# Maica Permissions Sets

## How is Access Managed in Maica?

Now that Maica is all configured and ready to go, we need to make sure that your team has access to all the relevant pieces needed to fulfil their function.  In order to do this, Maica leverages standard Salesforce [Permission Sets](https://developer.salesforce.com/docs/atlas.en-us.securityImplGuide.meta/securityImplGuide/perm_sets_overview.htm) to provide access to its range of features.

A **Permission Set** is a collection of settings and permissions that give users access to various tools and functions without changing their profiles. Now, what does that actually mean?! 

For example, let’s say you have several **Plan Managers** who need the ability to enter `Invoices` and Claim funds from the Agency.  Assign this user the `Maica - Manage Plan & Service Booking` Permission Set to ensure they can access the features and functionality required in this process.

Taking this a step further, assume that only 1 of these Plan Managers needs the ability to delete a Service Booking.  Assign this user the `Maica - Delete Service Booking` Permission Set in addition to the one above to enable this additional functionality.

{% hint style="info" %}
The `Permission Set` is complementary to their `Profile`, meaning it provides access to these Maica features **in addition** to what is already provided via their existing `Profile` 
{% endhint %}

## Maica Permission Sets

The table below provides an overview of the standard Maica Permission Sets.

<table><thead><tr><th width="214">Permission Set Name</th><th>Access Provided</th></tr></thead><tbody><tr><td><code>Maica - General User</code></td><td>Provides access to all the base Maica functions, such as Apex Classes and Components.<br><br>This needs to be assigned to <strong>all</strong> of your Maica users.</td></tr><tr><td><code>Maica - System Permissions</code></td><td>This Permission Set contains the following required permissions:<br>- CRUD to access to <code>Plan</code>/<code>Plan Budget</code><br>- CRUD to access to <code>Service Booking</code>/<code>Booking Item</code><br>- <code>Customize Application System Permission</code>.<br><br>This needs to be assigned to <strong>all</strong> of your Maica users.<br><br><span data-gb-custom-inline data-tag="emoji" data-code="2757">❗</span>This Permission Set is <strong>not part</strong> of the Maica Managed Package but is manually installed via <a href="https://github.com/VerticAU/MaicaPostInstall">this link</a> as shown in this online <a href="https://www.loom.com/share/748b7342d0b6411789c458366e23bd17">demonstration video</a>. <br><br><em>The reason we need to do it this way is due to the Salesforce restriction that prevents us from including System Permissions and objects with a Master-Detail relationship to a standard object (Contact) to a package's Permission Sets.</em></td></tr><tr><td><code>Maica - Manage Plan &#x26; Service Booking</code></td><td>Please see the matrix below.</td></tr><tr><td><code>Maica - Manage Invoice &#x26; Claiming</code></td><td>Please see the matrix below.</td></tr><tr><td><code>Maica - Delete Service Booking</code></td><td><p>Provides the ability to update the Service Booking <code>Status</code> = <code>Deleted</code> in both PRODA and Salesforce. <br><br><span data-gb-custom-inline data-tag="emoji" data-code="2757">❗</span>When a <code>Service Booking</code> is Deleted the record is not deleted from Salesforce.  The <code>Status</code> is set to <code>Deleted</code> and you will no longer be able to interact with this <code>Service Booking</code>.</p><p></p><p>Note: Users without this Permission Set cannot see the <strong>Delete</strong> option in the <strong>Manage Service Booking</strong> Quick Action accessed from the <code>Service Booking</code> object.</p></td></tr><tr><td><code>Maica - Manage Crediting</code></td><td>Provides the ability to use the <code>Credit Management</code> component accessed on the Invoice record and Invoice List View.<br><br>The Claim Management component is described in more detail here.</td></tr><tr><td><code>Maica - Manage Maica Settings</code></td><td>Provides the ability to view and edit all the specific settings contained within the Maica Settings tab.</td></tr><tr><td><code>Maica - Handle NDIS Notifications</code></td><td>Provides the ability to handle and process the NDIS Notifications or Webhooks.<br><br>Please make sure the associated <code>Guest User</code> of the selected Site has this Permission Set assigned.  You <strong>do not need</strong> to grant this to individual Maica users.</td></tr><tr><td><code>Maica Client Care - General User</code></td><td>Provides access to all the base Maica Client Care functions, such as Apex Classes and Components. This needs to be assigned to all of your Maica Client Care users.</td></tr><tr><td><code>Maica Client Care - Quick Appointment Completion</code></td><td>Provides the ability to Quick Complete the Appointment.</td></tr><tr><td><code>Maica Client Care - Timesheet Approval</code></td><td>Provides the ability for a user to approve a Timesheet via the Timesheet Tab.</td></tr><tr><td><code>Maica Client Care - Timesheet Management</code></td><td>Provides the ability to manage Actual Dates on the Appointment.</td></tr><tr><td><code>Maica Client Care - Timesheet Submission</code></td><td>Provides the ability for a user to submit a Timesheet via the Timesheet Tab.</td></tr><tr><td><code>Maica Client Care - Unavailability Management</code></td><td>Provides the ability to manage Unavailability on the Planner.</td></tr><tr><td><code>Maica Client Care - View Appointment Cost</code></td><td>Provides the ability to see Appointment Cost when managing Appointments. This will provide the user with the ability to see the total cost of the Appointment being managed.</td></tr><tr><td><code>Maica Client Care - Manage Appointment Breaks</code></td><td>Provides the ability to create Unavailability records, marked as Appointment Breaks, that are associated with Appointments.</td></tr><tr><td><code>Maica Client Care - Planner Filter Administration</code></td><td>Turns the ability to use the Planner Filters either on or off.</td></tr><tr><td><code>Maica Client Care - Create Billable Client Notes</code></td><td>Provides for the ability to mark a Billable Client Note as Non-Billable via a toggle on the user interface.</td></tr></tbody></table>

