A - Notes security is controlled by several setup areas in Elliott:
- Global Setup
- Note Type Setup
- Supervisory Relationship
Global SetupBy default, the users who create the note have full rights to that note. The user SUPERVISOR will have full rights to any note regardless of who created the note in the first place. In addition, in Elliott Global Setup -> System -> Note Function, you can specify up to three additional note supervisors. See sample screen below:
Note Type SetupIf you wish to protect a note, then you will assign a proper Note Type for that note. The following is an example of a Note Type "CRCARD." It is created to store credit card information. There are three shareable flags in Note Type Setup:
- Shareable For Read
- Shareable For Change
- Shareable For Delete
Just FYI, this example may be somewhat misleading because we don't recommend that users store credit card information in notes even after applying Note Type security. Credit card information, if you should decide to save it in the Elliott database, should be saved in eContact -- where the credit card number will be encrypted and is much more secure.
We are using this as an example to show you the purpose of the shareable flags in note type. Keep in mind that assigning the proper Note Type is critical to establishing note security. If you assign a note type with all shareable flags set to "Y" (which is the default,) then there's no security control on that note. It is the same as when there's no Note Type assigned to a note. Everyone can view, change or delete that note regardless of who created the note in the first place.
Supervisory RelationshipOnce a user assigns a secure Note Type to a note, then other users are excluded from that note. The three supervisors assigned in Global Setup will still be able to access that note. In some situations, the three supervisors are not enough. For example, you have an accounts receivable department consisting of one credit manager and two collectors who report to the credit manager. The credit manager is not part of the three supervisors. Therefore, if a collector creates a CRCARD note like the above example, then the credit manager can't view, change or delete that note. Obviously, we should let the credit manager see this note because he/she is the supervisor of the collector who created the note.
To resolve this issue, you should go to Elliott Main Menu -> Util-Setup -> Password Setup -> Global Security -> Supervisor Relationship. Define your company hierarchy relationship. In the following example, user EMK is the supervisor of user ANTHONY, CLAYTON, ROGER, LANDY and RRL:
The supervisor relationship is hierarchical. For example, if user ROGER is the supervisor of user WNH, and EMK is the supervisor of ROGER, then user EMK is the implied supervisor of WNH.
Supervisor hierarchical relationships can be recursive. For example, while user EMK is the supervisor of ROGER. User ROGER can also be the supervisor of user EMK and the system allows that. This can be useful when user EMK and ROGER trust each other in regard to their notes. If you have a work group where all member trusts each other with regard to their notes, you can use this feature.