Skip to main content
All CollectionsHelp ArticlesAccess and PermissionsSecurity
Security Class Template - Finance Staff
Security Class Template - Finance Staff
Updated over 10 months ago

Below you will find an example Security Class template for Worker’s who are in the role of Finance Staff. This template should be used as a starting point and adapted to meet your agency’s requirements.

It should also be noted that depending on your agency’s configuration and available modules, some of the Security Class Rules listed below may or may not appear.

X = check radio button / blank = unchecked / ? = depends on agency-specific modules

Specific Pages Security Settings

X

Hide Master Schedule

This setting hides the Master Agency Schedule icon (located on the left side bar)

X

Deny access to Agency Appointments Page

Worker will not be able to access the Agency Appointments page (which displays all events for your organization). As a result, the worker will only be able to access the appointments which they are attending.

X

Deny Access to Intake Wizard

Worker will not be able to use the Intake Wizard

X

Hide Intake Wizard link on Home Page only

Worker will not be able to access the intake wizard from the Home Page. However, they can still access the intake wizard from the individual search and the individual page. NOTE: for this setting to work as expected, the “Deny Access to Intake Wizard” setting above must be OFF.

X

Deny Access to Pre-Enrollment List

Worker will not be able to access the agency-wide Pre-Enrollment List. Note that having this setting on still allows the worker to access specific pre-enrollment entries of specific individuals via their Individual Profile.

Deny Admin Executive Level Workers from Reviewing Service Events for Invoicing

The Admin-Exec user will not be able to access the Event Review Page or be able to edit the Review flag on the Service Event page

Deny Intake Management Level Workers from Reviewing Service Events for Invoicing

The Intake Management level worker will not be able to access the Event Review Page or be able to edit the Review flag on the Service Event page

Hide the Coverage Maintenance Page

This setting hides the Coverage Maintenance link from the Home Page

Allow access to ‘View by Individuals’ in Master Schedule

Worker will be able to View the Schedules of Individuals on the Master Schedule

?

Show Link to DSS submissions list from home page

Worker will be granted access to the DSS submission list from the home page, and will be able to fix errors and mark the relevant record(s) for submission after the errors are fixed. Note that this security setting does not automatically grant the worker access to submission history records for which they are not the primary worker. See “Allow Access to DSS submissions of workers other than self” setting below

?

Allow Access to DSS submissions of workers other than self

Worker will be granted full access to all DSS submissions regardless of whether they are the primary worker of the service file/group or not.

?

Show Link to NDIS submissions list from home page

Worker will be granted access to the NDIS submission list from the home page, and will be able to fix errors and mark the relevant record(s) as corrected. Note that this security setting does not automatically grant the worker access to submission history records for which they are not the primary worker. See “Allow Access to NDIS submissions of workers other than self” setting below

?

Allow Access to NDIS submissions of workers other than self

Worker will be granted full access to all NDIS submissions regardless of whether they are the primary worker of the service file/group or not.

?

Allow Access to NDIS files

Worker will be granted full access to all NDIS files and able to modify and delete them.

X

Deny Access to Service Event :: Cart tab

Workers will not be able to access the “Cart” tab on the Service Event Page.

X

Restrict Access to Service Event :: Cart tab to assigned workers only

Workers will not be able to access the “Cart” tab on the Service Event Page if they are not directly assigned to its parent service file.

X

Deny Modifications to Service Event :: Attendee Tab

Workers will not be able to modify the clients, blue book entries, workers or resources on the “Attendee” tab on the Service Event Page.

X

Restrict Modifications to Service Event :: Attendee Tab to assigned workers only

Workers will not be able to modify the clients, blue book entries, workers or resources on the “Attendee” tab on the Service Event Page if they are not directly assigned to its parent service file.

X

Deny Access to Service Event :: User Defined Tab

Workers will not be able to access the User Defined tab on the Service Event Page.

X

Restrict Access to Service Event :: User Defined Tab to assigned workers only

Workers will not be able to access the User Defined Tab on Service Event Page if they are not directly assigned to its parent service file.

