User Roles and Permissions

User roles are the primary means to control what users are allowed to do on a site, which tabs and links they see, which reports they can run, etc.

Each user is assigned a User Role in their user profile.

We are often asked what are typical user roles and the permissions for each. Our suggestions.

In this Article:

Adding and Editing User Roles

The user roles available on a site are a lookup list maintained on the Admin > Lookups page.

The permissions assigned to each role are managed on the Admin > User Roles (Permissions) page.

You can create as many user roles as desired. However each role adds to the options in various places, so we recommend keeping the list of roles to only those actually needed.

NB: If your site uses timekeeping, you likely will need to edit the Funding Code block on each timeslip form if users with the new role need to edit the funding code on timeslips. Or the Contract Term Allocations block if your site uses Electronic Verification of Time or Advanced Grants Management.

NB2: If you add a new role, it will not have any Search menu links. See the next section. You will need to select the new role for each of the Search links these users should see.

NB3: If you add a new role, it may not have permission to view some section fronts, like Clinics and Organizations. The warning message will mention "search settings". To give these users access to those pages, adjust the settings on the Search tab of the Admin > Top Level Navigation Bar/Search page. For access to the Clinics section front the selector is "Roles allowed to view 'Clinic Appointments' search", for Organizations it is "Roles allowed to view 'Other Organizations' search", etc.

Parent and Child User Roles (Permission Inheritance)

See User Role Inheritance (Parent and Child Roles).

Controlling Search Menu Links by Role

The Search tab on the Admin > Top Level Navigation Bar/Search page has several options for turning off various Search menu links entirely, or by role.

Controlling Processes, Profiles, and Reports by Role

In addition to the permissions that can be assigned to a role, most processes and profiles have a Permissions section, where each user role can be given or denied permission to use a process or display a profile.

For example, if a site has an auxiliary process that allows editing the legal problem code on closed cases, permission to use that process (to see the link on a closed case) can be limited to the Administrator role. Permissions on individual processes and profiles are maintained on the Admin > Processes, Forms, and Profiles page.

Each report has a "Roles Allowed to View this Report" section, with a checkbox for each user role.

Settings on each User Role Page

Click on a role name on the Admin > User Roles (Permissions) page to see the settings for that role.

These pages include several elements:

  • Internal Permissions 
  • External Permissions 
  • Viewable Navigation Tabs (internal) 
  • Viewable Navigation Tabs (external) 
  • Viewable User Stripe Items

The external permissions and navigation tabs sections only apply if a site is configured to control access based on the IP address a user is connecting from. See Restricting Access to LegalServer by IP Address for more information. For sites that do not use this feature, only the internal settings apply.

Permissions List

The permissions list for each role primarily controls legacy links on various pages and links on the Admin page. A typical user may need no permissions checked other than Login.

Add Client Time - Allows the "Add Staff Time" link to appear in the Actions menu on cases. Sites using dynamic timekeeping can, and need to, set permissions as desired on the dynamic process used to create case timeslips.

Add/Edit Grant Filters - Allows a user to use the "Add/Edit Filters" actions link on grant pages.

Add Lookups - Allows a user to add new lookups.

Add Time to Closed Cases - Allows a user to add time to closed cases. Without this permission, a user can attempt to add time to a closed case, but will be stopped with a "Case is closed" validation failure when they try to save. NB: This permission does not apply to the Add Case Note block's mini-timeslip form (LS-85636).

Administer Bar Code Scanning

Administer Calendar Colors

Administer Clinic Settings - Allows a user to change Clinic Settings. Assumes the Clinic module is enabled.

Administer Documents: * Allows a user to edit and delete templates. Needed if you want users to see the "Edit this document" link on document profile pages. * Allows a user to delete folders in the document tree on cases, etc. NB: Users can always delete individual files.

Administer HUD Reporting - separate module

Administer Pro Bono Tools- Enables various Admin page links.

Administer Sharepoint Documents - separate module

Administer User Passwords - Allows a user to reset other user's passwords.

Administrate HUD - Allows a user to see related links on the Admin page. Assumes the HUD module is enabled.

Administrate Pro-Bono - Needed for other permissions to work: Edit Pro Bono Settings, View Pro Bono Interest Log, and View Pro Bono Opportunity Matters

Allow Access to View Other User's Profiles - Without this permission, users can only view their own profile page.

Allow Editing Affirmed And Passed Timeslips - AGM (Advanced Grants Management) - highly recommend you do not use this permission. It allows adding time to Posted pay periods, which is seldom a good idea.

