Simply adding the new employee name does not provide the security you require for the information you maintain in Theatre Manager. A Master User or Outlet Administrator must indicate which type of access a new employee will be granted.
User Level
|
Can Do
|
Cannot Do
|
Master User
|
- has all permissions
- create outlet administrators for other outlets
- change permissions in 'data' and 'function' tabs for any normal user
A master user should only log in to creating other users.
|
- change the data and functions tabs for themselves (since by definition, they have all permissions already)
|
Outlet Administrator
|
- has all permissions for their outlet (same as Master User)
- create other users or outlet admins for their own outlet
- change permissions in 'data' and 'function' tabs for any normal user for their own outlet
|
- create master users
- access data for other outlets
- change the data and functions tabs for themselves (since by definition, they have all permissions already)
|
Normal User
|
- employee access is defined by the settings in the 'Data' and 'Access' tabs.
This is the vast majority of users
|
- create users
- change any access for themselves
- see permissions that other users have
|
No Access
|
- assigned as solicitors for donations
Note: if somebody can no longer use the system it is best NOT to their access level. Instead, set the date left so you have a record of what access they had while they were able to use the system.
|
- login to the Theatre Manager
|
API Access Only
|
- use the REST API to retrieve data from the system.
- data they can access is dependent on the permissions in the 'data' tab
|
- login to the Theatre Manager
|
Access Id
| The logon name for the employee when the default logon window is set to Access ID/Password. Refer to the PCI Security Tab of System Preferences for more information. It is also used to identify users logged in to the postgres database for logging, etc. |
Hired |
Date the employee was hired. The calendar lookup button can be used to select the date.
A future date in this field means that the employee will gain access in the future, but not now. This could be used for setting start dates for interns.
|
Resigned |
Date the employee retired, resigned or left the organization. The calendar lookup button can be used to select the date.
Generally, this date is blank. It can be in the future if you are creating an employee with temporary access and the resigned date is when they are leaving.
If an employee makes too many mistakes entering their password and gets locked out, this field will automatically be set by Theatre manager to prevent access. To reinstate an employee's access, a Master User or Outlet Administrator needs to:
- Clear the date resigned -and-
- Reset their password
|
Logon Level |
Indicates the general user level of the employee
- No Access An employee with no access cannot use any aspect of Theatre
Manager. Their user name will not appear on the login window, it will
however appear on any employee list report unless specifically excluded.
A user may be given no access because they have resigned, or the company
wants a database of their employee's even if some employees never use
Theatre Manager.
- Master User This employee can access any part of Theatre Manager. They
are denoted by a bullet beside the user name in the login window. The
Master User has unrestricted access to all modules of Theatre Manager,
including the ability to change the access levels of other employees and
themselves.
- Outlet Administrator Administrative access over an outlet. They are denoted by a percent symbol beside the user name in the login window. Outlet administrators have access to all modules of an outlet excluding system settings.
- Normal User Access to windows and functions can be restricted in various parts of Theatre Manager.
These restrictions are set in the:
A Normal User is not able to alter their own access levels.
- API Access Only This level is explicit in that is only allows access to data in the database via the Data and Functions Tabs.
The Normal User is not able to alter their own access levels.
|
REST API |
Click to enable access to the REST API. This is a feature which allows access to the raw data in the database using a URL - and is typically used for web developers or for data analysis tools. |
Groups |
Select the functional groups that this employee belongs to. These are used to determine which records the employee can have access to. For exmaple, if somebody has both Marketing and Box Office checked, then they can access any record that is marked accessible by either Marketing or by Box Office.
If somebody has access to 'all' areas then make sure they are all selected. These functional security access groups are set up in code tables. |
Attempts |
The number of times the employee has tried to login with the incorrect password since the last logon. |