionality works best if you limit the data entry to updating all permissions for one user, or one permission for all users.
The User Group permissions layer works with the user group assignment made for each user at the time his or her AWARDS login is created, or during subsequent user group re-assignments made with the System Setup module, Login Maintenance, Update User Group feature. When assigning permissions on this layer, the user group selection list is comprised of all user groups, both default groups and user-defined groups (created with the Configure User Groups functionality), regardless of whether those groups presently have any members. For information on creating user groups or updating user group assignments click here. For information on assigning default permissions to a user group, please click here.
NOTE: Permissions in the User Group layer are overridden if the Individual layer of permissions has been updated for the user in question.
The Work Role permissions layer is primarily used with the Internal Audit Message permissions type to determine who is included on the cc list for those messages. It works with each user's role in relation to individual clients or programs within the AWARDS database. Available work role selections are as follows:
NOTE: A user may have multiple roles, in which case he or she need only have permission for one of those roles to be granted access to a program, message, or feature if the corresponding permission is set for that role.
Line Staff - Users who do not supervise anyone.
All Supervisors - Users who supervise one or more employees.
Direct Care Supervisors - Users who supervise one or more primary service coordinators.
NOTE: When an internal audit message is set to be distributed to users with the "Direct Care Supervisor" work role, the messages are not limited to those relating to clients on the caseload of the worker's supervisees.
Primary Service Coordinator - Users who are assigned as the primary service coordinator for one or more clients in at least one program (excluding training or test programs).
NOTE: When an internal audit message is set to be distributed to users with the "Primary Service Coordinator" work role, the number of coordinators in the program who receive that message will vary. For example, if the message is about one client (such as charting timetable reminder notices) it will be sent to only the client's primary service coordinator. If the message is about the program (such as keyword scan notices) it will be sent to all primary service coordinators in the program. An exception to this is for residence change notifications which, though regarding a single client, are sent to all primary service coordinators in the program.
Counterpart Primary Service Coordinator - Users who are the primary service coordinator for clients who are also on the census of another program. (When a user has this role, he or she is the counterpart coordinator for the client with respect to the other program.)
Program Director/Deputy - Users who are assigned as the Director or Deputy Director of a program using the System Setup module, Agency Program Information, Configure Administration feature. (Director/Deputy assignments can also be made using the Program/Site Administration link located on the Permissions Selection page.)
NOTE: When an internal audit message is set to be distributed to users with the "Program Director/Deputy" work role, the number of directors and deputies who receive that message will vary. For example, medical appointment reminders are not considered to "belong" to a specific program, and are therefore sent to all directors/deputies of any program whose roster includes the client for whom the notice was generated.
All Users with Chart Access - Users with chart access who are not primary service coordinators, supervisors, or program directors.
TIP: Supervisor assignments are made from within each employee's staff information record in the Human Resources module. Service coordinator assignments are made from within the Services - Individual module's Service Coordinators feature.
When updating permissions on the Work Role layer, there is a "Role Required" option available for some internal audit message permissions. When the Role Required option is checked off, a user will only be on the cc list for the message if he or she has the specified role AND the Individual layer permission for that message. A user can be exempt from this work role requirement for messages if the "NO Role Required" option is checked off for those messages on the user's Individual layer. If the user is not exempt, the role requirement will either be in relation to the client (if the message is about an individual) or in relation to the program (for all other role required messages).
The Job Title permissions layer works with the job title information entered for each user in his or her staff information record in the Human Resources module. When assigning permissions on this layer, the job title selection list contains all job titles currently in place in at least one staff information record.
NOTE: For new or existing users whose Individual layer permissions have not yet been updated, default permissions are set during a check of the permissions layers above Individual, beginning with User Group. Once granted or denied permissions are located on a layer, the permissions check stops, default permissions are set, and subsequent layers are not checked. The Job Title layer is an exception to this rule. Unlike with other layers, if, during the course of the check permissions are found on the Job Title layer, the check does not stop. Instead, the system takes the Job Title layer settings into account when determining access, but still continues on to check the next layer(s) as well.
NOTE: Permissions in the Job Title layer are overridden if any of the permissions layers below it (Individual, User Group, or Work Role) have been updated for the user in question.
The Global permissions layer is composed of those permissions assigned to or denied for all users in the AWARDS database.
NOTE: When working in a multi-agency, HMIS, or single-agency divisional database, global permissions can be assigned either to the entire continuum, or to a specifically selected division within the continuum. These assignments can only be made by "Continuum Staff." Users assigned to a specific agency within their staff information records in the Human Resources module will not see the Global selection in the Layer drop-down list.