Maintaining User Permissions







Previous Topic  Next Topic 

All permissions maintenance takes place within the System Setup module Permissions Maintenance feature, including the following common data entry tasks:

Updating Permissions - Follow this process to grant or deny specific permissions on a single layer for yourself or others, either individually or in a batch.

Removing Permissions - Follow this process to remove some or all permissions on a selected layer so that they can instead be inherited from another, higher, permissions layer.

IMPORTANT! When determining which of the above procedures you would like to review, please keep in mind that removing permissions is distinct from unchecking individual permissions - the latter of which happens during the updating permissions process. Unchecking a permission (followed by clicking update) denies access to the corresponding feature or functionality on the permissions layer on which it is unchecked. Conversely, removing permissions from a layer may or may not result in the user(s) being denied access to the corresponding features and functionality. Instead it will result in the user(s) inheriting the permissions from other, higher, permissions layers on which they may currently be granted (checked off) or denied (unchecked).

  Updating Permissions

To update permission assignments for yourself or others, complete the following steps from the AWARDS Home screen:

    1. From the AWARDS Home screen, click Administration from the left-hand menu, and then click System Setup.  The System Setup fly-out menu is displayed.
    2. Click Permissions Maintenance.  The Permissions Selection page is displayed.

    1. Narrow record selection by configuring the options on this page:

  Permissions Type - Click this drop-down arrow and select the type of permission for which permissions assignments are to be updated.  Available selections are:  "All Except Internal Audit Messages," "Internal Audit Messages," "Program Chart Access," "Data Entry/Access," "Exception Override," and "All Types."

  TIP: An optional permission type - "Cross Chart Access" - may also be available in some databases.  For more information on this permission type, please click here.

  Permissions Layer - Click this drop-down arrow and select the layer of permissions for which permissions assignments are to be updated.  Available selections are:  "Individual," "User Group," "Work Role," "Job Title," and "Global."

  NOTE: In multi-agency, HMIS, and single-agency divisional databases, the "Global" selection is only available to continuum staff.  Users assigned to a specific agency within their staff information records in the Human Resources module will not see the Global selection in the Layer drop-down list.

  TIP: Changes made on any level other than the Individual layer apply only to new users whose permissions have not yet been updated, or to users for whom the default permissions have been restored for the Individual layer using the Restore Defaults option at the bottom of the Permissions page, but for whom those default permissions have not been updated. Exceptions to this are made in the case of some internal audit messages which can require specific work roles as well as individual layer permissions.  For more information, see Understanding Permissions.

  Division - Click this drop-down arrow and select the division for which permissions assignments are to be updated.

  TIP: This option is only available in multi-agency, HMIS, and single-agency divisional databases. If you will be updating the permissions for continuum staff in those settings, set the Division selection to blank.

  Database Mode - Click this drop-down arrow and select "Data Entry."

    1. Click CONTINUE.  The Selection for Permissions page is displayed. 
    2. The options on the Selection for Permissions page vary based on the selections made in step 3 above.  Use the available options to further narrow which permissions are to be updated.

  TIP: The specific permissions within each type included on this page, as well as descriptions of each, can be viewed by clicking the link to the left of the corresponding drop-down list.

  NOTE: When working on the individual layer, the list of users available for selection on the Selection for Permissions page is based on a combination of permissions and user group assignments. By default, users can only set permissions for themselves and their supervisees. Users who are in the "Executive" or "Human Resources" user groups, those who have the Human Resources Data permission, or those who have the Set Permissions for All Staff and Layers permission can set the permissions for all users.

    1. Click CONTINUE.  The Permissions for Layer page is displayed.

  TIP: When working on this data entry page, please keep in mind:

Each permission's "source layer" is displayed in parentheses beneath it, indicating the layer of permissions from which it is being inherited, if any.  If no inheritance is found (meaning that the permission has not been set on any layer), "Default Deny" will be displayed instead, reflecting that the permission is in its default state on all layers and is denied to the user.

No two users can update the permissions for the same user, group of users, or permissions layer at the same time.  If another user is currently updating the permissions you chose to update on the Selection for Permissions page, the Permissions page cannot be displayed.  Instead, a record "locked" notice is displayed, and you will be prompted to wait and try again later.

When working on the Individual layer and updating the permissions for a specific worker, the top of the Permissions for Layer page contains job title, user group, and work role information for that worker.  When updating the permissions for all workers, this information is not displayed by default; however, it can be added to the page by clicking the View Job Title, User Group and Work Roles for All Workers link.

