User Permissions Changes: Client, Contact, and Shared Profile Access

Overview

We have been working on new user permissions that give practice owners more control over what their staff can see and access. These changes specifically affect how users can view and access clients, contacts, and shared profiles in the system. In addition, there are updates to the styling of the user management page and updated permission labels to better convey how permissions work.

In this article:

• Current Permissions System (Before Changes)
• Why Change The Permissions System?
• New Permissions System
  
  • Updated People Menu permissions
  • New Profile Access Permission
• What This Means For Different User Scenarios
  
  • Scenario 1: Administrative Staff with Full Access
  • Scenario 2: Practitioner Who Should Only See Their Own Clients
  • Scenario 3: Bookkeeper Who Should See Clients in Reports But Not Have Access
• How Current User Permissions Will Change
  
  • Users Who Currently Have People Menu Permission
  • Users Who Currently Don't Have People Menu Permission + Have a Default Practitioner
  • Users Who Currently Don't Have People Menu Permission + Do Not Have a Default Practitioner
• Areas Affected By These Changes
  
  • Search and Navigation
  • Calendar and Waitlist
  • Reports and Lists
  • Profile Access
  • Data Export and Logs
  • Updates to the User Management Page
• Benefits of These Changes
  
  • For Practice Owners
  • For Users
• What You Need to Do
  
  • For Practice Administrators
  • For Individual Users
• Important Notes
• Support and Questions

Current Permissions System (Before Changes)

Previously, the "People Menu" permission controlled both:

• Whether users could see the People Menu and client search functionality
• Whether users could access all clients, contacts, and shared profiles in the system

With the People Menu Permission:

• Users could see and search all clients, contacts, and shared profiles
• Users could access any profile in the system (with restrictions on what pages they could access within the profile based on their other permissions)
• Users had access to the People Menu and client search in the header

Without the People Menu Permission:

• Users could only access profiles where they were specifically assigned (as the primary practitioner, assigned practitioner, or listed user with access)
• No access to client search or People Menu to add or search clients, contacts, or shared profiles
• Could only navigate to assigned profiles through direct links or appointments

Why Change The Permissions System?

While these permissions covered situations where users either needed access to all profiles, or just their own, it didn’t handle which profiles the user could see when viewing various areas of the application such as in reports, waitlist, tasks etc. It also limited users that should only have access to their own profiles to not having any way to search them and being dependent on accessing them via other pathways. 

This led to a natural demand for a way to control which profiles users could see in the app, versus which profiles they could access.

New Permissions System

The new system introduces two separate, more granular permissions and an update to the way the People Menu functions:

1. People Menu Permission (Updated)

Now controls:

• Whether users can access the People Menu in the navigation to search for clients, contacts, and shared profiles.
• Whether users can add new profiles via People Menu
• Whether users can see and use the client search functionality in the header

2. Profile Access Permission (New)

Controls what profiles users can see and access with three options:

Option 1: "See only their clients. Access only their clients"

• Users can only see and access profiles specifically assigned to them (where they are either the primary practitioner, assigned practitioner, or listed as a user with access)
• Most restrictive option for maximum privacy and data segregation
• Users will be restricted throughout the app to only view data related to their default practitioner profile including in the calendar and in reports

Option 2: "See all clients. Access only their clients"

• Users can see all clients, contacts, and shared profiles (names appear in lists, reports, etc.)
• Users can only access the profile pages that are specifically assigned to them (where they are either the primary practitioner, assigned practitioner, or listed as a user with access)
• Provides visibility for whole practice reporting and coordination while maintaining access restrictions to the profiles

Option 3: "See all clients. Access all clients"

• Users can see and access all clients, contacts, and shared profiles in the system
• No restrictions on which profiles they can view
• Full access to all profile information and records

The records that can be accessed within a client profile a user has access to will continue to be controlled by the user’s Access Level and the combination of permissions including Access all Client File Uploads, Access all Client Notes and Forms, Access all Correspondence, and Access Client Invoices and Payments.

What This Means For Different User Scenarios

Scenario 1: Practice Owner or Administrative Staff with Full Access

Permissions: People Menu + "See all clients. Access all clients" What they can do:

• Search for any client using the header search
• Access the People Menu to browse all clients, contacts, and shared profiles
• View and edit any profile in the system
• Add new profiles

Scenario 2: Practitioner Who Should Only See Their Own Clients

Permissions: People Menu + "See only their clients. Access only their clients" What they can do:

• Search only their assigned clients in the People Menu and header search
• Cannot search for or browse other practitioners' clients
• Cannot see other practitioners' clients in reports or lists
• Can add new profiles via People Menu
• Can access profiles assigned to them

Scenario 3: Bookkeeper Who Should See Clients in Reports But Not Have Access to Profiles

Permissions: No People Menu + "See all clients. Access only their clients" (with no default practitioner profile selected) What they can do:

• Cannot search for or browse any clients
• Cannot add new profiles via People Menu
• Can see all clients in reports or lists
• Can only access profiles assigned to them

How Current User Permissions Will Change

When this update is implemented, existing user permissions will be automatically migrated with the aim to maintain existing access as much as possible:

Users Who Currently Have People Menu Permission

• Before: Full access to all profiles and search functionality

• After: Will receive both "People Menu" + "See all clients. Access all clients" permissions

• Impact: No change in functionality - they retain all current access

Users Who Currently Don't Have People Menu Permission + Have a Default Practitioner

• Before: Could only access specifically assigned profiles. Could not search or add profiles, but could see all profile names in the app.

