Using Client Access Groups

By default, you may work with all clients in the organizational units where you are granted permissions. A client access group is a security method to restrict access to specific clients. Use these groups to restrict client access to certain staff levels or specific staff in the firm. Access to clients can be secured for all products or for specific product modules.

Important: CCH currently limits firms to a maximum of 1,000 client access groups. If your firm is above this limit, a message displays above the Client Axcess Groups grid to remind you of this limit. In this case, you must delete some existing client access groups before you can create additional groups.

When adding clients to an access group, you can select them individually or specify the client attributes that must be met. If you add clients by specifying criteria, you can review the selection list and add or remove specific clients.

After selecting clients, staff assignments are added to the client access group in the secured areas. Only staff assigned to the access group can access information for the clients in the group. The restrictions can apply to all modules or to specified modules.

If you need to create an access group similar to an existing access group, you can create a group by copying an existing group.

Securing Clients in Multiple Client Access Groups

Clients can be selected for security in multiple client access groups. You might assign clients in multiple client access groups to assign a unique set of staff with access in differing product modules.

When selected in multiple access groups, clients are secured in all product modules that are selected in those groups. For example, if a client is secured for Administration Manager in one client access group and for Tax in a second client access group, that client is secured from staff without access in all Administration Manager and Tax product modules.

Staff who should have access to clients do not need to be assigned in all client access groups where those clients are secured. An assigned staff will have access to secured clients for any product area selected in the access group. For example, if a client is secured in Workstream in multiple client access groups, a staff need only be assigned in one group to access the client in Workstream. In this example, the staff would retain access to the secured client in Workstream even if the client is secured in any other access group where the staff is not assigned access.