Allow Editing Confirmed Timeslips - AGM

Allow Editing Distributed Timeslips - AGM

Allow Editing Finalized Timeslips - AGM

Allow Editing Verified Timeslips - AGM

Allow Mass User Updating - Enables the Mass Assignment Update link and the Mass Calendar Update link on user profiles.

Allow Shifting of Funds in Cases - AGM Admin page link

Allow User to Broadcast Events - Displays the Broadcast Event field on static calendar event forms. Broadcasting places an event on all users' calendar.

Allow User To Flag Documents As Viewable Offline - applicable to online intake sites and external forms

API (various links) - typically only needed for an "API User". Follow directions for specific APIs.

Batch Funding Code Updates - see Batch Funding Code Update Tool

Case/Client Alerts - Can Dismiss

Cases - Electronic Case Transfer List - View - If the module is enabled, controls permission to see incoming etransfers on a static Cases section front, and the direct link to the static Incoming Transfers page (Admin > Electronic Case Transfers).

Cases - Show Delete this Assignment Link

Cases - Sidebar Snapshot - View - Uncheck to hide the Snapshot New element on cases. Only hides the Snapshot New element, not the legacy Snapshot element. If the side bar has no other information to display, it is completely hidden.

Client IP Address Ranges - see Restricting Access to LegalServer by Location

Deactivate Lookups - Allows a user to mark lookup values as inactive.

Delete Notes - Enables the Transfer/Delete link on individual case notes.

Delete Other Matters - Only applies to static outreach records. Allows a user to delete outreach records, sometimes called Other Matter records. Note that the "Delete" link actually just marks an outreach record as inactive.

Distribute Timeslips - see "Time Distribute" below.

Edit Advanced System Settings - Allows a user to add/edit processes, forms, profiles, and fields/lookups.

Edit Billing Entries - Allows a user to edit billing entries in the billing list view, which is also included in the edit billing block.

Edit Billing Setup

Edit Calendar Settings

Edit Case Exception Settings

Edit Case Financial Snapshots - Assumes the Financial Snapshots module is enabled.

Edit Closed Cases - Not having this permission removes the following (mostly legacy) links on closed cases: edit the funding code, date opened, citizenship status, eligibility, and financial information. Note that fields and blocks in the main part of a case profile are controlled by their individual "Editable Dispositions" configuration and not this permission.

Edit Contact Settings

Edit Contract Attorney Information - Assumes the Contract Attorney modules is enabled.

Edit Document Settings - Allows access to the Admin > Document Settings page.

Edit Fields- Allows access to the Admin > System Field Management page, and the Custom Field Management page.

Edit Funding Code for Case Timekeeping - Allows user to change the funding code on timeslips linked to cases from the default which is the funding code of the case.

Edit Funding Code for Non-Client Timekeeping - Allows a user to change the funding code on timeslips not linked to cases or matters.

Edit Funding Code for Outreach Timekeeping - Allows a user to change the funding code on timeslips linked to outreach records.

Edit Funding Code Locks - AGM (Advanced Grants Management)

Edit Funding Code on Pending Cases - Allows a user to see and use the "Edit" link next to Funding Code in the snapshot area of a pending case.

Edit Funding Codes (Grant Management) - Allows a user to edit funding codes in the grant management section of the admin tab. This includes: 

- The source and code for funds 

- The ability to make funding codes active/inactive 

- The filtering criteria for allowing funding codes to be applied to cases/time 

- The ability to tie a dynamic process to a funding code

Edit Grant Settings

Edit Guided Navigation - separate module

Edit Help (No longer applicable)

Edit Intake Information - Allows a user to see and use the legacy "Edit Intake Information" link that appears on the Intake tab of the taskbar. The link will appear for users with this permission if there is an auxiliary process created and set for the Edit Intake Data process in Admin > Process Settings.

Edit Intake Settings - Allows access to the Admin > Process Settings page and Admin > Processes, Forms, and Profiles page.

Edit Levels of Service on a Case - see Level of Service

Edit Local Transfer Outcomes - Allows a user to edit the status of local transfer outcomes on a case that has been electronically transferred. The Edit Case Transfer Outcomes link will not appear as an available action on a case profile unless this permission is enabled.

Edit Locked Funding Codes on Cases/Outreaches

Edit LS Index Category Map

Edit Median Income Scales

Edit Message Settings

Edit Multiple Users Simultaneously - Enables a link of the same name on user profile pages. This feature allows you to change the office, program, role, active status, and password for multiple users simultaneously.

