Administrators can create permission sets to manage user access to forms, reports, and bulletins. This allows an Administrator to allow or restrict access to all the records that have been created of a certain form, for example.
User Record Level Access (RLA) are additional restrictions that allow users to only see those records that have been created or assigned to themselves.
Perhaps you track confidential information, such counseling notes, that cannot be shared across different users at your organization. Administrators may turn on User Record Level Access to restrict access of one user to only those records which have been created by, or assigned to that user alone.
* Note: If your site does not look like the screenshot below, view the Caseloads article for Role Based Permissions here. *
Turning on User Record Level Access
User Record Level Access is a standard feature in Apricot, but it does need to be turned on.
1. To check to see that it is turned, select the Administrator tab.
2. In the left hand menu, select Apricot Settings.
3. Under A La Carte Features, select Record Level Access - User.
4. Save Settings.
Create a New Program
1. Open the Administrator tab.
2. Select Sites & Programs in the left hand menu.
3. Click New button on the right.
4. Select New Programs from the window that pops up.
Name your program.
Select Site (in this case Default.)
Create a New Permission Set
To the right of permission sets, hover over Actions.
Select "Create New."
1. Name your permission set.
2. Under Assigned Users, select "Add." This is where you will find and add the users who will be governed by the specific permission set you are creating.
*Note* If you have a lot of users, it may be helpful to add a search field by selecting from the drop down menu.
4. Select the user or users you would like to add to this permission set.
5. Close the pop up window.
Adding User RLA
Scroll down to the section called "Permissions."
1. Across the top, you will see tabs for forms, reports, bulletins and shared files. User Record Level Access can only be applied to forms, so select that.
2. On the left hand side of the grid, you will see a list of all the forms that exist in your Apricot.
3. Across the top of the grid, you will see different kinds of access. Turn on Ignore Program Assignment.
4. And turn on User RLA. Please note that User RLA will only work when both options are checked.
Assigning Records to a User
Once you have created a program and assigned User RLA to a permission set, you will need to assign the existing records to the correct user. The user will not be able to access any of the records until they have been assigned.
1. Click the My Apricot tab.
2. On the left hand menu, select the form you would like to use.
3. Expand the black arrow to select a search field. Your goal at this point is to narrow down your results to exactly the records you would like to assign - so searching for a specific name might be a good idea.
1. When you have narrowed your search results so that the page only shows those records you want to assign.
2. Select Program Access.
When the access window opens, select the form you would like to adjust access on. This will default to the tier 1 form you utilized in the search.
Owner: Expand the black arrow and select the user who has been assigned to the permission set for User RLA. It will change the User RLA for all the records currently showing in the search screen.
Testing User RLA
1. To see that User RLA is working, hover your mouse over your name in the upper right hand corner.
2. Expand the black arrow next to your name and you will see a list of all existing users. Select the users you assigned the records to.
1. Now you are viewing your Apricot as a specific user.
2. If User RLA has been applied correctly, no matter what records you search for, you will only ever be able to find/see those records that were assigned to this particular user.
You can hover the mouse over your name in the corner again and revert yourself back to your own access once you have made sure your records were assigned correctly.
Note: Duplicate checks will still work when creating a new record; even if the user doesn't have access the original record, they will receive a notification: