Creating and Utilizing Additional System Access
Understanding the Creation and Use of Additional System Access in Your Environment
Written by Thadeus Godfrey
Updated at September 22nd, 2025
Table of Contents
Introduction
There are certain scenarios where creating additional system access is the best option for securing certain fields on forms via rules, or access to forms via Workgroup behavioral conditions.
Example scenario(s):
- There is a read-only field on a form that should only be accessible for viewing or editing by a specific group of users.
- Within a Workgroup that is used by a wide range of users, certain menus or forms within the Workgroup should only be accessible to a select subset of users.
Recommended Approach:
To ensure proper access control, it is advisable to create additional system access permissions tailored to those specific users who require access to these restricted fields, forms, or features. This will allow the necessary users to have the appropriate level of access within the system while maintaining security and confidentiality for others.
Creating Additional System Access:
To create Additional System Access permissions, follow the navigation path below. Please note that this is the baseline navigation path. The navigation path for customized environments may vary:
Home >> Global Administration >> User Management >> Additional System Access
The screenshot above shows the Additional System Access form. Here, you can set the Value, Name, Category, and Help Text for the system access permission. Please note that after filling out the fields, you must either press the "+" button or hit Enter, followed by saving the changes for them to be applied.
-
Value: A numerical value that is assigned to the system access, this is used to call or reference the access when creating rules and conditional statements. To reference or call this value in a rule or condition, use the @Access-1@ variable with the assigned value that references the desired system access. In this case, @Access-1@ would call the “Test Feature Access”, while @Access-2@ would call the “Edit Provider Field” system access using the Additional System Access setup in the screenshot above.
- Note: There are two variable formats you can use, @Access-1@ and @CustomAccess@ == 1 are interchangeable to reference Additional System Access. Generally, the variable format @Access-1@ is used.
-
Please be advised that modifying this value may inadvertently grant certain users, who previously had access based on the old value, permissions to fields and forms they should not have access to. As a best practice, it is recommended to delete the previous access or increment the value when deprecating previous feature access. However, if you choose to retain the current value, it will be essential to conduct a thorough review of all users who had previous access, ensuring that their access to the new feature is appropriate.
-
Name: This is the name of the Additional System Access that appears on the User Setup form.
- Category: The category the permission can be grouped into under Additional System Access on the User Setup form.
- Help: Help text which is editable on the Additional System Access form and is viewable as help text for the additional system access on the User Setup form.
Using Additional System Access in Rules:
Now that we know how to create the Additional System Access, let's apply it to a rule on a form.
In this example, we will define two distinct rules that enable a user to edit and delete an assessment, provided they have been granted the designated Additional System Access that we will configure.
First, we must create the additional system access for our purpose. We can do this by navigating to:
Home >> Global Administration >> User Management >> Additional System Access
Edit Assessment Access:
Delete Assessment Access:
Next, we will create the Edit Assessment rule on the Assessment Form. Begin by selecting the Action Item Menu, followed by the desired Action Item, in this case, "Edit Assessment." Then, click the lightning bolt icon, which represents the rules section. Finally, select "Add New" to start creating the rule.
Please note that the process for creating the Delete Assessment rule is identical, so we will only demonstrate the steps for creating the Edit Assessment rule.
Here, you can choose from the ‘Simple,’ ‘Formula,’ or ‘Manual’ options, depending on your preference. For this example, we will select ‘Manual.’
After selecting "Manual," we will fill in the Formula text box with a reference to the Additional System Access required for editing an assessment. To do this, type @Access-2@ == 1. This formula ensures that a user must have this specific additional system access enabled in their user permission settings. Once this is done, we will select "Actions" in the lower right-hand corner.
Select “Add Action”.
Next, we will select the target button, "Edit Assessment," and set the condition to "Perform this action when true." Additionally, we will set the "Visible" option to "Yes." This ensures that a user must have the required permission to see and access the "Edit Assessment" action item. Once complete, select "Done" to save the rule.
It is important to create an inverse action to handle both scenarios. If the user has the required permission, the option will be visible; if they do not, the option will be hidden. To achieve this, select the same target button, set the condition to "Perform this action when false," and set "Visible" to "No." This ensures that the "Edit Assessment" action is hidden from users who do not have the necessary permission.
Select “Done” and then “Save Rule”.
After the rule is saved, be sure to save the form to ensure that all changes are applied and retained.
The process for creating the rule is the same for the “Delete Assessment” option, so we will not go over it in detail.
Now, we must ensure the rule is functioning correctly. To test this, we navigate to the Assessment form where we created the rules. You should notice that both the "Edit Assessment" and "Delete Assessment" options are missing from the list, as they are hidden because the user does not have either of these permissions.
Once we verify and adjust the necessary permissions, the action items "Edit Assessment" and "Delete Assessment" will appear on the list, as they are now visible to users with the appropriate access.
Using Additional System Access for Workgroup Conditions:
In this example, we will configure the Case Notes form to be accessible exclusively to users with the Case Notes (@Access-3@) additional system access permission.
First, we must create the additional system access for our purpose. We can do this by navigating to:
Home >> Global Administration >> User Management >> Additional System Access
Having established the additional system access for Case Notes, the next step is to access the Workgroup Designer for the specific Workgroup where the restriction will be applied. Once in the designer, navigate to the form's location and select the 'Behavior' tab at the top of the page.
Here, we can define the condition specific to our Case Notes additional system access that was created, using the @Access-3@ variable to reference the access. Ensure that all changes are saved.
Now that the condition has been defined for Case Notes, we can check to see if the restriction is in place. For this user's configuration, it is apparent that they do not have access to the Case Notes, which disables the form and prevents the user from accessing it.
Please note that Case Notes is grayed out, indicating that it is disabled.
To grant access to the Case Notes form for this user, they must be granted the additional system access permission for Case Notes. Once the permission is granted ensure that the change is saved.
The user has now been granted Case Notes permission, which gives them access to the Case Notes form. Please note that a browser refresh may be required for the changes to take effect.