Edit Organizational Referral Criteria - Allows a user to configure the referral criteria in organization profiles.

Edit Outreach Settings

Edit Own Offices - Allows a user to change their office on their user profile page. Note: This effectively allows a determined user to bypass Restricted Programs/Offices.

Edit Own Programs (effective 2021-09-03)

  • Allows a user to change their program on their user profile page. Note: This effectively allows a determined user to bypass Restricted Programs/Offices.
  • Needed for sites using static user forms. Otherwise the Program/Project field cannot be edited.

Edit Poverty Scale - Allows a user to make changes to the poverty scales on the Admin > Poverty Scales page.

Edit Pro Bono Settings - Display the Pro Bono Settings page on Admin

Edit restricted offices/programs - Allows a user to edit the restricted offices and programs on the Admin > Restricted Offices and Programs page.

Edit Support Tickets - Allows a user to change the client priority and provide feedback on support tickets on the Admin > Support Tickets page.

Edit System Navbar

Edit System Settings - Allows a user to access to the Outreach, Timekeeping, and Process settings links in the admin tab.

Edit System Timekeeping

Edit Top Level Navigation Bar - Allows a user to edit the various settings on the Admin/Top Level Navigation Bar/Search page.

Edit Transfer Outcome Lookup

Edit Trust Account Pages - Enables the static Create New Trust or Expense Transaction link in the Actions menu on cases (the ability to add transactions); enables the Edit link on existing transactions.

Edit User Permissions - Allows a user to edit the permissions for each user role. (Admin > User Roles (Permissions))

Edit Vouchers - separate module

Edit Zip Codes - allows access to the Admin > Zip Codes page.

Forecasting View Financial Details - separate module

Front Page - View Quickbar (When Available)

Groups Module (No longer applicable)

Import and Export Lookup Values

Journal Entry Admin - AGM (Advanced Grants Management)

Login - Controls the ability to login. The Login Active field on each user's profile can still be set to "No" to prevent a user from logging in, even if the user's role has this permission.

Lookup Merge Queue - Admin page

Manage Case Transfer Settings - Allows a user to configure the lookup mappings to the Legal Server index and the case transfer settings. These include: 

  • Selecting the data sent with an electronically transferred case that agencies use to determine eligibility
  • Selecting which users should be alerted when a case is received electronically and needs review

Manage Processes - Access to Admin > Processes, Forms, and Profiles

Manage Time

  • Allows access to the following Admin pages:
    • Adjustments Made
    • Close Time
    • Leave Categories
    • Overtime Report
    • Post Leave Hours
    • Post Time
  • Enables a user selector on the Your Leave Hours page, allowing viewing of other user's leave hours.

Merge Contacts - Enables the "Merge this Contact" link on contact profile pages.

Merge/Delete Lookups - Enables the "Merge/Delete" link for lookup values in Admin / Lookups.

Merge Organizations - Enables the "Merge this Organization" link on organization profile pages.

Posted Time Admin - see "Time Posted" below.

Processes - Download PDF - Enables a "Create PDF" link in the side bar of processes that have forms that are not set to skip this ("Skip This Form When Generating Process As PDF?").

Reject Closed Cases - (Most sites do not use the legacy Data Error side bar element referenced here) Allows a user to reject closed cases via a legacy link. Removing this permission removes the legacy Data Error tab that can appear in the taskbar on cases (that tab includes a "Reject case" link). Note that this permission only removes the Data Error tab from closed cases. See "View Data Error Tab" in permissions below. Administrators can also remove the Data Error tab from open and closed cases by disabling the Side/Action Menu Data Error element on the Main Profile in Admin > Processes, Forms, and Profiles.

Re-Open Closed Cases - Enables the "Re-open case" link on closed cases if the Closing Options element is used.

Re-Open Rejected Matters - Enables "Re-open Application" and "Re-open Intake" links on rejected prescreens and intakes, respectively.

Report Management - Enables the edit links next to report names and the "Add New Report" actions link on the main report page. Users with this role can run and edit any report regardless of the role permissions set on individual reports.

Reports - API Access - Enables the ability to allow API access to reports.

Resolve Timeslip Questions - Allows the user to resolved timeslip questions. Only applicable if the advanced time distribution module is enabled.

Review Waiver Requests - Enables the Waiver Requests link on the Admin page if the Waiver module is enabled.

Run Reports that take more than 10 Minutes - should only be enabled, if at all, for the Administrator role.

Send Status Updates - see Requesting Status Updates from Pro Bono Advocates

Show Branch in Admin - no longer applicable - all sites are on the same code branch

Show Future Reports - typically only enabled on demo sites- Enables the Future Reports tab on a static Reports page.

