Skip to content

Notes Security - From Global Setup, Note Type to Supervisory Relationship

Q - We are in the process of trying to clean up the system as we go along.  One thing I can't seem to locate online is how to delete a note. It was created by another user but is no longer valid. It says I don't have permissions to delete the note. I went into setup, but didn't see anything that pertained to the above topic. Do you have some sort of document I can review?

A - Notes security is controlled by several setup areas in Elliott:
  • Global Setup
  • Note Type Setup
  • Supervisory Relationship

Global Setup

By default, the users who create the note have full rights to that note. The user SUPERVISOR will have full rights to any note regardless of who created the note in the first place.  In addition, in Elliott Global Setup -> System -> Note Function, you can specify up to three additional note supervisors.  See sample screen below:


Note Type Setup

If you wish to protect a note, then you will assign a proper Note Type for that note.  The following is an example of a Note Type "CRCARD." It is created to store credit card  information.  There are three shareable flags in Note Type Setup:
  • Shareable For Read
  • Shareable For Change
  • Shareable For Delete
The default value for these three flags is "Y."  For this example of the CRCARD Note Type, since credit card information is sensitive, we do not want other users to view, change or delete it.  Therefore, we answer "N" to all three flags in the following example.


Just FYI, this example may be somewhat misleading because we don't recommend that users store credit card information in notes even after applying Note Type security.  Credit card information, if you should decide to save it in the Elliott database, should be saved in eContact -- where the credit card number will be encrypted and is much more secure.

We are using this as an example to show you the purpose of the shareable flags in note type.  Keep in mind that assigning the proper Note Type is critical to establishing note security.  If you assign a note type with all shareable flags set to "Y" (which is the default,) then there's no security control on that note.  It is the same as when there's no Note Type assigned to a note.  Everyone can view, change or delete that note regardless of who created the note in the first place.

Supervisory Relationship

Once a user assigns a secure Note Type to a note, then other users are excluded from that note. The three supervisors assigned in Global Setup will still be able to access that note.  In some situations, the three supervisors are not enough.  For example, you have an accounts receivable department consisting of one credit manager and two collectors who report to the credit manager.  The credit manager is not part of the three supervisors.  Therefore, if a collector creates a CRCARD note like the above example, then the credit manager can't view, change or delete that note.  Obviously, we should let the credit manager see this note because he/she is the supervisor of the collector who created the note.

To resolve this issue, you should go to Elliott Main Menu -> Util-Setup -> Password Setup -> Global Security -> Supervisor Relationship. Define your company hierarchy relationship.  In the following example, user EMK is the supervisor of user ANTHONY, CLAYTON, ROGER, LANDY and RRL:



The supervisor relationship is hierarchical.  For example, if user ROGER is the supervisor of user WNH, and EMK is the supervisor of ROGER, then user EMK is the implied supervisor of WNH.

Supervisor hierarchical relationships can be recursive.  For example, while user EMK is the supervisor of ROGER.  User ROGER can also be the supervisor of user EMK and the system allows that.  This can be useful when user EMK and ROGER trust each other in regard to their notes. If you have a work group where all member trusts each other with regard to their notes, you can use this feature.

EMK

Feedback and Knowledge Base