Restricting Access to Cases and Links on Cases
LegalServer provides several ways to restrict access to cases and links on cases.
Administrators can restrict access to groups of cases based on office and/or program on the Admin > Restricted Programs/Offices page. A case that is assigned to a restricted office or program can only be viewed by:
1. Users who are assigned to that office or program (in the user's profile)
2. Users who are specifically assigned to the case (regardless of that user's office or program)
3. Users whose role has the "View All Cases" permission (typically administrators); this permission may alternately be labeled "Cases: View All".
Administrators can also set the Restriction Type to Intake, Assignment, or Both. This determines the assignments that are checked when determining if a user can view a case. "Intake" applies the restriction based on the intake assignment while the matter is an incomplete intake. "Assignment" applies the restriction based on the primary assignment after the matter is set to a pending or open case.
A user must pass all office and program tests to view a case (or meet one of the exceptions in 2 or 3).
Administrators may want to remove the "Edit Own Offices" user role permission from most user roles to prevent a user from bypassing an office restriction by changing their office. There is no corresponding permission to prevent a user from changing their Program (Ref: 69594).
Sites using dynamic User forms and processes can prevent users from changing both office and program by removing permission on a dynamic Edit System Information process.
Limit Users to Viewing Cases Assigned to Certain Grants
Administrators can limit users to viewing only cases assigned to one or more grants/funding codes.
NB: A user's role having the "View All Cases" permission overrides this restriction. A user being assigned to a case overrides this restriction.
This requires having the "Funding Code Restricted Cases Allowed to View" block on a user form (available 2020-11-06). The block displays a multi-select list of grants. If one or more grants are selected for a user, that user will only be able to view cases assigned to that grant. Clicking on the case number for a case assigned to any other grant will tell the user "You are not allowed to view this profile".
Case Restrictions Field
Use this field to restrict access to cases on a case-by-case basis to any combination of: Currently Assigned, Current Office, or Current Program.
Anyone with a user role that has the "View All Cases" permission can access the case regardless of any restriction set with this field.
A common use of this field is with an auxiliary process and form. The auxiliary process, often called "Case Access Restrictions", is added to the Actions menu. Administrators often set the role permissions on the auxiliary process so only users assigned to certain roles will see the Actions menu link. The auxiliary form contains the Case Restrictions field.
Another way to use the Case Restrictions field is to place it on an intake form. If the intake becomes a case, the case keeps the restriction created during the intake. Administrators can hide this field on an intake form, choose one of the 3 options to be set, and restrict access to any cases created with that intake process.
Case Exclusions Field
Use this field to exclude selected users from accessing cases on a case-by-case basis.
Anyone with a user role that has the "View All Cases" permission can access the case even if they are selected. A user being assigned to a case does not override the exclusion. Like the Case Restrictions field, administrators would typically put this field on an auxiliary form and create an auxiliary process that only the Administrator role has permission to use.
Exclude from Search Results Field
Setting this field to Yes on a case will prevent the case from showing up in searches on the client's name. Like the Case Restrictions and Case Exclusions fields above, this field is typically placed on an auxiliary form, behind an auxiliary process that is limited to Administrators or a select set of user roles.
Caveat one: A search by Case ID will still display the case, assuming the person searching has permission to view the case.
Caveat two: This does not hide a case on a client profile page. For example, assume Jane Smith has two associated cases (Case A and Case B). Case B has this field set to Yes. Case B will not show up in a search for Jane Smith, but Case A will. If you click on her name to view her client profile, both Case A and Case B will be listed.
User Role Restrictions
Several user role permissions can affect the links that are available on cases. See User Roles and Permissions for more information.
The Pro Bono Restricted Access Role is designed to allow users to only see and work on cases they are specifically assigned to.
User Role Permissions on Links (Dynamic Processes)
Dynamic processes generally place links on specific pages. Each dynamic process can be restricted by user role. For example, an Edit Closing Information link may be restricted to only the Administrator role. See Process Management for more information.
Prevents information on a form from being saved unless the user has at least one of the permissions selected in the block configuration. It does not prevent a user from seeing the form. The list of permissions is from the User Roles Permissions page. Controlling permissions on dynamic processes generally provides more flexibility than this block.
Reports and Searches
Case restrictions do not limit what users can see in reports or search results. If a user clicks on a case number in a report or search results, case restrictions will apply and may deny permission to view that case, but any information in report columns or search result columns can be seen.
See the Reports Manual for blocking access to individual reports, and restricting results by filters, including locked filters.