Show Hidden Folders in Documents List - Allows access to certain folders on the main Documents page such as Logos.

Show Save Report Button - Displays the "Save Report" button when running a report, allowing the user to save a version of the report to the Saved Reports list.

Show Search Link - Allows the user to see the Search link/menu, and search for client names, case IDs, etc.

Site-Specific Lookup Management - enables the Admin page link to Custom Lookup Management. ("Site-Specific" is the old term for Custom fields and lookups).

Top Navigation Bar - Show My Assignments Link (old interface only - no longer applicable)

Time Distribute - AGM only. Previously labeled "Distribute Timeslips". Controls what it sounds like. Also controls whether you see the "Summary" Actions menu link on the main Timekeeping page.

Time Finalize - AGM only. New as of 2024-06-14.

Time Posted - AGM only. Previously labeled "Posted Time Admin". Enables the Posted Time link on the Admin page.

Time Verify - AGM only. Previously labeled "Verify Timeslips".

Undistribute Time - AGM (Advanced Grants Management)

Users: Add/Edit - Allows adding new users and editing existing users. This permission is commonly granted to a role such as "Pro Bono Coordinator" so that person can manage the user profiles of the pro bono panel. This permission only affects the legacy static processes and forms. Sites using dynamic processes and forms control the ability to add and edit users by setting user role permissions on those processes.

Verify Timeslips - see "Time Verify" above.

View Activity Presets - see Activity Presets

View All Cases - Allows a user to view all cases, regardless of any restrictions that may be placed on particular offices or programs via the Admin > Restricted Program and Offices page, or via the Case Restrictions field on individual cases.

View All Documents - Allows a user to view all documents (files), regardless of any restrictions placed on documents.

View All Non-Client Time - Allows a user to view other users' non-client time.

View Billing List - Admin page link

View Billing Report - Admin page link

View Brochures- Allows access to the Admin > Brochures page.

View Bulk Referral List - Admin page link

View Common Party List - Admin page link to manage the list of Common Adverse Parties.

View Communications - Allows access to the Admin > Communications page (i.e., the Communications Manager feature).

View 'Data Error' Tab - Legacy case profile element - Do not use. Includes the "Data Error?" tab in the taskbar of a case profile. The tab includes a link to reject a case. Administrators may prefer to disable this permission and use the permissions settings on the Reject Case process in Admin / Processes, Forms, and Profiles.

View Deleted Notes Log - Enables the Deleted Notes link on the Admin page, which displays all deleted and transfered case notes.

View Document List - Allows access to the Admin > Documents page. This is the same page as the navigation bar Documents tab if that is enabled.

View/Edit Donations - Allows a user to work with donation records.

View Edit Form Link - Displays a link on dynamic forms and dynamic profile pages that displays the edit page for that form or profile (instead of manually going to Admin > Processes, Forms, and Profiles and finding the form or profile).

View/Edit Restricted Notes

View/Edit Social Service Notes

View Electronic Case Transfers - Admin page link

View Electronic Field Transfers - Admin page link

View Grant List

View Message Center

View Messages

View Navigation Tabs - Allows a user to view the navigation tabs along the top of the page and the red Search link. Not having this permission is a common setting for pro bono advocates or students that are only able to access cases to which they have been assigned using the list of current assignments on the home tab.

View Office Locations - Admin page link

View Others' Private Calendar Events

View Other Users' Time - Removing this permission has the following effects: Hides the user filter on the Timekeeping Log so users with this role can't see other's time; Hides the time entries on other's user profile pages; Hides other's time on reports.

View Outreach List

View Pro Bono Interest Log - Admin page link

View Pro Bono Opportunity List (Home) - Enables this list on the home page if Pro Bono Opportunities is enabled in Admin.

View Pro Bono Opportunities Matters - Admin page link

View Publications Queue

View Site Settings - Admin page link

View Support Tickets - Admin page link

View System Speed Information - Enables the System Speed link on the Admin page, which displays various statistics regarding page load times, ping times, etc.

View Template Links (Hotdocs) - separate module

View Timesheet - Allows a user to view the links in the timekeeping tab for viewing time sheets and attendance records if enabled.

View time within office - Allows a user to view all time associated with the user's current office, as well as the user's own time for any office.

View User List - Without this permission, someone who can get to Users section front would see "Permission denied" instead of the usual Staff and Pro Bono lists of users.

Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.

Still need help? Contact Us Contact Us