Navigation
The Penelope End User Security Configuration Guide includes information about the security options that affect a Worker’s access to data and client information in Penelope. The information in this guide is therefore limited to security options that affect workers after they successfully log into Penelope; specifically, those settings that can be found on the System Administration side of Penelope in the Settings and Class Setup tabs in the Security section.
This guide does not include information or suggestions regarding your organization’s own security policies nor does it review the authentication of user access to the database (i.e. logging into Penelope).
For information about authentication options in Penelope please review the Authentication Guide here: https://intercom.help/ssgpenelope/en/articles/5105550-authentication-configuration-guide
Getting started
In this section:
About this guide
This guide includes information about the security options that affect a worker’s access to data and client information in Penelope. The information in this guide is therefore limited to security options that affect workers after they successfully log into the database; specifically, those settings that can be found on the System Administration side of Penelope in the Settings and Class Setup tabs in the Security section.
This guide does not include information or suggestions regarding your organization’s own security policies nor does it review the authentication of user access to the database (i.e. logging into Penelope). For information about authentication options in Penelope, please review the Authentication Guide here: https://intercom.help/ssgpenelope/en/articles/5105550-authentication-configuration-guide.
About security in Penelope
There are four security components in Penelope:
• General security settings
• User Groups
• Security Classes
• Report Security Classes These components work together to affect the amount and type of data a worker can access in Penelope. Below, you’ll find an overview of the four security options. In the remainder of this guide, you’ll find more detail on each of the security options.
First, you’ll need to choose a User Group to determine the baseline set of permissions and type of homepage for the user. Intake-Mgmt and Clinical workers can be assigned to clients and will see their Case Load as their homepage while AdminExec and Volunteer will be able to perform more administrative functions and see their schedule as their homepage.
Sys Admin is a special User Group which provides access to the configuration function sin Penelope. Next, you choose the Security Class to further specify the specific features and types of client records the worker should have access to. For example, users assigned to the Intake-Mgmt User Group with no Security Class will have all access to all client files.
If the user should only have access to client files they’re directly assigned to, you can design a Security Class to reflect this requirement and assign the user to that class. Finally, you choose a Report Security Class to specify which reports the worker has access to.
General security settings About general security settings General security settings are high-level security settings in Penelope that affect general access to information.
These security settings are configurable from a System Administration account in Penelope and are available in the Security section > Settings tab.
Configure general security settings for the first time
Prerequisite: You must be logged in to Penelope using a System Administrator account.
1. In the User Setup section, click Security.
2. On the Settings tab, click Edit.
3. In the General section, configure the following options as applicable to your organization’s needs:
a. To enable workers with Intake-Mgmt permissions to book “i” times for other workers, click the Intake Books “i” Times for Other workers option.
b. To lock all Event and Service File Notes when the service file is closed, click the Lock All Docs. and Notes on Closing of Service option.
c. To enable workers with Admin-Exec permissions to view Event notes, click the Admin. Exec. Can View Event Notes option.
d. To set who can edit Event notes, in the Restrict Edit Event Notes section, complete of the following options:
i. To restrict editing of Event notes to assigned workers only, click the To Assigned workers option.
ii. To not apply restrictions (apart from Security Class settings) to editing of Event Notes, click the No Restrictions option.
e. To set how long workers can be inactive in Penelope, in the Client Timeout field, type the duration in minutes.
f. To prevent a worker’s last name from appearing in External Communications and external Documents, click the Hide worker Last Name on Ext Comm. and Doc. option.
g. To prevent a site name from appearing in External Communications, click the Hide Site Name on Ext Comm. option.
4. In the Delete Passwords and Other Passwords sections, complete one of the following actions for each of the feature types:
a. To require that a worker provide a delete password to delete the feature type, in the password field, type a custom password.
b. To allow workers to delete the feature type without a password, in the password field, remove the password.
5. Click Save.
Modify “i” times for other workers
1. In the User Setup section, click Security.
2. On the Settings tab, click Edit.
3. In the General section, complete one of the following options:
a. To enable workers with Intake-Mgmt permissions to book “i” times for other workers, click the Intake Books “i” Times for Other workers option.
b. To prevent workers with Intake-Mgmt permissions from booking “i” times for other workers, clear the Intake Books “i” Times for Other workers option.
