Security Manager problem

Lance Bateman · May 18, 2011, 08:57:20 PM

Okay - remember that I had nothing to do with the setups of security manager here, and apparently no one is here that was involved.

The setup is extremely convoluted, and some month when I have the time, I'll want to totally redo it.

Problem - CSRs have pretty extensive rights for activities, except to delete them. The can't revise "closed", but they can "open". Watching them, it appears they can re-open a closed one. However, on any open or closed one, they aren't able to modify the description once it was already entered (and they need to related to our imaging set up). There are no other restrictions in the CSR Group on activities.

However - it appears they are members of about 15 groups, most of which appear ridiculous, and I'm concerned there may be a problem with inheritance.

Any thoughts on how to fix this so they can modify the description line on an open or closed activity? (Need to add an * when attaching the image).

brinkerdana · May 18, 2011, 10:48:16 PM

Know you were on Vision for while and there were changes to Activities where you could go back in and add information without changing the original. However, some agencies didn't like not being able to search based on later input and blocked the ability to change them in Security.

Sounds like another "fun" project, Lance!

As a CSR, I NEED to be able to change the description line. For example: CHGR Add 2011 Chev Pickup #54321 instead of it reading "Change Request".

Good luck!

Jeff Zylstra · May 19, 2011, 09:03:44 AM

My understanding was that you can change the description line until you close the activity. Is that incorrect?

Also, the newer versions of activities in 10.0 are designed to append further updates to that activity with time and date stamping. I've always thought that all of the activity was searchable. Now you have me worried!

Jan Regnier · May 19, 2011, 09:51:46 AM

We can revise the description on closed activities (OPTIONS/ACTIVITY DETAIL)- not the activity itself though - can add to it but not amend what is already there.

Security setting for us:

CANNNOT: Delete Closed, Delete Open

CAN: Add, Print, Revise Closed, Revise Close Limited, Revise Open, Revise Open Limited, View

Lance Bateman · May 19, 2011, 01:58:41 PM

Thanks Jan. I'll add the "revise closed" and see if that helps. Otherwise - it's the dreaded track down inheritance problems with the multitude of wacky "groups" that were set up.

Charlie Charbonneau · May 19, 2011, 02:36:59 PM

Might it be easier to create new groups with your guidelines and move access over to the new groups once they are set to your liking? I know this may be recreating the wheel, but at least you'd know who had what?

brinkerdana · May 19, 2011, 08:42:04 PM

Agree with Charlie. With the mess you're facing, it's probably just easier to start from scratch.

Lance Bateman · May 20, 2011, 01:52:24 PM

Jan's suggestion resolved the problem. (Putting off the full redo as long as I can I guess - at least until after I know that "WTF May 21 cr**" is over???). Hey, it's a good excuse?

Robin Deatherage · May 24, 2011, 09:50:37 AM

Hi Lance. I know this is going to be more than you were looking for right now but one of the topics from our chapter meeting last week was about Security Manager. When you are ready to try and tackle this project, the recommendation is to:

1. Create new groups, 2. Grant rights to each group, 3. Add existing users to the new groups, 4. Remove existing rights and groups from all users. (No user should have individual rights, they should all be inherited from a group they are a member of. Since #4 is the only one that actually effects production you can work on the others as time permits.

To start, it is recommended that you print out the entire tree of what's available and give it to the owner, and all dept managers and let them decide what access their people need (you probably need to have meetings with them to discuss and answer questions).

Once they give that back to you then you can see what groups you need to create. Which will probably be several major groups such as CSR, Producer, Accounting, Claims, etc. These major groups should have the bulk of the permissions.

Then you will have some minor groups which might be Night Utilities, Close Day, Download, HIPAA, Claim Reports, etc. Each of the minor groups should have access to only the items needed to do the one specific task it is intended for. So if you have a CSR who also runs Close Day, that CSR should be in the CSR group (where they will get the majority of their permissions) and the Close Day group. That CSR may be the only one in the Close Day group, just depends on your agency.

Once you are done you should save a pdf file of each groups security with a copy on the network and burn a copy to a cd kept offsite. If you have to recreate the security manager later it will be invaluable. Does any of this help?

Lance Bateman · May 24, 2011, 01:12:20 PM

Yep, Robin, have gone through all that before at another agency. I know what steps have to be done, just really putting it off at this point as much as possible, trying to make current setup work (Jan's suggestion did resolve the question I started this one about).

If you've seen my prior postings regarding issues I walked into here, you'll know this is just one of MANY items going on a priority list.

Robin Deatherage · May 24, 2011, 04:03:29 PM

Quote from: Lance Bateman on May 24, 2011, 01:12:20 PM
Yep, Robin, have gone through all that before at another agency. I know what steps have to be done, just really putting it off at this point as much as possible, trying to make current setup work (Jan's suggestion did resolve the question I started this one about).

If you've seen my prior postings regarding issues I walked into here, you'll know this is just one of MANY items going on a priority list.

I should have known you were already experienced on this.

Lance Bateman · May 24, 2011, 05:11:33 PM

But the reminder never hurts, Robin. Also, put "and frustrated" next to the "experienced"

Quote from: Robin Deatherage on May 24, 2011, 04:03:29 PM
Quote from: Lance Bateman on May 24, 2011, 01:12:20 PM
Yep, Robin, have gone through all that before at another agency. I know what steps have to be done, just really putting it off at this point as much as possible, trying to make current setup work (Jan's suggestion did resolve the question I started this one about).

If you've seen my prior postings regarding issues I walked into here, you'll know this is just one of MANY items going on a priority list.
I should have known you were already experienced on this.

Security Manager problem

Lance Bateman

brinkerdana

Jeff Zylstra

Jan Regnier

Lance Bateman

Charlie Charbonneau

brinkerdana

Lance Bateman

Robin Deatherage

Lance Bateman

Robin Deatherage

Lance Bateman