### Permission Sets for Maica Object Access

In cases where **Maica Client Care** users are required to access object data from within the **Maica Client Management** solution, the following Permission Sets are part of **Maica Client Management** to control this access. These can be assigned to **Maica Client Care** users as appropriate.

<table><thead><tr><th width="217">Permission Set Name</th><th>Maica Client Management Object Access</th></tr></thead><tbody><tr><td><code>Plan Management</code></td><td><ul><li><code>Booking_Item__c</code></li><li><code>Compliance_Check__c</code></li><li><code>Plan__c</code></li><li><code>Plan_Budget__c</code></li><li><code>Plan_Goal__c</code></li><li><code>Support_Category__c</code></li><li><code>Registration_Group__c</code></li></ul></td></tr><tr><td><code>Billing</code></td><td><ul><li><code>Invoice__c</code></li><li><code>Invoice_Line_Item__c</code></li><li><code>Invoice_Setting__c</code></li><li><code>Payment_Request__c</code></li><li><code>Remittance__c</code></li></ul></td></tr><tr><td><code>Service Agreements</code></td><td><ul><li><code>Service_Agreement__c</code></li><li><code>Agreement_History__c</code></li><li><code>Agreement_Item__c</code></li></ul></td></tr><tr><td><code>All</code></td><td>All Maica Client Management objects</td></tr></tbody></table>

{% hint style="info" %}
In order to respect any Sharing Rules or Data Access policies you may wish to implement, Maica Permission Sets **do not provide** `View All` or `Modify All` access to any objects.

We recommend managing `View All` and `Modify All` at the **Profile** level OR in a **Clone** of this Permission Set
{% endhint %}

{% hint style="info" %}
The Maica Object Permission Sets provide access to the objects as outlined above but do not directly provide access to the below-listed objects, as this is inherited based on Salesforce `Master-Detail` relationships, so any permissions/sharing configured for those objects will directly determine access the related Maica data objects, as shown here:

* `Remittance` -> `Account`
* `Service` -> `Account`
* `Program Enrolment` -> `Opportunity`
* `Connection` -> `Contact`
* `Booking Item` -> `Service Booking` -> `Contact`
* `Plan Goal` and `Plan Budget` -> `Plan` -> `Contact`
  {% endhint %}

### Full Permission Set Overview

You can access a full overview of all the Maica Permission Sets in the Google Sheet below.

{% embed url="<https://docs.google.com/spreadsheets/d/1KBuMxnNTRKbxlzFbLSzHvUH8hzJ1lTMZT0KsFVQVwjU/edit?usp=sharing>" %}