X

Deny Access to Service File :: User Defined Tab

Workers will not be able to access the Service File Page :: User Defined Tab.

X

Restrict Access to Service File :: User Defined Tab to assigned workers only

Workers will not be able to access the User Defined Tab on the Service File Page if they are not directly assigned to that service file.

X

Deny Modifications to Service File Workers

Worker will not be able to edit the workers box on the service file page :: profile tab after the service file has been added.

Allow access to agency targets

Worker will be able to view and edit agency targets via a link from the home page

Allow deleting and editing of messages in the system

Worker will be able to delete or edit existing messages at any level

X

Deny Access to All Group pages

Workers will not be able to view the list of groups in the system, along with the Group page and the Group Event page

X

Deny Access to Anonymous Services

Workers will not be able to access the anonymous services in the system. This includes the anonymous service list as well as the ability to add new instsnces of anonymous services

Deny Access to Reference page

Workers will not be able to access the reference page from the home page (which contains the list of services along with sites, resources, and agency links)

X

Deny Addition and Modification of Public Blue Book Entries

Workers will not be able to add or modify Public Blue Book entries. They are still able to add existing Blue Book entries as referrals and collateral contacts, and new private collateral contacts.

?

Allow Marking DSS Records Not For Submission

Workers will be able to mark records with DSS information (client, cases, sessions and assessments) not for submission, meaning they will never be uploaded to DSS data exchange

X

Deny Addition of Agency News

Workers will not be able to add news items on the Agency News page.

Worker Security Settings

Allow access to Worker Set Up

Worker will be able to access and make modifications to other Worker’s Profiles. Note that this excludes Attachments, Documents, Preferences, and the Worker’s Context / Home Page Reports

X

Allow Worker to access their Subordinate Workers’ Profile Documents, Attachments, and Workflow

Each Worker’s profile includes a ‘Reports to’ field. In this context, Workers who report to you are considered your ‘Subordinates’. With this security rule and notwithstanding other rules that may be in effect, the Worker will be able to access Attachments, Documents and Workflow on the Subordinates Worker’s profile. The worker will be able to view, create, add, edit and delete the Subordinate Worker’s Attachments, Documents, or Workflow Tasks and Reminders.

Allow access to Worker Profile Documents, Attachments, and Workflow of other Workers

Notwithstanding other security restrictions and configuration, the Worker will be able to access Attachments, Documents and Workflow on the other Worker’s profile. The worker will be able to view, create, add, edit and delete the other Worker’s Attachments, Documents, or Workflow Tasks and Reminders.

X

Allow Viewing of Contact Information of other Workers

Worker will be able to view the Contact Information on other Workers’ Profiles

Allow Viewing of User-Defined Information of other Workers

Worker will be able to view the User-defined Information on other Workers’ Profiles

Allow Viewing of Clinical Information of other Workers

‘Worker will be able to view the Clinical Information on other Workers’ Profiles

Allow creating Intake Availability Times for other Workers

Worker will be able to create intake availability times for other workers

Allow creating Worker Availability Slots for other workers

Worker will be able to set another worker’s availability.

Restrict Worker Suggest Lookup- Limit to current user site

Worker will only be able to see other workers on the same site when using the various worker suggest lookups in the system

Restrict Worker Search Results- Limit to current user site

Worker will only be able to see other workers on the same site when using the worker search

Deny access to Workers from other sites

Worker will not be able to access the profiles of other workers whose assigned sites are different from their own.

X

Restrict Master Agency Schedule to worker’s own site

Worker will not be able to view other workers, resources, individuals or events at sites other than their own.

X

Restrict Agency Events View to worker’s own site

Worker will not be able to view events that occurred in other sites other than the worker’s own when viewing the Master Agency Events page.

Deny access to Other Worker’s Profiles

Workers will not be able to view other workers’ profiles.

Limit Access to other workers to current worker’s own site tree

Workers will be limited to viewing (where appropriate) the names and profiles of other workers to those matching their own assigned site and below.

X

Restrict Write Access to the Worker’s Own Profile

Worker will not be able to edit their own worker profile

?

Allow ClientConnect Activation

Worker will be able to send activations to an individual for a new ClientConnect account.

