A fund's financial information is considered confidential and must be closely protected from unauthorized access, modification, and disclosure. Staff members, however, need visibility and access to the funds they work with so that they can accomplish tasks within the scope of their work responsibilities. Access, however, should be appropriately safeguarded and granted to staff on a "need to know" basis only.
Administrator Responsibilities
Each organization has at least one individual who is designated as the organization administrator. The administrator is the primary custodian of the organization's funds. He or she has the highest set of permissions of any user, which allow access to all funds. The funds are listed on the Fund Management page.
The organization administrator bears the responsibility for delegating stewardship of the organization's funds to its staff members. He or she assigns permissions to enable staff access only to those funds that suit their work role. To keep confidential data secure, the organization administrator also determines the type (or degree) of access a staff member has to all of the funds he or she is granted access to. The administrator has full access to every fund and the ability to grant full access to other staff members.
Each staff member's ability to view, access, or modify data in the Offering module is based on specific access rights assigned by the organization administrator. These rights are stored in the database and tied to the staff member's username and password. The application uses the staff member's login credentials to authenticate the staff member and to allow access.
For each staff member, the organization administrator (or someone with organization administrator privileges) manages the type of access in the Administration module, a component in the ParishSOFT Family Suite used to set access rights.
It is important to understand that, when access levels are set for a given staff member, they apply globally to all funds the staff member is given access to. For example, if a staff member is granted View + Add/Edit access rights, those rights apply across the board to all funds the organization administrator grants the staff member access to.
Fund-related tasks are limited to staff members who have specific types of access. Such restrictions ensure the security and protect the confidentiality of fund data. Granting access rights to each staff member should be based on two factors: 1) whether the staff member has a legitimate need for the type of access and 2) whether the staff member has the necessary knowledge and skill to use the access rights without causing harm to the system.
The following table lists and defines the specific rights of access that an administrator can grant to staff members. Note that each setting is independent and restricted in scope. Therefore, to give a staff member the rights or privileges they require, you will probably need to select multiple settings (refer to the Permission Logic column in the table). For example, to delete a pledge or a batch, a staff member also needs to be able to view the fund. Therefore, in addition to granting Delete access, he or she must also be assigned View access (View + Delete).
|
Access Right Setting |
Description |
Permission Logic |
| View |
Allows the staff member to view a list of batches, pledges, and contributions associated with the funds for which fund permission is granted. If a user does not have permissions for a fund, that fund does not appear in any of the lists and menus. |
View |
| Add/Edit |
Allows the staff member to add and change the details of any batch, pledge, and contribution associated with the funds for which fund permission is granted. |
View + Add/Edit |
| Close Batch |
Allows the staff member to close batches associated with the funds for which fund permission is granted. |
View + Close Batch |
| Delete |
Allows the staff member to delete any batch, pledge, and contribution associated with the funds for which fund permission is granted. |
View + Delete |
| Giving History |
Allows the staff member to view donors' giving history for the funds for which fund permission is granted. |
View + View Giving History |
| Import |
Allows the staff member to import contributions and pledges from Online Giving and from non-ParishSOFT systems into the funds for which fund permission is granted. |
View + Import |
|
Allows the staff member to print and export reports associated with the funds for which fund permission is granted. |
View + Print |
If a staff member does not have a particular access right assigned, the application blocks access by disabling the associated button control or hiding the element or area of the application. For example, if a user is not granted Delete access rights, the Delete button is dimmed throughout the application, preventing the user from deleting batches, pledges, and contributions. Similarly, because only users with organization administrator privileges are permitted to view the Fund Management page, the page itself is hidden from unauthorized users.
Granting types of access is only one aspect of safeguarding and protecting a fund's sensitive information. The administrator must also give each staff member permission to access the funds he or she needs to work with.
The administrator assigns and manages fund permissions within the Offering module (under Fund Permissions on the Fund Management page). For instructions on how to set fund permissions, see How to Assign Fund Permissions to Your Staff.
About the Fund Management Page
How to Assign Fund Permissions to Your Staff