How to Set Up Apricot Software Users, Groups, Permission Sets, and Roles
When dealing with sensitive data, even highly confidential data, managing user access to your Apricot database is a big deal.
Managing access is even more critical when users with varying roles, responsibilities, and functions access the database on a daily basis. Volunteers, staff members, case managers, executives, funders, and grant applicants all need different user settings so they access only the Apricot data, features, and functionalities that are critical to their roles.
User access in Apricot Software
Apricot database administrators manage user access from the “Administrator” tab in Apricot. Select the “User/Group Profiles” link in the “Access Control” section of the administrator action panel to start adding new users or modifying existing users.
Four functions manage user access in Apricot software: users, permissions sets, administrator roles, and groups. Each function is a piece of the user access puzzle so it is important to understand how each one works.
A user is a person with a login to your Apricot database. A user has a unique username and password. User credentials are the initial gatekeeper, letting users into your Apricot database if they have the right combination of a username and password.
2. Permission Sets
Once a user is logged into the database, permission sets define the types of records that a user can view, create, or edit. Permission sets also provide access to reports, bulletins, and shared files. For the most part, permission sets grant users access to front end features, specifically forms, reports, bulletins, and shared files.
3. Administrator Roles
Administrator roles grant user access to back-end features like form designer, report designer, and imports. Assigning an administrator role or removing an administrator role makes the options in the administrator action panel appear and disappear for that user.
Administrator roles are global, meaning an assignment of a role grants global access to the function. Permission sets define the specific forms and reports a user can design and edit.
Groups organize permission sets. Groups generally identify users by department, location, or type. Groups are primarily used for Group Record Level Access (RLA) and user categorization. With Group RLA activated, users will see records on the front-end that members of the group created or that have been assigned to their group.
Users, permission sets, groups, and administrator roles are arranged in Apricot software using the standard Tier 1 and Tier 2 form structure. Links between the user record and the permission set and administrator role records assign those features to a user.
Implications of the structure
There are two outcomes of the data structure shown above.
- Users are assigned a permission set, which enrolls them in that group. Groups aren’t assigned; they are implied based on the assignment of a permission set. If Group RLA is applied to a permission set, users will only see records created by the group or assigned to the group.
- A user can be assigned multiple permission sets. The user will then inherit the rights of each permission set and the access granted for each group. For example, if Group RLA is applied in multiple permission sets, the user will have access to multiple Group RLA record sets.
How to set up user access
The steps you take to define users, permission sets, groups, and roles in your Apricot database may vary. To simplify the process, we recommend a three-step framework that starts broad and then narrows the specific access requirements. This process generally makes user groups, permission sets, and roles more approachable and easier to understand.
1. Organize users into groups
Organize groups based on sites, departments, or teams.
- If you need to restrict access to specific records for a specific batch of users, define groups based on the record access requirements of those users.
- If you don’t need to restrict access to specific records, use groups to organize permissions sets for easy access. Use groups like file folders to organize sets of users that are similar to each other.
2. Define permission sets for all users
After defining specific groups, define permission sets for users in those groups. Each group can have many permission sets. Permission sets can be created for a group of users with similar access or created on a user-by-user basis.
Creating permission sets on a user-by-user basis isn’t recommended, especially if you have a large number of users. Permission sets become infinitely more complex if you create one permission set per user. Instead, group users in permissions sets first and then assign specific user-by-user permission sets if they are critical to your database.
3. Assign roles to each user
Assign administrator roles to users last. Administrator roles are only for those users that need back-end access to design, manage, or maintain your Apricot database. Generally this will be a select few users that are trained on Apricot, understand your organization’s procedures, and understand the responsibility of accessing the administrator side of the database.
Getting started with user access
When it comes to user access in your Apricot database there are multiple moving pieces. You might be asking, where do I start?
The key to user access in Apricot software is to start broad, and then narrow. Develop a broad set of access definitions and then narrow those broad definitions for specific use cases. It is easier to narrow from a broad definition than to broaden from a narrow one.
Also, develop a blueprint before you build groups or permission sets. Define what you hope to achieve with user access first. Solidify a structure that makes sense and then dive into Apricot software to build it. Blueprinting what you hope to build first will save you time.