?

Allow ClientConnect Account Management

Worker will be able to modify the status of an individual ClientConnect account.

Search Security Settings

Hide Search Button

Worker will not be able to see / use the Search Engine; All search types are hidden / not accessible

Hide Worker Search on Home Page.

Worker will not be able to see / use the Worker Search

Hide Funder Search

Worker will not be able to see / use the Funder Search

X

Hide Individual Search

Worker will not be able to see / use the Individual Search

X

Hide Case Search

Worker will not be able to see / use the Case Search

X

Hide Service File Search

Worker will not be able to see / use the Service File Search

X

Hide Service Event Search

Worker will not be able to see / use Service Event Search

Hide Indirect Event Search

Worker will not be able to see / use Indirect Event Search

X

Hide Informal Event Search

Worker will not be able to see / use Informal Event Search

Hide Billing Batch Search

Worker will not be able to see / use Billing Batch Search

Hide Billing Deposit Search

Worker will not be able to see / use Billing Deposit Search

Hide Billing Credit Search

Worker will not be able to see / use Billing Credit Search

Hide Billing Debit Search

Worker will not be able to see / use Billing Debit Search

X

Hide Billing EDI Search

Worker will not be able to see / use Billing EDI Search

Hide Invoice Search

Worker will not be able to see / use Invoice Search

X

Hide Billing EOB Search

Worker will not be able to see / use Billing EOB Search

Hide Policy Search

Worker will not be able to see / use Policy Search

X

Hide Blue Book Search

Worker will not be able to see / use Blue Book Search

Billing Information Security Settings

Hide Billing Amounts in Case

Worker will not be able to view the charges for any Service Units

X

Hide Service File Fee Override

Worker will not be able to add a Fee Override for a Service File

X

Hide Service Unit BIlling Adjustment Edit

Worker will not be able to make adjustments to a Service Unit in the Cart, including its FFS individual, patient name (if applicable) and claim amount

X

Deny access to EOB

Worker will not be able to access Explanation of Benefits (EOB) Processes

Deny access to Batch Invoicing

Worker will not be able to access Batch Invoicing. They may however, depending on other security classes, be able to generate invoices from specific Service Events.

X

Allow access to Funder Account Information

Worker will be able to view Funder Account Information and Record payments, Debits or Credits against Funder. They will also be able to Apply Payments to Funder Invoices and Debits

X

Allow access to Individual Account Information

Worker will be able to view Individual Account Information and Record payments, Debits or Credits against Individual. They will also be able to Apply Payments to Invoices and Debits

Deny modifications to the Billing Sequence

Worker will not be able to make modifications to the billing sequence of a service file, event or any specific service units in the cart.

Funder Security Settings

Deny access to Funder

Worker will not be able to access Funder Setup Information

Allow modifications to Funder Information

Worker will be able to modify Funder information

Allow Group Policy Set Up

Worker will be able to set up Group Policies for Funders

X

Allow Public Policy Set Up

Worker will be able to set up Public Policies for Funders

Policy Security Settings

Deny access to Client Policy

Worker will not be able to add/ edit or view a Client Policy

X

Restrict Add Individual Policy

Worker will not be able add any type of Policy for a Client

X

View only for Group Policy

Worker will not be able add or edit a Client’s Group Policy

View only for Public Policy.

Worker will not be able add or edit a Client’s Public Policy

View only for Private Policy.

Worker will not be able add or edit a Client’s Private Policy

Hide Coverage View and Coverage Usage page

Worker will not be able to view a Client’s Coverage or Coverage Use

Case and Service File Security Settings

X

Hide Create Case

Worker will not be able to create a new Case

X

Restrict Intake to assigned Case Services

Intake-Management Worker Group Worker will only be able to access Client Service File information for Case Services to which they are assigned (ie. on their Worker Profile)

Restrict Worker by Site

Notwithstanding other security restrictions, workers will only be able to access records that are associated with their assigned site tree as defined on their worker profile. That is, let’s assume that there are 3 sites set up in Penelope – Site A, B, C and worker Y (who is either Admin-Exec or Intake-Mgmt) is assigned to Site A. If this class is applied to them and notwithstanding other classes in effect, they will only be able to view records which are assigned to site A. Records from other site trees will be ‘invisible’ to them when searching or viewing the Agency Appointments screen.

