ACL Definition

Access Control List Deﬁnition

ACLs can be set for B2B: Student, Person Details, Communication Log, Activities, Provision, Equipment, Exclusions, Involvements, Risks, Early Years Maintain Provider, SEN2 Returns, Service Level Agreements, Adoption, Fostering, Case Notes and Service Provision.

Default ACLs can also be applied to Service Teams via Focus | Services | Service Team Administration. ACLs deﬁned for a service team are inherited by all associated entities (e.g. Involvements). If a service team’s default ACL is updated, then the new ACL cascades to all involvements and related communication log items, unless the ACL has been customised locally at record level.

If an ACL is deﬁned, users not included in the ACL are denied access.

To set an ACL for a record:

Click the Set ACL button to display the Access Control List Deﬁnition dialog.
Enter a Description for the ACL. (1)
On the ACL Membership panel, use the buttons to select your membership. The available options are Users, Posts, Groups and Service Teams. (2)
Assign levels of access to the group’s members. If required, you can assign levels for all members in a continuous block by using the Shift key, or use the Ctrl key to select several non-adjacent members. Alternatively, you can assign levels individually. (3)
Set the Access Priority to Favour Allow (default) or Favour Deny. (4)
Click the Done button to save your changes.

Access Levels

There are three levels of access which can be applied to users. These are: Read Summary, Read Details and Write.

When ACL members are selected, Allow is the default setting.

To apply access levels, select the row or rows to be deﬁned and click Allow or Deny for the relevant level.

To Allow access to Read Summary, Read Details and Write gives full access to the data.
To Allow Read Summary and Read Details access but Deny Write access gives read-only access to the data to which it is applied - the user will not be allowed to edit the data.
To Deny Read Summary refuses access to summary pages (e.g. Involvements and Provision). It would therefore not make sense to allow Read Details.
The CSS and SEN Summary reports do not display records where Read Summary access is denied.
To Deny Summary and Read Details access but Allow Write access denies the user access to see the data but allows the data to be updated at system level (e.g. when the system is being updated from an external source).

Access Priority

The Access Priority an be set to Favour Deny or Favour Allow. These settings dictate access rights, either downgrading or upgrading a user’s permissions, depending upon which Group or Post the user is logging on as. Favour Allow is the default selection. The following scenarios are based on access to a Person record.

Favour Allow

	Login ID	Summary	Read	Write	Access for the user
1	Group/Post				The user is allowed full access to the record.
	User				The user is allowed full access to the record.
2	Group/Post				The user is allowed full access to the record.
	User				The user is allowed full access to the record.
2	Group/Post				The user has read only access.
	User				The user has read only access.
4	Group/Post				The record is not available for selection.
	User				The record is not available for selection.

Favour Deny

	Login ID	Summary	Read	Write	Access for the user
1	Group/Post				The record is not available for selection.
	User				The record is not available for selection.
2	Group/Post				The record is not available for selection.
	User				The record is not available for selection.
	Group/Post				The user has read only access. If read access is also denied, a message is displayed denying access to the record
	User