About the White Paper:
CS&O builds database applications in a manner that complete control over user?s access to the data in the system can be maintained. Every user that has access to enter data into an application belongs to a specific security group and can only view the data that belong to that group. Since CS&O applications can host multiple entities within an organization or association, security groups can have several levels. In a single level configuration, each client record entered into an application is assigned to the organization to which the logged in user belongs. All client selection screens and all reports contain only the clients belonging to the same organization as the logged in user. This prevents any user accessing data belonging to another organization. Within an organization, security can be configured so that entities can report aggregated data to a parent organization or association without allowing the parent to access confidential data identifying individual clients. At the time of application setup, CS&O can either grant or deny the parent organization the ability to run comparison reports across its entities. CS&O builds its applications using a modular approach to provide further flexibility in controlling access to data. Every application screen, function, and report is a module that can be disabled for a specific organization, entity or individual user account thus preventing access to the specific data displayed by that feature. Once a screen or function is disabled, every report that contains data from that screen or function is either disabled or will exclude those particular data. In addition, CS&O applications can be configured so that individual users within an organization are only allowed to access individual clients assigned specifically to them without being able to access data on other user?s clients. Finally, user identifications can be established that only allow global reporting of aggregate data without access to individual client records. |