    1. The permissions and assignees listed on the Permissions page vary based on the selections made in steps 3 and 5 above.  For each permission listed, click the checkbox next to the person(s) or layer for whom that permission is to be granted.

  TIP: When working on this data entry page, please keep in mind:

Users can only assign program chart access permissions for those programs to which they themselves have access.

Some permissions cannot be assigned to oneself;  if a checkbox is bold, that permission must be granted by another user with access to Permissions Maintenance.

  TIP: To remove assigned permissions for an individual or layer and to re-apply inherited permissions from higher layers rather than assign new ones, click one of the Remove Permissions buttons. For more information on inherited permissions, see Permission Layers. For more information on removing permissions, see Removing Permissions.)

    1. Click UPDATE PERMISSIONS.  The permissions assignments are saved and a read-only report version of the updated permissions information is displayed on the Permissions for Layer page.

  TIP: When working on the Individual layer, an informational pop-up message is displayed after clicking UPDATE PERMISSIONS. As explained in that pop-up, permissions changes made for a user while that user is currently logged into AWARDS will not take affect until that user has logged out of AWARDS and logged back in again. Click OK to acknowledge the pop-up and view the Permissions for Layer page.

    1. To make additional permissions changes, click Data Entry.  The Permissions for Layer page is displayed.  Repeat steps 7 through 9 as needed.

The process of updating permissions is now complete.

  Removing Permissions (Re-Applying Inherited Permissions)

Unless and until permissions are set for a given user on the Individual layer of permissions, his/her system access is set based on any permissions "inherited" from the other, higher, permissions layers (such as User Group, Work Role, Job Title, and Global).  In some instances it may be necessary to re-apply the inherited permissions for an individual user or permissions layer using the Permissions Maintenance feature's "Remove Permissions" functionality.  For example, removing permissions from the Individual layer could be used in the following scenarios.

  The permissions for a user group are changed, and those changes should be applied to a member of the user group for whom Individual layer permissions exist.

  A new user group is created, a user for whom Individual layer permissions exist is assigned to that group, and the User Group layer permissions should be applied to him or her.

  A staff person's user group is changed and you now want them to inherit the permissions from their new user group.

In each of these examples, removing permissions and re-applying inherited permissions sets for the user all permissions applicable to him or her from those layers above the Individual layer (User Group, Work Role, Job Title, and so on).  Without restoring defaults in these cases, permissions from the User Group layer would not affect the members of that user group when Individual layer permissions exist for those members.

IMPORTANT! Please keep in mind that removing permissions is distinct from unchecking individual permissions - the latter of which happens during the updating permissions process.  Unchecking a permission (followed by clicking Update) denies access to the corresponding feature or functionality on the permissions layer on which it is unchecked.  Conversely, removing permissions from a layer may or may not result in the user(s) being denied access to the corresponding features and functionality.  Instead it will result in the user(s) inheriting the permissions from other, higher, permissions layers on which they may currently be granted (checked off) or denied (unchecked).

The re-application of inherited permissions can be performed on any permissions layer, and for any combination of permission types.  It only deletes the existing permissions on the layer for which it is used, and for the permissions type specified.  For example, removing some or all permissions on the User Group layer only removes those existing permissions for the selected user group and applies to that user group the inherited permissions from those layers above it.  It does not impact the Individual layer permissions of any users in that user group.

  TIP: When permissions are removed on the Individual layer and inherited permissions are re-applied, any permissions specifically assigned to the individual by Foothold Technology will need to be re-requested. This includes permission for Program History Corrections, Merge Consumers, E-Prescribing, and other pieces of limited-access functionality. Please contact the Help Desk for assistance in such cases.

To remove existing permissions on a specific layer and to re-apply inherited permissions from a higher layer, please complete the following steps:

    1. From the AWARDS Home screen, click Administration from the left-hand menu, and then click System Setup.  The System Setup fly-out menu is displayed.
    2. Click Permissions Maintenance.  The Permissions Selection page is displayed.

    1. Click the Permission Type drop-down arrow and select the type of permission to be worked with.  Available selections are:  "All Except Internal Audit Messages," "Internal Audit Messages," "Program Chart Access," "Data Entry/Access," " Exception Overrides," and "All Types."
    2. Click the Permission Layer drop-down arrow and select the layer to be worked with.  Available selections are:  "Individual," "User Group," "Work Role," "Job Title," and "Global."

