How Permissions Work in Seraphim

Permissions in Seraphim are broken into two types:
  1. Roles
  2. Features (Tiles)
Roles vs. Features (Tiles)
"Roles" determine specific actions that someone can take, such as saving or deleting. Features (or Tiles) determine what features someone can access, like the Reports tile or Settings tile.
Roles always work in conjunction with "Tile Access". Let's you want someone to view profile information, but you don't want them to be able to delete a profile from your directory.  In this case, you would give them "Tile Access" to see the Directory tile so they can view profile information. But you wouldn't give them the "Delete Profile" role to ensure that they can't delete anyone's record.
Note: there is one role that ALL your administrators must have in Seraphim, and that is the ADMINISTRATOR role. If someone needs to log into Seraphim, they must have the Administrator role. 

Assigning Roles
To assign a user to a role, go to the PERMISSIONS tile.  
  • Select the role from the drop-down menu. 
  • Click on "Assign someone to this role". 
  • Search the name of the individual. 
  • Check the box to the left of their name. Their profile will appear in the selection list toward the top. (You can select as many people from this screen as you like!)
  • Hit the SAVE button.
  • You should now see this individual's name in the "Assigned to this role" list. 
Note: You can assign someone to as many roles as you like.

Assigning Tiles
After assigning the appropriate role, you'll want to then assign the correct tiles to that individual.
  • From the PERMISSIONS tile, click on the FEATURES tab. 
  • Select the name of the individual in question from the drop-down list. 
  • Check the box on each tile that you'd like to grant access to.

Note: In order for someone to be able to see the Finance Tile, they must also have the "financial role" assigned to them.  This is for added security to minimize risk. 

Note: Role and Tile updates take effect immediately.  However, to see the effect of the change, the user receiving new permissions will need to log out of Seraphim, then log back in.  The new permissions will be applied to their account upon login. 

Role Dictionary
When assigning roles to your users, you may find that there's a good number of roles that we've added to this list. Check the list below for what each role controls so that you know you're assigning the roles you need to the right users. Additionally, it's important to note that there is some "additional assembly required" for some of the items below to fully function. (The roles below are listed in order of "most commonly used" to "least commonly used" roles. 
  1. Administrator
  2. Event Manager
  3. Save / Delete / Merge
  4. Financial
  5. Medical / Allergy Notes
  6. Background Checks
  7. Delete Webform Repository
  8. Food Service / Audio Visual / Tech / Facilities
  9. Guide
1. Administrator
The Administrator role is one of the most important roles that you can assign to someone.  This is the "Gate Keeper" role.  In order for anyone to have access to any tiles, they must have the administrator role. The administrator role makes the administrator tab visible, thus giving access to the tiles that you've selected for this user. 

2. Event Manager
This Role gives a user the ability to create new events and edit existing ones. With the Event Manager role, a user can go to a specific event on the calendar, click on that event, and see the "EDIT" button.  They can then edit all items in that event. Additionally, if someone has the event manager role, they will also be able to approve event requests from other users, if you're using Event Approval.

3. Save, Delete, and Merge Member Profile Roles
These three roles grant access to three specific buttons associated with making changes to congregant or member profiles in the Directory.  The "Save" role allows you to make changes to the profile and save your updates. The "Delete" role allows a user to delete a member's profile from the directory.  (The record will still be accessible through the "Data Quality" section of the directory). The "Merge" role allows an administrator to combine two duplicate records into one.

4. Financial
Finances are arguably some of the most sensitive data in a church.  As such it is important that only the correct individuals have access to Financial Data.  As such, a user must have 3 separate security characteristics in order to view financial information.  
  1. They must have the Administrator Role
  2. They must have the Finance Tile
  3. They must have the Financial Role
This was a deliberate configuration to ensure that no one accidentally receives financial access by a single misclick. Once someone has all three of these permissions, they will be able to access the Finance Tile, as well as conduct all financial actions contained therein. 

5. Medical/Allergy Notes
Giving someone the Medical/Allergy Notes role will allow that user to view any medical/allergy notes that are associated with member profiles.  The ability to view other note types are determined by "Note Permissions" tab on the left menu under the PERMISSIONS tile. 

6. Background Checks
The Background Checks role gives you access to the "Background Checks" tab located on member profiles. Without this role, it is impossible to see background check information on an individual. To actually make changes to any fields located on the "Background Checks" tab, a user would need to have both the "Save Member Profile" Role, and the "Background Checks" role assigned to them. 

7. Delete WebForm Repository 
Through SmartForms, your church can collect data about your congregants and visitors for various purposes. Once a smartform has been constructed, we collect the data with the smart form through a collection. Collections hold each individual entry of data for that smart form.  Over time, this data can build up and this collection info may become outdated or no longer needed.  The "Delete WebForm Repository" role gives someone the ability to go into a collection of Smartforms and delete the collection of entry information.  Keep in mind, when entry data is deleted, it is a full deletion.  There is no way to retrieve this collection information once it's been deleted.