In a database, security is key but is should be kept simple.
Security needs to be simple to insure that more than one person understands your security setup and can make updates and changes when necessary. Obviously a complicated security setup - will require a comprehensive set of notes or a security document that outlines the setup.
FAMCare is set up with base groups, ADMIN, System Admin, Case Worker, Accounting…… Do not get lost in the terms, but rather try to understand the concept of security.
Major Rule: Do not overcomplicate things because of an incessant need to change the names
In many cases - there are some folks who feel a need to change the security names because the current name does not fit their staff’s job description. Changing these to match terms is not only a waste of time, it will make more work in the future. On the other hand - at times there are other folks who want to add all new groups to the system to match some type of naming convention. Either way you are taking work that our team has done to make the FAMCare security setup simple and are making it more complicated because of verbiage.
Tips to think of when thinking of security and/or before you decide to add new groups to your system:
- Use the base system security groups (out of the box) and review the security documentation to these base forms. We've set this up for you so you do not have to. There are HR and User Id dropdowns and values in the system that limit a users functionality based on these names/roles. If you change the names, you have to change the form. The system admin is going to be the only person seeing this groups.
- When adding new groups - you essentially need to go to each of the forms in the system and update security access for those forms, so be judicious. Don't give yourself more to do without first getting a good understanding for existing security groups.
- You will have to create documentation for all of your new groups and define the access for each group on each form.
- In almost all cases, the system admin will look at the security groups on start-up but after you go live, they are rarely viewed. Why change something that in most cases you are only going to see for a week or two?
When to add a new group…?
- When there is a unique security issue where you have to keep a record confidential for legal reasons.
- When you've added a new program where there are different stages of approval to process and complete a workflow.
SUGGESTIONS FOR OUR TEAM?
In writing this blog post, and thinking outside of the box, would it help if these terms were configurable from the front end so the System Admin can relabel them without affecting the security? If so let us know.