Fluxx has a great article that talks through everything laid out below (though not with specifics for the WPP).
You can find that article by following this link: https://fluxxdev.atlassian.net/servicedesk/customer/portal/1/article/1281262519?src=-2090497834
The "Profiles" assigned to a user in Fluxx determine what Portal the user in question has access to. This is a critical piece of user creating as a user created without the correct profile added will likely be unable to perform that task(s) required of them (i.e. submitting a Reporting Requirement as a Grantee or submitted an Application Review as a Reviewer).
Screenshot showing a user record configured with the four profiles that the WPP is currently using (Employee, Grantee, Progress Report Reviewer, and Reviewer)
Read through the list below to get a sense for which Profiles the WPP has attached to users and how each profile is used.
Auditor – Currently not in use. This is the description that Fluxx gives for how they would recommend this profile be used:
"Often Used to grant Read-Only access to Auditors. Generally, for this type of access 'List All' and 'View All' permissions on the profile is sufficient. If you wish to limit access to the Auditor to certain models, then a more granular permission breakdown will be required on a model-by-model basis."
Board – Currently not in use. This is the description that Fluxx gives for how they would recommend this profile be used:
"The Board profile is mainly used to provide visibility to Organization, User, Grant, Report and Payment information. The option to add the request card on the add card menu is hidden. To provide the option for a Board member to add the Request card choose the option in the Admin Panel Global Settings 'Let Board Members See Requests'. (This only applies when using the Fluxx Dashboard)
For the main model types Reports, Transactions and Organizations the Requests connected data tab is hidden for Board member profiles (only applies when using the Fluxx dashboard)."
Consultant – Currently not in use. This is the description that Fluxx gives for how they would recommend this profile be used:
"The Consultant profile can be used in any number of ways. A client can provide access to grant information via the simpler External portal or, where consultants are working more closely, can provide access via the Fluxx dashboard similar to employees. Permissions can then be provided on a model-by-model basis to control what the consultant has rights to view/update/create/delete."
Employee – In use. Gives access to the Employee Portal, which is the main portal for WPP staff. Allows staff to perform their regular tasks and review all of the records stored in the database.
Fluxx gives this description for the Employee Profile:
"The Employee profile is normally the profile with the highest level of permissions within the system. This profile usually is assigned to the clients day to day internal users. If the client plans to use multiple 'Employee' profiles it is recommended that the number be identified and created at the start of the build. (It is enough to create placeholders if the full permission map has not been decided). This will assist in setting visibility on fields in the form builder. E.g. If you add an employee profile AFTER the build is complete then that profile may need to be added to employee-only fields in the form builder."
Grantee – In use. Gives access to the Grantee Portal, which is the main portal for WPP applicants and grantees. Allows grantees to edit and submit grant applications as well as work on/submit their reporting requirements and grant amendments.
Fluxx gives this description for the Grantee Profile:
"The Grantee profile is normally the profile with the lowest level of permissions within the system. This profile usually is assigned to the clients day to day external users. It's possible to create multiple grantee profiles, but not advisable because it causes issues with the LOI connect function of creating new grantees (which can only default to one grantee profile)."
Progress Report Reviewer – In use. Gives access to the Progress Report Reviewer Portal, which allows PERC and OAC members to view and review Progress Reports submitted to the WPP by Grantees.
Fluxx does not give a default description for this Profile type because we created this profile (it does not exist in Fluxx by default).
Reviewer – In use. Gives access to the Reviewer Portal, which allows reviewers to see, edit, and submit reviews for grant applications.
Fluxx gives this description for the Reviewer Profile:
"Reviewer profile is used to review Requests and Request Reviews. Only users with the Reviewer profile can see the Request Review and Request side by side (called dual pane) and will be the only users to show up in the Reviewer Selector component."
Super User – Currently not in use. Fluxx gives this description for the Super User Profile:
"The Super User profile has the same rights as an Admin in the dashboard but without access to the Admin Panel or the ability to grant full Admin rights to other users on the User card. This profile acts like the Admin role and can override any role-based permissions set up in a workflow. If you are adding this profile, you will not need to update your visibility settings in the Form Builder as Super Users will be able to see anything not restricted by guard instructions (much like a regular Admin). This type of user does not need any specific permissions applied to the profile, either. The system will handle them as an Admin-like user."
If Profiles determine WHERE in the system a user can access, Roles determine what the user can do when they're there.
Roles form the backbone of user permissions – most actions that can be taken in the system like submitting a Reporting Requirement or Grant Application allow users to take those actions based off of what Role they have attached.
Usually Program Roles on a User record should match 1:1 with the Profiles/Portals that the User has access to – if the user has access to the Reviewer Portal, for example, they should almost always have the Reviewer Program Role as well so that they can actually perform the tasks of a Reviewer like submitting an Application Review.
Screenshot showing a user with two Program Roles assigned – a "Grantee" Role and a "Reviewer" Role. The screenshot also shows that the user also has both the Grantee and Reviewer Portals selected. Note: As stated above, Program Roles on a User record should usually match 1:1 with the Profiles/Portals that the User has access to
Read through the list below to get a sense for which Program Roles the WPP has attached to users and how each Role is used.
Board – Currently not in use. Would be used for any workflows that need to be performed within the "Board" portal.
Executive Director – Currently not in use. Would be used for any workflows that need to be performed by an "Executive Director" (or other director, we can also change the name of this) of the WPP within the "Employee" portal.
Finance – In use. Used for employees who are part of the Finance Team and need to approve FSRs, Progress Reports, Audited Financial Statements, etc. Allows them to take actions within the "Employee" portal.
Grantee – In use. Used for all Grantees. This role allows grantees to submit Applications, Reporting Requirements, Grant Amendments, and every other activity found within the "Grantee" portal.
Grants Management Staff – In use. Used for other WPP employees who are neither Finance Team nor Program Officers (see below for more information of Program Officers). Allows these users to take actions within the "Employee" portal.
Progress Report Reviewer – In use. Used for all people who review Progress Reports (usually PERC or OAC members). Allows them to edit Progress Report Reviews within the "Progress Report Reviewer" portal.
Program Staff – In use. Used for Program Officers for either PERC or OAC to review, move along in the workflow, and official grant applications from grantees. Also allows Program Officers to move forward/approve Progress Reports and Grant Amendments. All actions that can be taken with this Role can be found within the "Employee" portal.
Reviewer – In use. Used for all reviewers. Allows reviewers to see the reviews assigned to them as submit them with the "Reviewer" portal.
As you may have noticed from the screenshots shown in this article, each Role has text next to it that says (Role)", All Programs" (bolded for emphasis).
When going to add a Role to a user, the system will also ask you which Programs that role should apply for. Within Fluxx, a Program is the equivalent of the WPP's Funds (i.e. PERC, OAC). Specifying a Program here will ensure that the Role's permissions settings only apply in regards to records that match the same Program type as the one listed on the user record. For example, if I list user X with a Grantee Role but only for the Program PERC, the user will be perfectly able to perform Grantee-security-checked actions on records that are listed under the PERC Program, but on any grant/grant applications that are listed under the OAC Program they won't have an option to say, submit the application.
It is therefore recommended to always select "All Programs" when assigning a program with a Role. This will ensure that user will always be able to perform actions that they should have access to.
