DonorPro provides controls so that front line workers who have access to constituent information will not also have access to managers’ or board members’ constituent records. Even innocuous information such as address and phone number are not available to just anyone who has Constituent access.
Both the Access Level and Security Level fields allow numeric entries from 0 to 99. 1 is the default security level for new users. In order to access a constituent's record, you must have a Security Level greater than the Access Level of the constituent whose record they are trying to access. The admin ID has a Security Level of 100. This ensures that at least one user is always able to access IDs set to the maximum of 99.
Your organization will likely assign your HR manager and senior managers the highest Security Levels. Likewise, these same people will likely have their Constituent Access Levels set high so that only higher level managers can access their records.
Another security concern addressed with DonorPro is direct report control. For example, assume that Joan is a manager with a Security Level of 50. She can access all constituent records with an Access Level below 50. The problem is not every constituent with an Access Level below 50 works for Joan. Without further restrictions, she could view employee and volunteer details of employees who work for other managers. To prevent this, access to the Employee and Volunteer categories of the Constituent Explorer is limited to the direct supervisor of that Employee or Volunteer.
Finally, one or more people in your organization – such as the lead HR manager and the Executive Director or CEO – will need to see employee and volunteer records, even if those constituents do not report directly to them. This is addressed by assigning a Task-Related Permission of All-Employee Access and All-Volunteer Access. User ID's that have these permissions will have access to all Employee and/or Volunteer categories, regardless of whether or not that constituent is a direct report.
Note that users with these permissions will still need permissions to access more detailed associate information. In other words, All-Employee Access will enable you to select the Employee category of the constituent explorer, but once you're on the Employee category, you will also need permissions to get into each tab that is available on the Employee category. For instance, if you want to give the office administrator access to all employee emergency contacts, you can give him or her All-Employee Access permission, but then only assign him or her Emergency Contact Read permission. He or she can now select every employee’s Employee category, but will only then be able to select the Emergency tab within the employee category – not Payroll, Details, or any other tab.