4. Click Save.
Enable or disable locking of all notes on closing of a Service File
1. In the User Setup section, click Security.
2. On the Settings tab, click Edit.
3. In the General section, complete one of the following options:
a. To lock all Event and Service File Notes when the service file is closed, click the Lock All Notes on Closing of Service option.
b. To prevent all Event and Service File Notes from locking when the service file is closed, clear the Lock All Notes on Closing of Service option.
4. Click Save.
Enable or disable Admin-Exec access to event notes
1. In the User Setup section, click Security.
2. On the Settings tab, click Edit.
3. In the General section, complete one of the following options:
a. To enable workers with Admin-Exec permissions to view Event notes, click the Admin. Exec. Can View Event Notes option.
b. To prevent workers with Admin-Exec permissions from viewing Event notes, clear the Admin. Exec. Can View Event Notes option.
4. Click Save.
Modify who can edit event notes
1. In the User Setup section, click Security.
2. On the Settings tab, click Edit.
3. In the General section, complete one of the following options:
a. To restrict editing of Event notes to assigned workers only, in the Restrict Edit Event Notes section, click the To Assigned workers option.
b. To not apply restrictions (apart from Security Class settings) to editing of Event Notes, in the Restrict Edit Event Notes section, click the No Restrictions option.
4. Click Save.
Modify the timeout settings
1. In the User Setup section, click Security.
2. On the Settings tab, click Edit.
3. To set how long workers can be inactive in Penelope, in the General section, in the Client Timeout field, type the duration in minutes.
4. Click Save.
Hide or show worker last name on External Communications and Documents
1. In the User Setup section, click Security.
2. On the Settings tab, click Edit.
3. In the General section, complete one of the following options:
a. To allow a worker’s last name to appear in External Communications and Documents, clear the Hide worker Last Name on Ext Comm. and Doc. option.
b. To prevent a worker’s last name from appearing in External Communications and Documents, click the Hide worker Last Name on Ext Comm. and Doc. option.
4. Click Save.
Hide or show Site name on External Communications
1. In the User Setup section, click Security.
2. On the Settings tab, click Edit.
3. In the General section, complete one of the following options:
a. To allow a site name to appear in External Communications, clear the Hide Site Name on Ext Comm. option.
b. To prevent a site name from appearing in External Communications, click the Hide Site Name on Ext Comm. option.
4. Click Save.
Modify a delete password
1. In the User Setup section, click Security.
2. On the Settings tab, click Edit.
3. In the Delete Passwords and Other Passwords sections, complete one of the following actions for each of the feature types you want to modify:
a. To require that a worker provide a delete password to delete the feature type, in the password field, type a custom password.
b. To allow workers to delete the feature type without a password, in the password field, remove the password.
4. Click Save.
User Groups
About User Groups
A User Group is the basic permission level or role a worker has in Penelope. There are five User Groups in Penelope:
Note: The Kiosk feature and Kiosk User Group are no longer available as of version 4.7.2.0 in Penelope. A User Group defines how a worker interacts with Penelope and the type of work they do. Each User Group has varying permissions regarding access to Penelope features/functions and client records.
In the case of Intake-Mgmt and Clinical worker, both client-facing User Groups with access to client records, but in practice, Intake-Mgmt includes a much more robust set of permissions. For example, a worker assigned to the Clinical worker User Group cannot access the Intake Wizard. User Groups are core functionality of Penelope and cannot be altered. Security Classes can be created and applied to specific users above and beyond their assigned User Group.
Note that Security Classes can only be used to reduce the basic permissions contained within the User Group. To adjust the default permissions of individual users, you can apply additional Security Classes. For example, if you require that your workers can access the Intake Wizard but only have access to client files for which they are the primary worker, you would assign the user the Intake-Mgmt User Group and enable the Restrict Service File access to Assigned workers Security Class. User Groups System Administrator
Intake-Mgmt
Choosing between Intake-Mgmt and Clinical worker User Groups
Often the most important decision when selecting a User Group for a worker is choosing between the Intake-Mgmt and Clinical worker options. To assist with this decision, we’ve outlined the key differences between the User Groups below.
Please note that the differences between the Intake-Mgmt and Clinical Worker User Groups below are based on having no Security Class configured.
Assign a worker to a User Group
The initial assignment of a User Group is completed when creating a new user account. For details on this process, see the following help article: https://intercom.help/ssgpenelope/en/articles/5088684-adding-a-worker-user
Modify a worker’s User Group
Prerequisite: Workers with a System Administrator account automatically have access to modify a worker’s User Group while Intake-Mgmt or Admin-Exec account must be given access via Security Class Settings.