X

Restrict Service File access to Assigned Workers

Worker will not be able access the specific Service File unless they are one of the Assigned Workers to that Service File

Allow Worker to Access their Subordinate Workers’ Service Files

Each Worker’s profile includes a ‘Reports to’ field. In this context, Workers who report to you are considered your ‘Subordinates’. With this security rule and notwithstanding other rules that may be in effect, Intake-Mgmt and Administrative-Executive workers will be able to access any Case (and Service File) for which one of their subordinates is assigned as a Worker. This rule takes precedence over the ‘Restrict Worker by Site’ and ‘Restrict Intake to Assigned Case Services’ rules.

X

Restrict Service File display on Case Page to Assigned Services

Notwithstanding other security restrictions, workers will only be able to see service files that are associated with their assigned services. That is, let’s assume that there are 3 case services A, B, and C and the Worker is assigned to A and B. If the worker accesses a case where with 3 service files A, B and C, they would only be able to service file A and B, service file C would be hidden.

X

Restrict Service File display to assigned Workers

Notwithstanding other security restrictions, Workers will not be able see a specific Service File unless they are one of the assigned Workers on that Service File. That is, let’s assume that there are 2 Cases (A and B) with the same Service File (but different presenting Individuals) in each Case. The Worker is only assigned as a Worker to Service File B in Case B. If the Worker accesses Case A, they would not see a Service File (even though they are assigned to that Case Service) as it has been hidden. If the Worker accesses Case B, they would see Service File B, as they are an assigned Worker on that Service File.

Allow display of secured Case Service

Notwithstanding other security restrictions, Workers will be able to see secured Case Service Service Files.

X

Restrict Service File display of secured Service Files to assigned Workers

Notwithstanding other security restrictions, Workers will not be able see a secured Service File unless they are one of the assigned Workers to that Service File. That is, let’s assume that there are 2 Cases (A and B) with the same secured Service File (but different presenting Individuals) in each Case. The Worker is only assigned as a Worker to Service File B in Case B. If the worker accesses Case A, they would not see a Service File (even though they are assigned to that secured Case Service) as it has been hidden. If the worker accesses Case B, they would see the secured Service File B, as they are an assigned worker on that file.

Allow a Worker to mark a Case Service as secure

Worker will be able to secure a Case Service.

X

Hide Create Service File

Worker will not be able to add a new Service File

X

Deny Access to Closed Service Files

Worker will not have any access to a closed Service File even if they were one of the Assigned Workers.

X

Mask SSN/SIN on Client Profile and Search Page.

Worker will not be able to see a Client’s SSN/ SIN

Allow Clinical Worker access to legacy action documents

Clinical-level workers in this class will be able to view legacy action documents created for a case file they have access to.

Allow for Adding any Clinical-Based Worker as Other to Service Files

Workers will be able to add any clinical based worker as an ‘other’ worker on existing service files via the ‘Show All’ box, regardless of other security restrictions which may be in effect.

Event Security Settings

X

Allow Access to Service Events for Event Attendees

Worker will be able to access any Service Events that they have been added to as an Attendee, regardless of whether they are assigned to the Service File in any way. This security class takes precedence over the ‘Restrict Access to Service Files to Assigned Workers’ class.

Allow Manager Access to Note field in Service Events attended by subordinate Workers

Worker will be able to view Service Event notes for all Service Files where their Subordinates (defined by the ‘report to’ field on their Worker Profile) are currently assigned as a Worker for that Service File.

X

Hide Event Notes if not directly Assigned to Service File

Worker will only be able to view Service Event notes if they are currently assigned as a Worker for that Service File. Note that this only applies to intake workers; Clinical workers do not have access to event notes unless they are directly assigned to the service

X

Restrict Reschedule to Only Own Service Events

Only the workers involved in a Service Event will be permitted to reschedule it using the ‘reschedule’ link.

