Adding New Users
The process for initially adding new users to your system is covered in this brief video.
Password Complexity & Expiry Requirements
Administrators may specify password auto-expiry days for all user passwords (except for auto-login Kiosks). This feature is available with Gnosis version 1.2.910 and later.
Additionally, user passwords may have complexity requirements specified. The complexity requirements consist of one or more of:
- The minimum password length
- The minimum number of Uppercase Alpha (A..Z) characters required
- The minimum number of Lowercase Alpha (a..z) characters required
- The minimum number of Special (!@#$_-+=) characters required
These options can be set in the User Administration dialog (Settings | Administration | User Management) in the "Security Settings" tab.
To meet HIPAA standards (if appropriate in your system), the expiry and complexity features must be enabled.
Fine Tuning Access Control
Gnosis user access is managed by an administrative user through User Group assignment and access control levels (ACLs). ACL settings can be managed at the group level or individually, allowing you to grant any combination of system access to your users. Proper group assignment will generally provide the necessary access for the different users in your system. However, if a user receives a system message that they do not have permission to proceed in a certain area, group, and or individual ACLs may need to be set for them.
Create new users and assign them to at least one User Group as shown in the training video above.
If you need to adjust the ACLs assigned to a group or user, refer to the training video above on how to manage system ACLs. The table below provides a brief description of the purpose of each ACL.
- Read/Write access allows the person to access and edit data.
- Administrative access allows the user to manage settings in addition to editing data.
If you have edited permissions for an existing user, the user must log out and back in to gain the new access.
|Access Description/Name||Access Provided|
Function Access ACLs
|General Database Access||Allows a user to log in to access the system.|
|System Administration||Access to the system administration area and various system-level settings throughout the system.|
|Person/Household Data Management||Access person records and associated data|
|Organization Data Management||Access organization records and associated data|
|Communications Management||Access the Communications Module|
|Recipient Group Access||Create and edit Communications Recipient Groups|
|Document Template Access||Access Document Templates in the communications area|
|User Administration||Create and edit system users, including groups and ACLs|
|Reporting Access||Access the reporting module and the various areas where reporting is available|
|Attribute Management||Access attributes/attribute tabs in person and organization records|
|Reference Data Management||Access Reference Data lists|
|Update Org. Level Preferences||Allows editing of the Organization level preferences in preferences & settings area.|
|Update Group Level Settings||Allows editing of the Group level preferences in preferences & settings area for the primary group of the user.|
|System Job Scheduler Access||Allows access to schedule reports and communications|
|Contribution Management||Allows access to gifts in Contribution Entry|
|Event Management - Event Approver||This ACL is required to make events "Active" in event management|
|Subscription Management Rights||Create and edit and subscription types and options|
|NO ACCESS (Mstr Admin)||<For use only by Gnosis support>|
|Private Records Access||[not for general use]|
|Bypass Data Validation||Used for systems that have enforced data validation for setting some person fields as required. Allows a user to override those settings|
|Impersonation Person on Web Portal||Allows the user to access the "Login to Website as This Person" function; See also Financial Systems Access below|
|Person Status Indicator Access||Makes person status indicators visible|
|Web Page Template Edit Access||[not for general use]|
|Contact Management||Access Contact Management notes (also may require one of the ACL's listed below in "Data Access ACL's" area.|
|Case Management||Access to the Case Management module|
|Issue/Inquiry Tracking||Access to the issue/inquiry tracking module|
|Date of Birth Access||Access to dates of birth in a person record|
|Member Groups Access||Access to the Group Management module|
Data Access ACLs
|Volunteer Notes||For information on the setting and use of these four ACL's, please refer to the article on Implementing Contact Management Security|
|SQL Code Access Level||Allows a super-qualified user to hand-craft SQL queries for reports.|
|DACL Management||[not for general use]|
|Financial Systems Access||
Access to Invoice tabs and system; Transaction Batch Management module for batch actions and QuickBooks posting; Read/Write access is also required for the Login to Website as This Person function