The following Security Class Settings must be enabled for a Intake-Mgmt or Admin-Exec account to have access: Worker Security Settings -> Allow access to Worker Set Up
Note: The worker cannot be logged in to Penelope when completing this task.
1. Click Search.
2. On the Worker tab, fill in any Search Criteria you’d like, and click Go.
3. In the Results section, click the Worker.
4. On the Profile tab, click Edit.
5. From the User Group drop-down, choose a new User Group.
6. Click Save.
Security Classes
In this section:
About Security Classes
Security Classes are a customizable function you can use to restrict or grant access to features and client information in Penelope. While the User Group defines the base level of permissions and interaction with Penelope, the Security Class a worker is assigned to affects which specific screens, features and client information they will have access to. A Security Class is made up of several Security Class settings that have been enabled or disabled. The specific settings are what determines what the worker can see and do in Penelope. There are two ways to view a Security Class: the view/read-only screen and the edit screen:
You can create an unlimited number of Security Classes for your agency, and you can design the Security Classes around job function, teams, etc.
You can assign multiple workers to the same Security Class. You can also create Security Classes for single workers who require unique access permissions in Penelope. Security Class settings are grouped into the following categories:
• Specific pages security settings
• Worker security settings
• Search security settings
• Billing information security settings
• Funder security settings
• Policy security settings
• Case and Service File security settings
• Event security settings
• Document security settings
• Informal Service security settings
• Setup security settings
• Report security settings
• Attachment security settings
• PCEHR security settings For more information about individual settings in these categories, please review the Appendix: List of Security Class settings topic at the end of this guide.
Create a custom security class
When creating your own Security Class, you may find it helpful to use the Penelope Security Class Template available here: https://intercom.help/ssgpenelope/en/articles/5125874-role-based-security-class-examples
Prerequisite: You must be logged in to Penelope using a System Administrator account.
Option 1: Create a new Security Class
1. In the User Setup section, click Security.
2. Click the Class Setup tab.
3. In the Security Class section, click Add.
4. In the Class Name field, type a name for the Security Class you’re creating.
5. Optionally, in the Notes field, type any additional information you’d like about the Security Class.
6. In each of the Security Class sections, select which settings you’d like to enable. Clicking the adjacent checkbox enables the setting. For more information about what impact each setting has, please review the Appendix: List of Security Class settings topic at the end of this guide.
7. Click Save.
Option 2: Copy an existing Security Class
You can use an existing Security Class as a template to a new Security Class. When copying the Security Class, you inherit the same settings which you can adjust to reflect the specific needs of the new Security Class.
1. Navigate to User Setup > Security > Class Setup tab.
2. In the Security Class section, click the Security Class you want to modify.
3. In the Class Name field, type a name for the Security Class you’re creating.
4. Click Edit. In each of the Security Class Categories, select which settings you’d like to enable by clicking the adjacent checkbox.
5. Optionally, in the Notes field, type any additional information you’d like about the Security Class.
6. Click Save.
Modify a security class
Prerequisite: You must be logged in to Penelope using a System Administrator account.
1. In the User Setup section, click Security.
2. Click the Class Setup tab.
3. In the Security Class section, click the Security Class you want to modify.
4. Click Edit.
5. As needed complete the following tasks:
• To enable a setting, click the adjacent checkbox.
• To disable a setting, clear the adjacent checkbox.
6. Click Save.
Assign a worker to a security class
You can assign a worker to a Security Class in one of two ways: from the Security Class page or from the Worker’s Profile. Assigning a worker to a Security Class from the Security Class page works best for assigning multiple workers while modifying the Worker’s Profile works best for assigning single workers.
Assign one or more workers from the Security Class page
Prerequisite: You must be logged in to Penelope using a System Administrator account.
1. In the User Setup section, click Security.
2. Click the Class Setup tab.
3. In the Security Class section, click the Security Class you want to assign a worker to.
4. Click the Members tab.
5. In the Security Class Members section, click Add User.
6. In the User field, start typing the name of the worker you want to assign to the Security Class. Select the name from the suggest lookup list.