Restrict Reschedule to only Service Events at their own Site

Worker will only be able to reschedule a Service Event that is occurring at their ‘home’ Site (using the ‘reschedule’ link).

Restrict Ability to Cancel to Only Own Service Events

Only the workers involved in a Service Event will be permitted to cancel it.

Restrict Ability to Cancel only Service Events at their own Site

Worker will only be able to cancel a Service Event that is occurring at their ‘home’ Site.

Restrict Workers to only Book other workers from their own Site

Worker will only be able to schedule other workers from their own ‘home’ Site.

Restrict Workers to only Schedule Events at their Own Site

Worker will only be able to schedule Events at their own ‘home’ site

Deny Access to Returns/Recoveries in Case Events

Worker will not be able to enter amounts for Returns and Recovery at the event/cart level. This setting does not extend to the EOB level.

Deny Access to Indirect Events

Workers will not be able to access indirect events in the system. This includes the ability to book new indirect events and access to view existing ones, regardless of if they are an attendee or had previously scheduled the event themselves.

Document Security Settings

X

Restrict Worker from Deleting Completed Documents

Worker will not be able to delete completed Documents or Document Revisions. NOTE: this excludes Document previews

X

Deny Access to Case Documents

Worker will not be able to access Case Documents. This may be useful if you want to prevent Admin staff from accessing documents

X

Deny Access to Service File Documents

Worker will not be able to access Service File Documents. This may be useful if you want to prevent Admin staff from accessing documents

X

Restrict Access to Documents in Service File Page to assigned workers only

Workers will not be able to access the “Document” sliding sidebar on the Service File Page if they are not directly assigned to that service file.

X

Deny Access to Service Event Documents

Worker will not be able to access Service Event Documents. This may be useful if you want to prevent Admin staff from accessing documents

X

Restrict Access to Documents in Service Event Page to assigned workers only

Workers will not be able to access the “Document” sliding sidebar on the Service Event Page if they are not directly assigned to its parent service file.

X

Deny Access to Individual Documents

Worker will not be able to access Individual Documents; This may be useful if you want to prevent Admin staff from accessing documents

X

Deny Access to Worker Documents

Worker will not be able to access Worker Documents

X

Deny Access to Case Service Documents

Worker will not be able to access Case Service Documents; This may be useful if you want to prevent Admin staff from accessing documents

X

Deny Access to Informal Service Documents

Worker will not be able to access Informal Service Documents; This may be useful if you want to prevent Admin staff from accessing documents

X

Deny Access to Informal Series Documents

Worker will not be able to access Informal Series Documents; This may be useful if you want to prevent Admin staff from accessing documents

X

Deny Access to Group Documents

Worker will not be able to access Group Documents; This may be useful if you want to prevent Admin staff from accessing documents

X

Deny Access to Group Event Documents

Worker will not be able to access Group Event Documents; This may be useful if you want to prevent Admin staff from accessing documents

Deny Access to Funder Documents

Worker will not be able to access Funder Documents

X

Deny Access to Anonymous Service Documents

Worker will not be able to access Anonymous Service Documents; This may be useful if you want to prevent Admin staff from accessing documents

Deny Access to Indirect Event Documents

Worker will not be able to access Indirect Event Documents

X

Deny Access to Referral Entry Documents

Worker will not be able to access Referral Entry Documents – useful if you want to prevent Admin staff from accessing documents

X

Deny Access to Blue Book Entry Documents

Worker will not be able to access Blue Book Entry Documents – useful if you want to prevent Admin staff from accessing documents

X

Deny Access to Informal Event Documents

Worker will not be able to access Informal Event Documents – useful if you want to prevent Admin staff from accessing documents

X

Deny Access to Outcomes Assessments

Worker will not be able to access Outcomes Assessments

X

Deny Add to Outcomes Assessments

Worker will not be able to add Outcomes Assessments

Informal Service Security Settings

X

Deny Access to Informal Services

Worker will not be able to access the Informal Services section of Penelope

Allow Access to All Secure Informal Series

When switched on, this setting allows the worker to have view and edit privileges to all secure informal series and associated events in the system. NOTE: in order for this setting to be effective, the ‘Deny Access to Informal Services’ security setting MUST BE UNCHECKED.

