Granting Staff Access Rights

Staff members have no access to any CCH Axcess modules and functions until they are assigned to a security groupClosed A set of access rights and restrictions. Staff assigned to the security group automatically receive the group's access rights.. Rights to modules and functions are given to the security group. Staff assigned to the security group receive the rights set for the security group.

When the system is installed, a default system administrator is created. That account has full rights to assign security permissions at all firm levels. Other staff assigned to the Full Rights security group can perform maintenance at all staff levels. See Using Security Groups to Give Staff Access to Modules and Functions for more information about the Full Rights security group.

Assigning Staff to Security Groups

You can assign staff to one or more security groups. Security groups grant and restrict access to CCH Axcess components.

Note: In addition to security groups, staff can be assigned a roleClosed Domain-based Message Authentication, Reporting and Conformance (DMARC) is an email authentication protocol designed to protect your domain from unauthorized used or spoofing, and phishing or scam emails.. Staff, while acting in roles, have the rights assigned to the role in addition to any rights from security groups.

Security permissions are cumulative. Staff have the total rights from all security groups to which they are assigned. If staff are assigned to any security group where a right is never allowed, those staff will never have that right.

It is recommended that one or more security groups be set up for administrative functions, such as creating clients, setting up an organizational unitClosed Organizational units define your organizational structure. The structure can consist of multiple levels: firm, region, office, and business unit. If regions are used, at least one office must exist in each region. At least one business unit must exist in each office. or multiple organizational units, adding staff, and other administrative duties. This simplifies the assignment of appropriate staff to those areas.

Note: Security groups can be assigned to multiple organizational units. To add staff to or remove staff from security groups, you must have rights to edit security groups for all the organizational units to which the security group is attached.

Assigning Staff to Organizational Units and Access Groups

When staff and clients are set up, they are assigned to an office and a business unit. By default, staff have access to clients in their business unit and in their assigned office, but not to clients outside that office and business unit.

Clients and staff assigned to access groups are secured. Access groups override access rights granted by business units. When access groups are created, staff are given rights to secured information by individual selection, organizational unit, or position. Staff may also be given or denied access to secured information through their Staff Profile.

Note: To add staff to or remove staff from access groups, you must have the rights to edit access groups for all organizational units assigned to the selected access group.