7. Click Save.
8. Repeat Steps 5-7 for any additional workers you want to assign to the Security Class.
Assign a single worker from the Worker Profile page
The initial assignment of a Security Class is completed when creating a new user account. For details on this process, see the following help article: https://intercom.help/ssgpenelope/en/articles/5088684-adding-a-worker-user Prerequisite: Workers with a System Administrator account automatically have access to modify a worker’s Security Class while Intake-Mgmt or Admin-Exec account must be given access via Security Class Settings. The following Security Class Settings must be enabled for a Intake-Mgmt or Admin-Exec account to have access: Worker Security Settings > Allow access to Worker Set Up
1. Click Search.
2. On the Worker tab, fill in any Search Criteria you’d like, and click Go.
3. In the Results section, click the Worker.
4. On the Profile tab, click Edit.
5. From the Security Class drop-down, choose a new Security Class.
6. Click Save.
View a list of permissions for a security class
The Security Class Report displays active Security Class settings by Security Class with options to include members and report on user Security Classes.
Prerequisite: You must be logged in to Penelope using a System Administrator account.
1. In the User Setup section, click Security.
2. From the Reports sidebar, click the Security Class Report.
3. In the Report Options section, ensure that the Security Class > User option is selected.
4. In the Criteria section, from the Security Class drop-down, choose which Security Class you’d like to report on.
5. Optionally, in the Report Options section, click the Include Members option to display a list of workers assigned to the Security Class.
6. Click View. If you’d like to print the report, complete one of the following options:
• If your agency logo appears in the top left corner of the report, click the logo.
• If your agency logo does not appear and instead you see a red X, click the X.
• If you do not see your agency logo or the X, on your keyboard, press CTRL/CMD + P.
Frequently asked questions
How many security classes do I need?
It depends! Consider the following questions when designing your security groups: • How many job functions or roles does our agency have? For some agencies, it makes sense to create a 1:1 relationship between the number of roles and number of security classes. Other agencies might have greater or fewer security requirements.
Do my staff with the same or similar job titles require the same access levels in Penelope or is there some variability?
You should consider creating a Security Class for each person or group of people who require different levels of access.
Are there any staff requiring unique access to features in Penelope/Are processes like intake and billing centralized to one staff member/Who should have access to the setup sidebar?
We recommend that only those staff who are part of the Penelope Implementation Project team members and/or staff who will make ongoing changes to the list of services offered, cart items, documents, etc. have access to the Setup Sidebar. The following Security Class Settings must be enabled for a Intake-Mgmt or Admin-Exec account to have access: Worker Security Settings > Allow access to Worker Set Up
How do I give someone access to the Intake Wizard?
Workers belonging to either the Intake-Mgmt or Admin-Exec User Groups have access to the Intake Wizard by default. Workers belonging to other User Groups cannot be given access to the Intake Wizard even using Security Settings.
How do I prevent someone from accessing Service Files they’re not assigned to? Workers belonging to the Clinical Worker User Group are only able to access Service Files they are directly assigned to. To prevent other workers from accessing Service Files they’re not assigned to, enable the Case and Service File Security Settings > Restrict Service File access to Assigned Workers setting.
How do I give team members access to each other’s client files?
If you want members of the same team or workers who provide the same service to be able to access each other’s files but not access the files from another service, enable the Case and Service File Security Settings > Restrict Intake to assigned Case Services setting.
How do I give someone access to a Group?
First, if the worker belongs to the Clinical Worker User Group, you must ensure that they’re the Primary Worker for the Group. Otherwise, they will not be able to view the Group regardless of any security settings you choose to employ. IntakeMgmt and Admin-Exec workers have access to Groups by default, but this access can be restricted by Case and Service File Security Settings.
How do I prevent someone from seeing the price of cart items/Service Units?
To prevent a worker from seeing the price of Cart items, enable the Billing Information Security Settings > Hide Billing Amounts in Case setting. The workers will be able to add Service Units to the cart, but they will not be able to see the fee of the Service Unit while in the event.
Report Security Classes
In this section:
About report security settings
A Report Security Class is a security class setting used to give or restrict access to built-in reports in Penelope. Penelope includes several built-in Report Security Class options that you can assign to a worker. You can also request that your System Administrator create custom Report Security Classes based on your agency’s unique needs. The default Report Security Classes include:
• All Reports
• Default Admin-Exec Reports
• Default Intake-Mgmt Reports
• Default Clinical Worker Reports
• Default Kiosk User Reports (**the Kiosk feature is not available in v4.7.2.0 and higher of Penelope**)
• Default System Administrator Reports
• Default Volunteer-Student Reports
The specific reports included in each of these default options are designed to fulfill the most common reporting needs for that User Group type. Note that, other than the “ALL Reports” option, the default Report Security Classes cannot be modified. When you add a new user to Penelope, the Report Security Class assigned to that worker is automatically selected based on the User Group the worker is assigned to. For example, if you set up a worker as Intake-Mgmt, they automatically inherit the “Default Intake-Mgmt Reports” option.
