A User Group is a predefined set of permissions that define how a Worker interacts with Penelope and the type of work they do. There are six User Groups in Penelope:
Each User Group has a different default level of access to Penelope features and client data. Intake-Mgmt and Clinical Worker are both client-facing User Groups with access to client records, but in practice, Intake-Mgmt includes a much more robust set of permissions. For example, a Worker assigned to the Clinical Worker User Group cannot access the Intake Wizard while a Worker assigned to Intake-Mgmt can.
User Groups are the core functionality of Penelope and cannot be altered. Security Classes can be created and applied to specific users above and beyond their assigned User Group.
To further restrict or modify the permissions of Workers beyond what’s included in the User Group, you can create Security Classes. For example, if you require that your Counsellors access the Intake Wizard but only have access to their own client files, you could assign the user the Intake-Mgmt User Group and create a Security Class with the Restrict Service File access to Assigned Workers Security Class Setting enabled.
Useful Information
Security Classes can only be used to reduce the basic permissions contained within the User Group – not increase permissions.
Types of User Groups
System Administrator
A System Administrator has access to the main database setup and configuration options. This User Group should be assigned as a role/function rather than a day-to-day login level. Often, one or more Workers will have both a System Administrator account in addition to another type of account like Intake-Mgmt or Admin-Exec as a system admin account does not take up a license space.
With a System Administrator account you:
Can access all system setup and configuration options
Can create new Worker accounts and permissions
Can modify user defined and drop-down values
Cannot access client records, client files, scheduling features, etc.
System Administrator is typically assigned to:
Penelope implementation and configuration project team members
Penelope Super Users (staff responsible for ongoing maintenance and configuration of your Penelope database)
IT team members
System Administrator Homepage
Intake-Mgmt
The Intake-Mgmt User Group is well-suited for most workers in clinical or client-facing roles. By default, Intake-Mgmt permissions have no limits on access to client data or Penelope features, but you can modify access through Security Class Settings.
Barring Security Class restrictions with an Intake-Mgmt account you:
Can access all features/functions
Can access all client files
Can access the Intake Wizard
Can view agency appointments
Can use billing functions
Can access Setup side menu
Can access front-end configuration options
Cannot access back-end/System-Administrator configuration options
Intake-Mgmt is typically assigned to:
Counsellors/Therapists
Case Managers
Group Leaders
Support Workers
Nurses
Intake-Mgmt Homepage
Clinical Worker
The Clinical Worker User Group is best suited for clinical or client-facing roles that either don’t require or should be more restricted from viewing client data and Penelope features. Often, the Clinical Worker User Group is used for developing roles like interns or new graduates.
Barring Security Class restrictions with a Clinical Worker account you:
Can access your own client files only
Can access limited billing functions
Can access Setup side menu
Cannot use the Intake Wizard
Cannot view agency appointments
Cannot access Cases or Services Files to which you are not directly assigned
Cannot access back-end/System-Administrator configuration options
Cannot access Groups unless assigned as the Primary Worker (even if they have been assigned as an "Other" worker)
Clinical Worker is typically assigned to:
Junior client-facing staff
Students
Interns
Volunteers
Consultants
Clinical Worker Homepage
Admin-Executive
The Admin-Exec User Group is typically suitable for administrative, executive, management, and support roles at your agency.
Barring Security Class restrictions with an Admin-Executive account you:
Can access all features/functions (by default; can be customized using Security Classes)
Can access all client files (by default; can be customized using Security Classes)
Can access the Intake Wizard
Can view agency appointments
Can use billing functions
Can access Setup side menu
Can access front-end configuration options
Cannot be assigned as a worker to a Service File or Group
Cannot access Service File notes (by default; can be customized)
Cannot access back-end/System-Administrator configuration options
Admin-Exec is typically assigned to:
Team Leaders/Managers who don’t also maintain their own caseload
Program Managers
Administrators
Reception
Executives
Admin-Exec Homepage
Volunteer
The Volunteer User Group level is appropriate for Workers who should not have any access to client records, billing, or reporting functions. This User Group level is suitable for part-time volunteer staff who may record Anonymous Services or participate in an Informal Series.
Can complete data-entry only
Can access Setup side menu
Cannot access any client files
Cannot access the Intake Wizard (but can access Add Individual)
Volunteer is typically assigned to:
Data-entry Volunteers
Volunteer Homepage
External Administrator
In version 4.15.1.0 of Penelope, the External Administrator User Group was added. The External Administrator User Group cannot log into Penelope and will be utilized for future Penelope enhancements. Please note that Workers assigned to this User Group do not get counted towards your Named Active Users.
Choosing Between Intake-Mgmt and Clinical Worker
Often the most important decision when selecting a User Group for a Worker is choosing between the Intake-Mgmt and Clinical Worker options. To assist with this decision, we’ve outlined the key differences between the User Groups below.
Intake Mgmt | Clinical Worker |
Can access Agency Appointments | Cannot access Agency Appointments (but can access the Agency Schedule) |
Can access the Intake Wizard | Cannot access the Intake Wizard (but can access the Add Individual feature if enabled) |
Can assign someone other than themselves as Primary Worker on a Service File through the Add Service File or Add Service Wizard tools | Can only assign themselves as Primary Worker on a Service File through the Add Service File or Add Service Wizard tools |
Can access to Pre-Enrollment | Cannot access Pre-Enrollment (by default; can be configured through Security Class settings) |
Can assign clients into service from the Pre-Enrollment list | If given access to Pre-Enrollment, cannot assign clients into a service from the list. Assigning from pre-enrollment requires selecting a worker from a list of available workers, and Clinical workers can only assign clients to themselves. |
Can access all Billing functions | Can access some Billing functions (for example, Quick Pay for Events) |
Can access all Service Files | Can only access Service Files they're directly assigned to |
Can access all Groups | Cannot access Groups unless assigned as the Primary Worker (even if they have been assigned as an "Other" worker). |
Useful Information
The differences between the Intake-Mgmt and Clinical Worker User Groups below are based on having no Security Class configured. You can use Security Settings to further configure access to client data and Penelope features.
Assign a Worker to a User Group
The initial assignment of a User Group is completed when creating a new user account. For details on this process, refer to this article.
Modify a Worker’s User Group
Prerequisite: Workers with a System Administrator account automatically have access to modify a Worker’s User Group while Intake-Mgmt or Admin-Exec account must be given access via Security Class Settings. The following Security Class Settings must be enabled for a Intake-Mgmt or Admin-Exec account to have access: Worker Security Settings > Allow access to Worker Set Up
Locate the Worker using the Search > Worker tab.
Fill in any Search Criteria you’d like and click Go.
In the Results section, click the Worker whose User Group you want to modify.
On the Profile tab, click Edit.
From the User Group drop-down, choose a new User Group.
Click Save.
Useful Information
The worker cannot be logged in to Penelope when completing this task.