  NOTE: In multi-agency, HMIS, and single-agency divisional databases, the "Global" selection is only available to continuum staff. Users assigned to a specific agency within their staff information records in the Human Resources module will not see the Global selection in the Layer drop-down list.

    1. Click the Division drop-down arrow and select the division to be worked with.

  NOTE: This option is only available in multi-agency, HMIS, and single-agency divisional databases. If Division is set to the blank selection, any permissions changes are applied to all divisions/agencies in the database. For example, to make global changes to a specific user group, select "User Group" for the permissions layer, and set the division to blank.  One exception to this rule is found on the Individual layer where a blank division selection allows for the updating of permissions for continuum staff only.

    1. Click the Database Mode drop-down arrow and select "Data Entry."
    2. Click CONTINUE.  The Selection for Permissions page is displayed. 
    3. The options on the Selection for Permissions page vary based on the selections made in step 3 through 5.  Use the available option at the top of the page to narrow which group or individual within the selected permissions layer is to have the defaults restored.  Leave all permission selection options set to the default "All" selections.

  NOTE: When working on the individual layer, the list of users available for selection on the Selection for Permissions page is based on a combination of permissions and user group assignments. By default, users can only set permissions for themselves and their supervisees. Users who are in the "Executive" or "Human Resources" user groups, those who have the Human Resources Data permission, or those who have the Set Permissions for All Staff and Layers permission can set the permissions for all users.

    1. Click CONTINUE.  The Permissions for Layer page is displayed.

  TIP: When working on this data entry page, please keep in mind:

Each permission's "source layer" is displayed in parentheses beneath it, indicating the layer of permissions from which it is being inherited, if any.  If no inheritance is found (meaning that the permission has not been set on any layer), "Default Deny" will be displayed instead, reflecting that the permission is in its default state on all layers and is denied to the user.

No two users can update the permissions for the same user, group of users, or permissions layer at the same time.  If another user is currently updating the permissions you chose to update on the Selection for Permissions page, the Permissions page cannot be displayed.  Instead, a record "locked" notice is displayed, and you will be prompted to wait and try again later.

When working on the Individual layer and updating the permissions for a specific worker, the top of the Permissions for Layer page contains job title, user group, and work role information for that worker.  When updating the permissions for all workers, this information is not displayed by default; however, it can be added to the page by clicking the View Job Title, User Group and Work Roles for All Workers link.

    1. Click one of the available remove permissions buttons:

  NOTE: Which of these buttons you see is based on the selections made in the previous steps.  Not all remove options are available in all instances.

  Remove All _____ Permissions on This Layer - Each section (type) of permissions on the data entry page has a Remove button beneath it that, when clicked, removes all permissions of that type on the specific layer you are working with, and re-applies all inherited permissions from other higher permission layers, when applicable.

  Remove All Permissions Except Chart Access on This Layer - When this option is used, all permissions on the layer you are working with are removed, EXCEPT for the program chart access permissions.  Whatever chart access permissions are in place prior to the removal continue to be in place afterward, and only internal audit message, data/entry access, and exception override permissions from the layers above the layer you are working with are re-applied.

  NOTE: This option is only available when the Permission Type was set to "All Types" in step 3.

  Remove All Permissions On This Layer - When this option is used, all permissions on the layer you are working with are removed, INCLUDING program chart access permissions.  Any inherited permissions from higher layers are re-applied in their place.

  NOTE: This option is only available when the Permission Type was set to "All Types" in step 3.

    1. Click OK.  The updated Permissions for Layer page is displayed, including on-screen information confirming completion of the removal, and providing instructions advising you of your next possible steps and their results.
    2. At this time you have two options regarding how to proceed:

  Exit data entry to save the re-applied inherited permissions and to ensure that future changes to higher permissions layers are applied - To leave the newly re-applied inherited permissions in place AND to make sure that any future changes to higher permissions layers are automatically applied to this permission, type, layer, or individual user, do NOT make any other changes on this data entry page, and do NOT click Update.  Instead, click Home to exit the data entry process.

  Make additional changes as needed by checking or unchecking individual permissions - When complete, click Update Permissions to apply your changes.  Keep in mind that if you choose to proceed in this way any changes made on higher permissions layers in the future will NOT be applied to the permission, type, layer, or individual user you are currently working with.

The process of removing permissions is now complete.

  https://demodb.footholdtechnology.com/help/?10773