You can, however, adjust which Report Security Class assigned to the worker to one of the other default options or a custom option created by your System Administrator. Create or modify a Report Security Class To customize access to specific reports, you must modify an existing custom Report Security Class or create a new custom Report Security Class. When creating your own Report Security Class, you may find it helpful to use the Penelope Security Class Template available here (see the second tab): https://intercom.help/ssgpenelope/en/articles/5125874-role-based-security-class-examples
Prerequisite: You must be logged in to Penelope using a System Administrator account.
Option 1: Create a new Report Security Class
1. In the User Setup section, click Security.
2. Click Class Setup.
3. Complete one of the following actions:
a. To modify an existing custom Report Security Class, in the Report Security Class section, click the name of a class.
b. To create a new custom Report Security Class, in the Report Security Class section, click Add.
4. As applicable, select the reports you want the workers belonging to this class to have access to.
5. Click Save.
Option 2: Copy an existing new Report Security Class
You can use an existing Report Security Class as a template to a new Report Security Class. When copying the Report Security Class, you inherit the same settings which you can adjust to reflect the specific needs of the new Report Security Class.
1. Navigate to User Setup > Security > Class Setup tab.
2. In the Report Security Class section, click the Report Security Class you want to modify.
3. In the Class Name field, type a name for the Report Security Class you’re creating. 4. Click Edit. In each of the Report Security Class Categories, select the reports you want the Workers belonging to this class to have access to.
5. Optionally, in the Notes field, type any additional information you’d like about the Security Class.
6. Click Save.
Assign a worker to a Report security class
You can assign a worker to a Report Security Class in one of two ways: from the Report Security Class page or from the Worker’s Profile. Assigning a worker to a Report Security Class from the Report Security Class page works best for assigning multiple workers while modifying the Worker’s Profile works best for assigning single workers. Assign one or more workers from the Report Security Class page Prerequisite: You must be logged in to Penelope using a System Administrator account.
1. In the User Setup section, click Security.
2. Click the Class Setup tab.
3. In the Report Security Class section, click the Report Security Class you want to assign a worker to.
4. Click the Members tab.
5. In the Report Security Class Members section, click Add User.
6. In the User field, start typing the name of the worker you want to assign to the Report Security Class. Select the name from the suggest lookup list.
7. Click Save.
8. Repeat Steps 5-7 for any additional workers you want to assign to the Report Security Class.
Assign a single worker from the Worker Profile page
The initial assignment of a Report Security Class is completed when creating a new user account. For details on this process, see the following help article: https://intercom.help/ssgpenelope/en/articles/5088684-adding-a-worker-user
Prerequisite: Workers with a System Administrator account automatically have access to modify a worker’s Report Security Class while Intake-Mgmt or Admin-Exec account must be given access via Security Class Settings. The following Security Class Settings must be enabled for a Intake-Mgmt or Admin-Exec account to have access: Worker Security Settings > Allow access to Worker Set Up
1. Click Search.
2. On the Worker tab, fill in any Search Criteria you’d like, and click Go.
3. In the Results section, click the Worker.
4. On the Profile tab, click Edit.
5. From the Report Security Class drop-down, choose a new Report Security Class.
6. Click Save.
View a list of permissions for a security class
The Security Class Report displays active Report Security Class settings by Report Security Class with options to include members and report on Report Security Classes. Prerequisite: You must be logged in to Penelope using a System Administrator account.
1. In the User Setup section, click Security.
2. From the Reports sidebar, click the Security Class Report.
3. In the Report Options section, ensure that the Security Class > User option is selected.
4. In the Criteria section, from the Security Class drop-down, choose which Security Class you’d like to report on.
5. Optionally, in the Report Options section, click the Include Members option to display a list of workers assigned to the Security Class.
6. Click View. If you’d like to print the report, complete one of the following options:
• If your agency logo appears in the top left corner of the report, click the logo.
• If your agency logo does not appear and instead you see a red X, click the X.
• If you do not see your agency logo or the X, on your keyboard, press CTRL/CMD + P.
Appendix: List of Security Class settings Specific pages security settings
In this section:
Worker security settings
Search security settings
Billing information security settings
Setting Effect if enabled
Report security settings
The following settings apply to groups of reports. For information about enabling or disabling access to specific reports within each section, see the Report Security Class section of this guide.