The Admin area has a Security section which allows users with Admin rights to set Access Controls, Access Principles and Roles.

The Care Partner Security module is implemented on a staff member level and allows for truly modular security, where admin users can enable and disable areas or individual features for particular groups of users in the system.

At its core, Care Partner is role-based - however to add flexibility and to allow for future enhancements, we have introduced a level of management on top of these called Access Principles. It is at this level that security and functional access to Care Partner is assigned.

The Security Levels are managed from within the Admin area of Care Partner. Security settings can be used to grant access to entire modules, specific sections within modules, or even panels of sensitive information or particular administrative functionality within particular sections.

The choice of how to implement the security is very open-ended and can be used to control almost anything that you choose.

Advanced Security Setting

In order for any settings configured within the Security area to take effect, Advanced Security must be enabled within the Settings area of Admin.

Note: Enabling Advanced Security without setting up any of the Roles, Access Principles and Access Control will mean that staff have a restricted view of service user information.

Please set up Security and test this before putting on a Live system. We suggest that Security (Roles, Access Principles and Access Controls for Staff) is set up before turning on Advanced Security in the Settings.

Security Module

The security module consists of:

Roles

Roles are intended to broadly represent core roles within the area the system is being used.

Roles are assigned to staff members. Role name examples include Activities Only and Can Delete Role.

Access Principles

Access Principles are logical groupings of Roles. Security rules are applied at this level to allow for a higher level of configuration without the need for duplication of administrative work.

Access Principles allow you to apply the same configurations to multiple Roles whilst at the same time allowing the individual Administrators the ability to be as open or restrictive as required.

Within the Access Principles, the Administrators may select which combination of system Roles belong to it. There can be as many Roles and Access Principle combinations as the user wishes to create.

Conceptually, Access Principles are designed to represent functions that users might perform within Care Partner. Rather than having one single large Access Principle that grants access to everything, they are intended to be layered with each other to provide a more granular and controllable security mechanism. It is worth noting that they do work in conjunction with each other and follow a ‘highest access wins’ rule. This means that as long as you belong to one Access Principle that grants access to a feature, you will be able to see it. This is why Access Principles should be tiered to progressively grant access to functionality, rather than restrict it.

Access Control

Elements in the system that support the Advanced Security configuration will appear under the Access Control section. This tree represents the structure of the security hierarchy from module level down to page element. Once each item is selected, you are shown a list of all the active Access Principles and can enable or disable this feature for that Access Principle. Typically, lower-level elements, when enabled, simply add or remove features from the specific screens, whereas higher-level elements are used to physically prevent access to these sections entirely.

Access Control Tree

You can control access to the following areas of Care Partner:

This security element works in conjunction with existing admin permissions

  • Activities Module

    • Activities Module Activity Page

      • Activities Module Activity Page Fill with Default Answers Button
      • Activities Module Activity Page Close Button
      • Activities Module Activity Page View History Modal - Filter by Answered vs Unanswered
      • Activities Module Activity Page Mark Data as Sensitive

Activities Module Activity Page Delete Button

  • Calendar Module
  • Care Plans Module
  • Contacts Module

    • Contacts Module View Page

Contacts Module View Page Delete Button

  • Dashboards Module

    • Dashboards Module Dashboard Page

      • Dashboards Module Dashboard Page View Key Items Container
      • Dashboards Module Dashboard Page View Latest Activity Record Container
      • Dashboards Module Dashboard Page View Latest Assessment Container
      • Dashboards Module Dashboard Page View Latest Care Plan Container
      • Dashboards Module Dashboard Page View Latest Contact Record Container
      • Dashboards Module Dashboard Page View Care Plan Reviews Due Container
  • Diagnoses Module

    • Diagnoses Module View Page

      • Diagnoses Module View Page Delete Button
  • Involvements Module

    • Involvements Module View Page

Involvements Module View Page Edit Button

Involvements Module View Page Reopen Button

Involvements Module View Page Delete Button

  • Notifications Module
  • Pathways Module

Access Denied Messages

Please note that because of links within Care Partner, if you turn off a complete module for Staff, their access to other areas may be restricted.

For example:

  • Turning off the Calendar module and not the Notifications module. When Staff click on Reminders in the Notifications module, they will see the Access Denied message, as the Reminders are linked to the Calendar.
  • Turning off Contacts and keeping access to Involvements. When Staff click on an Involvement to see more details, they will see the Access Denied message, as Contacts are listed within the Involvement details.

As security features develop, the modular access will expand as needed. If you add Roles and Access Principles beyond what is detailed in this document, there might be some unexpected effects.

The Admin Logs contain details of why Staff have seen the Access Denied messages and which module of the site they do not have access to. 

To learn more about setting up Advanced Security, take a look at the following examples: