Expand Article

Last Updated: 5/15/15

Security Roles

Elexio Database requires every user to login when the program starts.  Each user can have different permissions regarding access to the data based on their assigned Security Role. 

You must have at least one user with Administrative permissions.  Elexio Database will not allow you to delete the last and only user with the Administrative Role so that you can’t be locked out of the database.  But if for some reason you can't remember the Administrator's password, please contact technical support for assistance.

On the Home page, click the Common Tasks button and select Manage Security Settings. You can set a variety of permissions for a Role, which enable or prevent users from performing certain functions.

Roles are set to enable Users access to certain information such as contributions or enable Users to perform specific tasks such as sending mass email or editing data.

Roles and Descriptions

Elexio Database comes with the following pre-defined Roles and Descriptions.  You can change the permissions within a role, copy the role,  or create new roles. Make sure you change the description field to reflect any major changes to the Role.  Remember any changes to the Role's permission will affect every user who has been assigned that role.

Administrator:  Full permissions.  This Role cannot be changed or deleted. Designed for data champions & skilled system admins.  There must be at least one user account with the Admin Role.  You can't delete the last remaining Admin user account.

Contributions Data Entry:  Only has access to People screen (including Contributions) and Reports.  Designed for church treasurer or contribution data entry assistant.

Data Entry:  Only has access to the People screen and can only edit and add people.  (Can't delete, can't view contributions).  Designed for volunteers to help with data entry of people records.

LeaderThis role is designed for volunteer leaders and has very limited access.  In Database access is given to the People screen and the Small Groups and Ministries screens on the Administration screen.  Be aware this role allows access to ALL people on the People screen and ALL Groups and Ministries on the Administration screen.  In Portal Small Group leaders can record attendance and manage Groups Links 

Power User:  Full access except for managing user accounts/roles and contributions.  Designed for key staff with good computer literacy.

Portal & Mobile: Most limited role. Permissions only granted for Elexio Mobile and Portal. Within this role there is Portal & Mobile (Limited Access) which varies from the standard role in its restriction of access to contact info in Mobile, the inability to email users via Portal, and the inability to see the Portal Directory. 

Note: To remove new users from the Portal/Mobile Smart part on the Home screen, change the user's Security Role and Status. You can use the smart part to do this or go into the user's entry on the People screen for access to other security roles. Ex. If you want to remove a user from the Smart Part, but you don't want them to have access to the Portal directory, create a new role that restricts access to the Portal directory, go into the user's entry on the People screen, change their status to the one you created, and change their status to something other than New Portal/Mobile User.

Standard User:  Broad access to most features, except the following features are disabled: Contributions, Automated Processes, AdminChurch Info, AdminAttendance/Offering, AdminDataEntryHelps, ToolsOptions.  Can't delete people or move them to another household.  Can't delete anything on the Admin screen.  Designed for church staff with a typical level of computer literacy.

Super User:  Full access except for managing user accounts & roles. Designed for key staff with good computer literacy.  Allows access to contributions.

No Account:  This role is the default role used when a new record is added to Elexio Database.  This role does not allow log in access to any of the Amp products. 

No Access:  This is the role that should be manually assigned once an email has been used to log into one of the Amp products or a new profile/account is created through Portal AND log in access needs to be denied (i.e. individual has left the church). Setting this security role allows the email to remain in the database for use in reports, mass email, etc. without allowing the user to log in to any products.  

Changing Permissions:

Select the Role you wish to view/change from the list of Security Roles.  You can also Add a New Role or Copy a Role using the options under the  Common Tasks button.  Copy this Role allows you to copy an existing Role, change the permissions, edit the description, and rename the Role.

Clicking on the + next to any Category will show you a list of features associated with that category.  

When you expand a category, to the right you will see four columns with options to: View, Add, Edit, and Delete.

Set your Permissions for a Role by clicking on the field to change its color.  The color legend shows green for and red for .  

The first line of each Category has a box for each of the four permissions (View, Add, Edit, and Delete).   Use this line to set the primary permissions for the category and then use individual fields to specify permission changes.  The color guide will help you see what permissions are set.  

For example, if you want to grant permission to access the majority of the People category but don't want an individual to be able to add anything new, then on the People line uncheck the box for Add so the Add column is changed to red for denied.  If you have allowed the user to View all in the People Category but you want to exclude contributions, click on the Contributions Menu View field to change from green (allowed) to red (denied).  You will notice the Add , Edit, and Delete fields will automatically fill in with red for denied contributions once the view has been changed to denied.

You will also see N/A in the fields that you can't change due to permissions that have already been assigned.  For example, you can allow permission to view the People - Involvement Menu but add, edit, and delete are specific to the different activities on that screen.  In some cases when permissions are denied in one field it will automatically label other fields as denied by default.  For example, if you have denied view for the Ministry Assessment Menu then you also can't Add, Edit, or Delete the data on that screen.

If a user has permission for a specific category to Add data then they must also have the permission to Edit data or you will get a message, "You cannot deny the 'Edit' permission of this item if 'Add' is allowed."

When the permission Delete is Denied is selected, it prevents a user from accessing the delete button that would remove an entire entry from the database whether it be a follow up request, attendance entry, or small group involvement information.  The ability to remove or change information in a specific field is linked to the Edit permission.  If a user has Edit Allowed, they can still delete information in a specific field.

Permissions for the Group Action Wizard (GAW) is linked to the Edit field for the specific category.  For example, users with People - Small Groups - Edit Allowed, would have permissions to maintain small group data from both the Involvement screen and the GAW.  A user must have People - Attendance - Edit Allowed to be able to use the GAW to track attendance.

Click the Save button located in the lower right corner when  you are done updating your Roles.

Hold your mouse over the different areas of the Manage Roles screen for more information about each security permission.

For a list of the Features associated with each Category see Category Permissions.

Back to Top