Setup Security Settings

Allow Access to Services Set Up

Worker will be able to add / edit Case Services

Allow Access to Service Units Set Up

Worker will be able to add / edit Service Units and Unit of Measures

Allow access to Document Set Up

Worker will be able to add / edit Documents, Questions and Sections

Allow access to Resource Set Up

Worker will be to add/ edit Resources

Allow access to Worker Category Set Up

Worker will be able to add/ edit Worker Categories

Report Security Settings

Deny access to Main Reports Page

Worker will not be able to access the Main Reports Page. The only reports they will be able to access are the ones embedded in the areas of Penelope in which they otherwise have permission to view (eg. Case reports, Case Load Roster etc).

X

Hide Individual Reports section of main Reports Page

Worker will not be able to view reports in the Individual Reports section of the main reports page

X

Hide Worker Reports section of main Reports Page

Worker will not be able to view reports in the Worker Reports section of the main reports page

Hide Funder Reports section of main Reports Page

Worker will not be able to view reports in the Funder Reports section of the main reports page

X

Hide Anonymous Reports section of main Reports Page

Worker will not be able to view reports in the Anonymous Reports section of the main reports page

X

Hide Informal Reports section of main Reports Page

Worker will not be able to view reports in the Informal Reports section of the main reports page

X

Hide Pre-Enrollment Reports section of main Reports Page

Worker will not be able to view reports in the Pre-Enrollment Reports section of the main reports page

X

Hide Survey Reports section of main Reports Page

Worker will not be able to view reports in the Survey Reports section of the main reports page

X

Hide Document Reports section of main Reports Page

Worker will not be able to view reports in the Document Reports section of the main reports page

X

Hide Schedule Reports section of main Reports Page

Worker will not be able to view reports in the Schedule Reports section of the main reports page

X

Hide Case Service Reports section of main Reports Page

Worker will not be able to view reports in the Case Service Reports section of the main reports page

X

Hide Service Reports section of main Reports Page

Worker will not be able to view reports in the Service Reports section of the main reports page

X

Hide Service Event Reports section of main Reports Page

Worker will not be able to view reports in the Service Reports section of the main reports page

Hide Service Unit Reports section of main Reports Page

Worker will not be able to view reports in the Service Unit Reports section of the main reports page

X

Hide Engage Reports section of main Reports Page

Worker will not be able to view reports in the Engage Reports section of the main reports page

Hide Account Balance Reports section of main Reports Page

Worker will not be able to view reports in the Account Balance Reports section of the main reports page

Hide Billing Reports section of main Reports Page

Worker will not be able to view reports in the Billing Reports section of the main reports page

Hide Policy Reports section of main Reports Page

Worker will not be able to view reports in the Policy Reports section of the main reports page

?

Hide DSS Reports

Worker will not be able to view DSS Reports section of the main reports page

?

Hide NDIS Reports

Worker will not be able to view NDIS reports section of the main reports page.

Attachment Security Settings

X

Deny Access to Attachments in Service Event Page

Workers will not be able to access the “Attachments” sliding sidebar on the Service Event Page.

X

Restrict Access to Attachments in Service Event Page to assigned workers only

Workers will not be able to access the “Attachments” sliding sidebar on the Service Event Page if they are not directly assigned to its parent service file.

X

Deny Access to Attachments in Service File Page

Workers will not be able to access the “Attachments” sliding sidebar on the Service File Page.

X

Restrict Access to Attachments in Service File Page to assigned workers only

Workers will not be able to access the “Attachments” sliding sidebar on the Service File Page if they are not directly assigned to that service file.

X

Restrict Worker from Deleting an Attachment

Workers will not be able to delete an attachment.

PCEHR Security Settings

Allow viewing of IHI numbers

Workers will be able to view IHI numbers

*The Security Class Rules listed above are accurate as of Penelope version 4.16.2.0.

More Security Class Examples

For more examples of role-based Security Classes click here.

Did this answer your question?