Module authorization levels

The System authorization level grants system administration, as the SysAdmin role does. In fact, they are intrinsically paired; If you give a user Level 8 authorization for System, they automatically join the SysAdmin role; if you remove that Level 8, they automatically drop the SysAdmin role.

Do not remove a user's SysAdmin role without also lowering the System level; parts of the system that consider them an administrator will conflict with the parts that do not. Make sure they have both or neither.

Levels 0-6 in the System drop-down have no effect on the out-of-the-box content that the staff user can access. The only level in the System drop-down that affects out-of-the-box access is level 8 - System Setup, which automatically applies the SysAdmin role to the user.

When the user is a SysAdmin, they have access to all navigation items and functions in the Staff site, and they do not need to be assigned any other module authorization level.

Review the following to understand what out-of-the-box functionality becomes available based on the level assigned: 

• Level 2 - Reports:
  • Membership dashboard
  • Contact, Membership, and Accounting reports (must also be in the Reporting Users Full Control security set)
• Level 4 - Full Entry/Edit:
  • Membership > Automatic payments > Enrollments (must also have Dues - 4)
• Level 5 - Table Maintenance:
  • Enable the Assign purchaser to a group setting when defining products (must also have Orders - 4)
• Level 8 - System Setup:
  • Managing duplicates

Review the following to understand what out-of-the-box functionality becomes available based on the level assigned: 

• Level 4 - Full Entry/Edit:
  • Generating membership renewals
  • Issuing renewal notifications
  • Reversing open invoices (must also have Finance - 4)
  • Membership > Automatic payments
• Level 5 - Table Maintenance:
  • Billing cycles
  • Billing products
  • Prorating rules
• Level 8 - System Setup:
  • Managing expired members

Review the following to understand what out-of-the-box functionality becomes available based on the level assigned: 

• Level 2 - Reports:
  • Event dashboard
  • Event reports (must also be in the Reporting Users Full Control security set)
• Level 5 - Table Maintenance:
  • Creating events
  • Event templates
  • Event pricing group management (must also have Orders -5 OR only have Finance - 5)
• Level 8 - System Setup:
  • Managing duplicates

Review the following to understand what out-of-the-box functionality becomes available based on the level assigned: 

• Level 1 - Basic Display Only:
  • Gift requests
• Level 2 - Reports:
  • Fundraising dashboard
  • Fundraising reports (must also be in the Reporting Users Full Control security set)
  • Finding gifts
  • Moves management dashboard
• Level 3 - Limited Entry/Edit:
  • Entering gifts
  • Receipting
  • Tribute notifications
  • Gift Aid
  • Reversing open pledges
• Level 4 - Full Entry/Edit:
  • Automatic payments for donations
  • Importing donations
  • Premium set management
• Level 5 - Table Maintenance:
  • Adding new gift items
• Level 8 - System Setup:
  • Managing duplicates

Review the following to understand what out-of-the-box functionality becomes available based on the level assigned: 

• Level 2 - Reports:
  • Commerce dashboard
  • Commerce reports (must also be in the Reporting Users Full Control security set)
  • Finding orders
• Level 4 - Full Entry/Edit:
  • Adding products
  • Processing orders
  • Creating and modifying inventory receipts
• Level 5 - Table Maintenance:
  • Creating promotion codes
  • Managing product groups (must also have Events - 5 OR only Finance - 5)

Review the following to understand what out-of-the-box functionality becomes available based on the level assigned: 

• Level 2 - Reports:
  • Finance dashboard
  • Pay Central dashboard
  • Finding and adjusting invoices
  • Finding and adjusting payments
  • Finding and posting batches
• Level 4 - Full Entry/Edit:
  • Closing procedures (credit invoices, invoice write-offs, GL export)
• Level 5 - Table Maintenance:
  • Product and event pricing groups (or have Orders - 5 & Events - 5)

Review the following to understand what out-of-the-box functionality becomes available based on the level assigned: 

• Level 3 - Limited Entry/Edit:
  • Managing enrollments by program and/or enrollee
  • Managing pending approvals
  • Providers
• Level 4 - Full Entry/Edit:
  • Managing inactive enrollments
  • Creating and editing programs
• Level 5 - Table Maintenance:
  • Creating and editing unit types

The following navigation items have the Administrators Full Control set applied:

• Reports: All reports, Content reports
• RiSE 

Note: Although the RiSE navigation has the Administrators Full Control security set applied, you do not have to be a system administrator to have access to RiSE. See Granting a staff user access to RiSE without making them a system administrator.

• Settings

When the Reporting Users Full Control security set is applied to navigation, only those who have the Reporting security group selected have access to those navigation items. The following navigation items have the Reporting Users Full Control set applied:

• Contact reports: Reporting Users Full Control + Customers 2
• Membership reports: Reporting Users Full Control + Customers 2
• Accounting reports: Reporting Users Full Control + Customers 2
• Fundraising reports: Reporting Users Full Control + Fundraising 2
• Event reports: Reporting Users Full Control + Events 2
• Commerce reports: Reporting Users Full Control + Orders 2
• Certification reports: Reporting Users Full Control
• Report Writer: Reporting Users Full Control

To add the Reporting security group to a staff user's account, do the following:

1. Go to the staff users account page.
2. Click the Security tab.
3. From the Security groups area, select Add.



4. Enable Reporting, then click OK.



5. Click Save.

There are several navigation items under Marketing that require specific security groups:

• Campaign Users Full Control
  • Campaigns: Track campaigns, Define campaigns, Define inserts, Record responses, View output, Import source codes
• Campaign Admins Full Control
  • Campaigns: Settings
• Segmentation Users Full Control
  • Defining segments
• Segmentation Admins Full Control
  • Segmentation settings
• RFM Users Full Control
  • Run analytics
• RFM Admins Full Control
  • RFM settings
• Opportunity Users Full Control
  • Process manager: Projects, Tasks
• Opportunity Admins Full Controls
  • Process manager settings

To add any of these security groups to a staff user's account, do the following:

1. Go to the staff users account page.
2. Click the Security tab.
3. From the Security groups area, select Add.



4. Enable any of the following:
   • CampaignUser
   • CampaignAdmin
   • SegUser
   • SegAdmin
   • RFMUser
   • RFMAdmin
   • OpportunityUser
   • OpportunityAdmin
5. Click OK, then click Save.

Note: See Contact account pages (Party.aspx) for more specific information about security when viewing contact and organization pages.

Note: See Contact account pages (Party.aspx) for more specific information about security when viewing contact and organization pages.

Note: If you are not a SysAdmin, you must be at least a Full user who belongs to at least one content authority group to have access to certain areas of RiSE. Public users who are members of a content authority group cannot access RiSE, but they can interact with content records by using Easy Edit. See Administering security for more information about Full and Public user access.