Restrict user due to missing HR documents.
Name: Restrict user due to missing HR documents.
Description: How to restrict user actions if they have missing or expired documents.
Difficulty: Easy
Duration: Less than 2 minutes
Summary:
1. Go to the Agency's Dashboard.
2. Click on Configuration.
3. Scroll down till HR Documents.
4. Click the Edit button of the document(s) you would like to restrict the user if it is missing or expired.
5. On the new window, enable the “Restricts” feature.
6. Finally, click on “Update”.
- Important - These restrictions do not apply to Administrators of the Agency.
Restrict user actions due to missing or expired documents.
Step 1: Go to the Agency's Dashboard.
Step 2: Click on Configuration.
Step 3: Scroll down till HR Documents.
Step 4: Click the Edit button of the document(s) you would like to restrict the user if it is missing or expired.
Step 5: On the new window, enable the “Restricts” feature.
Step 6: Finally, click on “Update”.
Access Roles
How does role-based access control work?
It is a security mechanism that restricts unauthorized access to the system. Each user has a specific role, which determines the privileges they are granted.
The user can be controlled when he/she performs a certain action within the system, and only be granted access to the information required for performing the task as specified in the configured role. As a result, managing permissions is minimized because users do not have to create permissions one by one, once roles with specific permissions have been created. Then, they can assign users according to their needs. This ensures that information is protected from malicious users by preventing them from accessing information not relevant to them.
Using Office Puzzle's built-in role-based access control, you can control the actions that are performed on every page within the system, such as create, read, edit and delete. According to their role, these actions are authorized or not, avoiding unexpected changes and protecting information.
The roles in the system are as follows:
PROVIDER_LEVEL_1: Accesses all customer information, creates documents, events, uploads files and collects data.
PROVIDER_LEVEL_2: Same as PROVIDER_LEVEL_1 with the additional ability to modify the service plan and review documents from other providers to mark them as read-only.
PROVIDER_ADMIN: Same as PROVIDER_LEVEL_2, but additionally can modify all customer information such as demographics, addresses, authorizations, required documents, etc.
ADMIN_HR: Accesses all agency-level information related to human resources, like Management of in-services, Payroll, New users, etc. Has limited access to customers but full access to suppliers.
ADMIN_CLINICAL: Accesses to manage all agency-level information related to the clinical side. Limited access to users but full access to the client.
ADMIN_OPERATIONS: Accesses agency-level information, like Users, Calendar, Reports, Documents etc. Has limited access to agency but full access to suppliers and clients.
ADMIN: Has full access to the agency, users, and clients.