GuardianERM.Net Help       Table of Contents

As incident data may contain sensitive or personal information, GuardianERM.Net has the following security measures in place:

1. A user with Incident Management authority and read (or write) access to an organisation unit to which an incident is attached, the user will have unrestricted access to the incident.
2. A user with Incident Management authority can also reopen a closed incident if the incident was closed within the last 7 days.
3. A user with Incident Management authority can access the Incident Code Maintenance page to add, modify or delete items on dropdown lists.
4. A user with Incident Management authority can access the Incident Code Maintenance page and restrict certain data fields to be modifiable by users with Incident Management authority only.  This restriction will override all otherwise unrestricted access.
5. A user without Incident Management authority but has write access to an organisation unit has unrestricted access to all incidents attached to that organisation unit.
6. A user has unrestricted access to incidents the user originally created.

Note: "Unrestricted Access" by users other than those with Incident Management authority is still restricted by data field restriction if implemented.  To implement data field restriction, the system administrator has to set the system parameter "IncidentRestrictEdit" to True and a user with Incident Management authority specifies the fields to be restricted on the Incident Code Maintenance page under Restricted Fields.