Logins permit you to control who is allowed access to your congregation's information, and which information and parts of the site each person is permitted to use. When you create a login for a user, you assign them to one or more roles in your congregation (member, officer, etc.).  Separately, you select the permissions each role has.  This way, when you change the permissions for Board Members, for example, your changes are made in one place and immediately affect the permissions for all users in that role.

Creating a New Login

From the User Logins page, click the Add a new Login button. On the New Login page: Select a member from the pulldown list to fill in the text fields automatically from data already in ChaiTrack, or manually enter the information. On the right side of the page, select the roles this user belongs to. You may leave the Create Random Password checkbox checked to have the system create a temporary password for this user.  ChaiTrack will e-mail them their temporary password, and they'll be prompted to change it the first time they log in.  If you uncheck the checkbox, you'll be able to manually enter a password, select whether to have ChaiTrack e-mail them their password (you may want to tell them privately, in which case make sure that box is unchecked), and select whether you want ChaiTrack to require a password change when they first log in.

Changing a User's Roles

To change the roles a user is assigned to, click the Edit Roles button next to the user's name in the list of users.  Make your role changes as needed, then click Save to return to the List.

Deleting a User's Login

Just click the red X delete button next to the user's name in the list of users.

Changing the Permissions for Each Role

Click on the Change Role Permissions button on the User Login page to access the Role Permissions page. Then, select a role from the pulldown list at the top, and the list of permissions will update to the current permissions for the selected role.  Change the permissions as needed, then click the Save Changes button at the bottom.  NOTE:  If you select a new role from the pulldown list before saving your changes, any changes will be discarded without warning. When you're finished making changes to permissions, click the Finished button to return to the User Logins page.

Which Permissions to Use

Permissions work together to with Roles to control access to the feature of ChaiTrack.  Since access control is very fine-grained, the following should help you to better understand how to set permissions. View permission controls access to the page.  Before a role can do anything with a feature, they must have View permission.  For example, if you want to give permission to edit Yahrzeits, you must give the role View permission for Yahrzeits so they can acces the page, and Edit permission so they can make changes.  So, always start with View, then add other permissions. A number of features have a Report permission.  This controls whether the related reports appear in the list of reports available when they go to the Reports page.  If a role is to have Report permission for any reports, you must also check Reports-View to grant access to the Reports page. User logins, although listed in the permissions table, are only available to Congregation Administrators for security reasons. Several functions include a Change/Edit Own permission.  This grants permission for a user to change information if it is their own record, but not to change the information for anyone else.  Using this permission, you could grant members permission to maintain their own Member, Life-Cycle and Yahrzeit records without them being able to make changes to other members' information. Communicate has some permissions that are a little different - View, Add and Edit control Viewing the page, creating new messages and editing saved messages, respectively.  You must check Send to enable a role to actually send a message.  This allows you to give certain roles permission to create and edit messages, saving them for someone else to review and send.  If you want a role to have full permissions to create and send messages, you must check all the options. There are a small number of permissions in the list that refer to future features of ChaiTrack.  You can set those at any time to be ready or wait until those features are released.  Each time you see a new feature released in ChaiTrack, you'll want to check your permissions settings to be sure and give permissions to the roles you want.  As new permissions are added to the list, the default setting is always not checked.  As with everything else in ChaiTrack, if you have questions, please feel free to ask, either in the forums or by e-mail.

Important Points about User Logins and Permissions

A user's permissions are the sum of the permissions from all of the roles they belong to.  For example, if you put all users in the Members role, and the Members role has permission to add life-cycle events, then that person will be able to add life-cycle events regardless of any other roles they may be assigned to that don't have that permission.    Some permissions are in the category of "Change Own", which means users with that permission may change (edit) their own information in ChaiTrack but cannot change the information of other members.  In order for this to work, you must create the login by selecting from the member list, not from manual entry - this is the only way for ChaiTrack to know the connection between the member entry and the login being created.    The Congregation Administrator role is a super-user role - anyone assigned to this role has unlimited privileges on the system automatically.  You'll note that this role does not appear in the list of roles on the Role Permissions page - you can't change it!    Every congregation MUST have at least one Congregation Administrator (CA).  ChaiTrack will not allow you to delete the only CA from your congregation or change them out of that role.  If you're the last CA and you want to get out of that role, you'll have to assign someone else to the CA role and they will have to remove that role assignment from your login.