You may wish for a data entry person to be able to add and edit information about our trainees related to:
- Enrolments (without access to edit the AVETMISS values of an enrolment once it is created)
Note that they are not to be allowed Delete access to anything.
They should have view only access to:
- Configuration Manager, and all items that are set up there
- Qualifications and Units
They do not need access at all to:
- Government reporting
- System reports or custom reports
- Short Courses
Create the Role
As this role is to have a fairly complex set of permissions, it is probably best to create the role from scratch (rather than duplicating an existing role), and then work through each feature carefully to ensure we give the correct permissions.
To create a new role, right click on the VETtrak heading and select Add role.
Give the new role a name, and leave the "read only" box unticked, as this role is able to make changes to data.
Set the Features That This Role Can Access
When a new role is created in this way, it will automatically have full access to all core VETtrak functions, but no access at all to any of the extra features. As we do want the data entry person to be able to enter data relating to some of these extra features, we need to edit their feature list, and add access to the relevant features.
From the list of permissions above that you want your Data Entry person to have, in this wizard you will need to add the following features:
- Event Management
- Trainee Management (but not Trainee Profiles)
As you do not want them having any access at all to financial information, reports or security, leave those items unticked.
Set the Permissions
Your role now has access to all things you wish for them to be able to see, but access to the Edit, Add and Delete options for everything is still available, which in many cases is not what you may want. Next steps would be to work your way carefully down the tree, and set the appropriate permissions for each item.
The first step, as we have determined that these users are not allowed to delete anything, is to remove Delete access to all aspects of VETtrak. You can do this quickly and easily by right-clicking on the VETtrak node, and selecting Deny all > Delete access.
If you now start by expanding the Awards node, you can see that this role currently has all but Delete access to everything relating to awards:
As this is not what you want, you will require to reduce this to View access only for all items. The easiest way to do this, is to use the Deny all option against the Awards node itself. As removing View access also removes all other permissions for that item, the quickest way to remove all but View access is to first right-click on the Awards node and select Deny all > View access.
Then right-click again, and select Grant all > View access.
The role now has View access only to all aspects of awards:
WARNING: Note that there is a view-only item under awards, which only have one level of access. For the Award Register this is not an issue, as the register only allows you to view awards in a reviewing capacity.
Our final Awards permissions will now look like this:
Compliance (Government Reporting)
The next items in your tree are all the Compliance features, which give access to the various government reporting requirements. You may not want your data entry person to have any access to government reporting, so right-click on each of these nodes and select Deny all > View access.
Next, expand the Configuration node, to view the following:
Your data entry person should not be able to change any configuration information, so remove all but View access from all these items. There are also two things here that you may wish to restrict access to - these are the following options:
- Run database backups
- Make any changes to VETtrak's global preferences
As both of these are view-only features, we need only deny view access to these two items.
As with Awards above, the easiest way is to right-click on the Configuration heading and select Deny all > View access, then Grant all > View access. But as this still leaves these users with access to backups and global preferences, you now need only remove View access from these two individual items.
Your role now has View access to all Configuration items except Backups and Global Preferences.
You may also wish to restrict your data entry people from having any access at all to correspondence, so simply right-click on Correspondence, and select Deny all > View access.
This role may require to be able to add and edit employers and their contact people, but not delete them. No access should be allowed to set up new employer types, or edit or delete existing ones, so you will require to limit them to View access for Employer Types.
As you have already removed all Delete access in first step above, your Employer permissions currently look like this:
All that is required to do here is to remove all but View access to Employer Types. As described above, do this by first removing all access to Employer Types (by removing View access) , and then right-clicking again to add View access only back in.
Now your role can view, edit and add employers and their contacts, but not delete them. It can also view employer types, but not add, change, or delete them.
If you now expand the Enrolments node, you can see that it contains a lot of items, but most of these are setup items that a data entry person would not require access to. The only items that this role should be able to change are Enrolments themselves, and Enrolled Units. Everything else here should only have View access.
As most items are to have View access only, you can again turn everything off for all items as prior for Awards - by denying all View access (to turn everything off), and then granting all View access.
Now simply go back to the items that Data Entry users are able to change, and grant them Edit and Add access to these.
Note that although your data entry people are able to add and edit enrolments, they do not have permission to edit the AVETMISS values of an enrolment once it is created. This means that in addition to the Edit AVETMISS values item not being available in the right-click menu against an enrolment, certain fields in the Enrolment Wizard will be disabled when they are editing an existing enrolment:
This role is not able to change the qualification or location of an enrolment after it has been created.
This role is not able to change anything on the AVETMISS page of an enrolment after it has been created.
Our data entry people are allowed to do anything with all aspects of groups except delete them. As you already removed Delete access from everything in the first step, you will not need to do anything here.
As with enrolments, this role should be be able to add and edit the clients themselves, but only to view the other items in the list. So again, go to Deny all > View access, then Grant all > View access, then grant Edit and Add permission for the Client item only.
To remove access to reports entirely, choose Deny all > View access against the top-level Reports node.
Under Results, you may want your role to be able to use the Results Manager, view Result Types, and have everything except Delete access for Unit / Element Results. To do this:
- Leave Record Results Manager as it is with View access (as this an view-only item)
- Remove all but View access for Result Type Setup (by unticking Edit access and Add access).
This will result in a robust, data-entry only role for a VETtrak user. You can then assign your Staff Member to the role, and their access is complete.