• After: Will receive "See only their clients. Access only their clients"

• Impact: 

  • Access to profiles remains unchanged. 
  • Will no longer be able to see all profiles in lists or areas of the app. 
  • Will only be able to see the appointment details in their own practitioners calendar. 
    • If the user had “Show all calendars” permission enabled, they will now have “See all appointments” disabled by default so that they can only see their own practitioners calendar details.

Users Who Currently Don't Have People Menu Permission + Do Not Have a Default Practitioner

• Before: Could only access specifically assigned profiles if listed as a user with access. Could not search or add profiles, but could see all profile names in the app.
• After: Will receive "See all clients. Access only their clients"
• Impact: No change in functionality - they retain all current access.

Areas Affected By These Changes

The new permissions will affect these areas of Zanda:

Search and Navigation

• Header client search
  • Requires People Menu permission
  • If a user cannot access all profiles, they will be restricted to search only those assigned to their user
• People Menu access to Add or Search Client, Contact, or Shared Profiles
  • Requires People Menu permission
  • If a user cannot access all profiles, they will be restricted to add clients for their default practitioner only
• Advanced client search
  • Results filtered by which profiles the user can see

Calendar and Waitlist

• Calendar: 
  • If users cannot see all profiles, they will only have access to see their default practitioners calendar. If the user has “Access all Calendars" permission, then the permission “Show all appointments” will be disabled by default to hide any appointment details in other practitioners calendars. 
• Waitlist: 
  • If a user cannot see all profiles, they will be restricted to see those assigned to their user and any profiles that have their practitioner selected as waiting for an appointment with 

Reports and Lists

• All Reports
  • If a user cannot see all profiles, they will be restricted to report on their default practitioner
• Bulk Update
  • If a user cannot see all profiles, they will be restricted to see those assigned to their user
• MailChimp exports
  • If a user cannot see all profiles, they will be restricted to see those assigned to their user
• Bulk Send
  • If a user cannot see all profiles, they will be restricted to see those assigned to their user
• Xero
  • If a user cannot see all profiles, they will be restricted to see those assigned to their user
• Tasks
  • If a user cannot see all profiles, they will be restricted to see those assigned to their user and any clients that have tasks assigned to their username

Profile Access

• Accessing any profile via the header or People menu search
  • Controlled by whether users can access all, or only their own clients
• Direct URL access to profiles
  • Controlled by whether users can access all, or only their own clients
• Profile mega menu access
  • Only shown for clients the user can access the profile

Data Export and Logs

• Data Export functionality
  • If a user cannot access all profiles, they will be restricted to export for their default practitioner profile, or for specific clients they can access 
• Log File viewing
  • If a user cannot see all profiles, will only be able to search their own users activity

Updates to the User Management Page

In addition to the new control over users access to see and access profiles, the user management page is being updated to better convey how the permissions work.

Preview of the new user management page:

• This change involves grouping similar permissions under headers for Scheduling, Clinical, Administrative, and Financial.
• Permissions will also have updated names, and more information added to explain what they control.
• This change aims to make it easier to understand how each permission functions and which role the permission is related to.

Benefits of These Changes

For Practice Owners

• Enhanced Privacy Control: Ensure practitioners only see clients relevant to their caseload
• Enhanced Data Security: Apply stricter access controls if required
• Compliance Support: Implement higher levels of restriction where appropriate

For Users

• Clearer Interface: Users only see functionality and data relevant to their role
• Faster Navigation: Reduced clutter from irrelevant client information
• Role-Appropriate Access: Permissions match job responsibilities more accurately

What You Need to Do

For Practice Administrators

1. Review Current User Permissions: Check which staff members currently have People Menu access
2. Plan New Permission Structure: Decide which users need which level of access under the new system
3. Update User Permissions: Once the feature is available, adjust individual user permissions as needed
4. Communicate Changes: Inform staff about any changes to their access levels

For Individual Users

1. Understand Your New Access Level: Learn what you can and cannot access under the new system
2. Update Workflows: Adjust daily routines if your access level changes
3. Report Issues: Contact your practice administrator if you cannot access profiles you believe you should be able to see

Important Notes

• Shared Profiles: These permissions apply to shared profiles in the same way as client and contact profiles
• Referrer and Third Party Access: These profile types are controlled by a separate permission system and are not affected by these changes (“Access all Referrer and Third Party Profiles”)
• Existing Functionality: All current features remain available; this change only affects who can see and access the profiles for clients, contacts and shared profiles and changes to the People Menu permission

Support and Questions

If you have questions about these permission changes or need assistance with configuring user access levels, please contact the Zanda support team via email at support@zandahealth.com or live chat.

We're here to help ensure your practice has the right balance of accessibility and security for your needs.