Security Roles Reference Guide

Updated February 27, 2026 16:21
Print Article

A staff member's Security Role determines the level of access they have to view or manage information or specific features in ALIS. The permissions contained in each Security Role can only be updated by the ALIS team, but are fully customizable to meet your organization's specific needs.

About Security Roles

Security Role refers to a grouping of permissions that determine users' level of access to information, specific features, or settings in their ALIS company environment.
Security roles are fully customizable. When first onboarding to ALIS, your company receives a set of ALIS default roles that can be assigned to initial users. However, it is common that your company may choose to redefine the defaults or create new roles to more closely align with existing job roles in the organization.
While users with greater levels of access to ALIS (i.e., Community or Company Administrators) can assign a security role to new or existing staff profiles, the names and specific permissions included in each security role are managed solely by the ALIS team. Note that it is also our standard practice to only make specific permissions changes or reassign roles to staff with express consent from a designated company administrator.
Knowing what each of your company's roles have access to is not always obvious, especially for roles other than the one you are personally assigned. The ALIS team can help by providing a breakdown of specific permissions contained in each role.

For more information or assistance with any of the above, contact your Account Manager or our ALIS Customer Success Team.

How to assign a staff Security Role

Assigning a staff security role is required when adding a new staff or user profile. For specific instructions on assigning a security role when adding staff, refer to this How to add a Staff Profile guide.

Particularly when you have worked with the ALIS team to customize roles, staff will only have to be assigned one role as it will encompass all permissions needed to fulfill their tasks. However, you do have the ability to assign multiple roles for an individual staff member.

The list of options in the Security Role dropdown menu reflects all available roles for your company. Be sure to align with your leadership team on which ones to assign per job role.

How to change a staff Security Role

It is possible that you may need to change a staff member's assigned Security Role either because it was initially assigned incorrectly, your company has customized roles, or the staff member has transitioned to a different job role requiring a new level of ALIS access. Changing a security role is done from the individual's Staff Profile.

Typically only users with company and community administrator levels of access have the permissions needed to change a staff member's Security Role. It is important to note that even a user with the higher level of access (i.e., "Community Administrator") cannot change the security role of another user with that same role. However, users with permission to change security roles for staff do have the ability to assign the same level of administrator access that they currently have.

For specific instructions on how to change a staff member's security role, refer to this How to change a staff Security Role guide.

ALIS Default Security Roles

Below is the alphabetized list of ALIS default roles all companies start with and general descriptions for what each role's basic capabilities are. For information on exact permissions contained in each role, contact your Account Manager or our ALIS Customer Success Team.

App Store - This role provides the permissions to view and manage certain actions in the App Store. This may added as an additional security role to an IT administrator user's existing role, however note that the ALIS Team .
Caregiver - This role is meant to be able view resident data, complete basic charting, and print documents. By default, this role has the same permissions as the Medication Tech role. You may need to be further customized to restrict access to medication administration functions.
Community Administrator - This role can access every feature at the administrative level, but only for specified communities. If your organization has many communities, there may be some administrators with this role who have been associated with multiple communities, but not all. For more information, read this article: How do I associate a staff member to multiple communities?
Company Administrator - This role is the most highly permissioned one and can access every feature at the administrative level for all communities within the organization. At least one designated staff member will be assigned the Company Administrator role when your ALIS site is first created.
Medication Tech - By default, this role has the same permissions as the Caregiver role. In addition to these permissions, Medication Techs can also View and Edit Med Pass History.
Nurse - By default, this role has the same permissions as the Caregiver role. In addition to these permissions, Medication Techs can also View and Edit Med Pass History.
Pharmacy Tech - This role is meant to be assigned to a Pharmacy Tech outside of your organization. It is likely that this role has more permissions than needed. It is recommended to review the permissions of this Security Role with our team before assigning it.
Referral Source - This role is meant to be assigned to a Referral Source outside of your organization. Basic permissions include viewing Prospects and Referral Source pages.
Referral Source Manager - This role has the same permissions as the Referral Source role in addition to viewing Staff Profile pages and the ability to manage referral sources.
Sales Representative - This role has access to view and manage Prospects and Referral Sources.
Sales Manager - This role has the same permissions as the Sales Representative role in addition to managing Prospect Tasks assigned to other users, undeleting Prospects, and viewing Prospects Reports. Permissions also include viewing resident evaluations, resident details, and Staff Profile pages.
Third Party - Restricted Access - This role is meant to be assigned to a third-part provider outside of your organization. Permissions include basic access to resident details For more information about the Third Party Security Role, refer to this What is the Third Party security role? guide.

Common Customizations

There are endless options for creating user permissions within your company, and our team will always be happy to work with you to ensure your Security Roles meet your needs.

See below for a list of common customizations and a high-level description of each. Note that some roles here may be best suited for a company with multiple communities, departments, or teams:

Accounting Team - Access to all sensitive information, able to make most changes and view all reports.
Business Office Manager - Access to sensitive data, able to make select administrative updates to billing.
Caregiver - View-only access to select resident data and access to basic resident charting. Unable to edit any past charting data.
Dining Services Director - View-only access to basic resident data. View reports specifically for the Resident Diet Roster.
Executive Director - Access to sensitive data, able to make select administrative updates to charting & billing.
Executive Team - Manages overall community operations for the company.
Health and Wellness Director - Access to sensitive data, medications management, and able to make select administrative updates to charting.
Life Enrichment Coordinator - View only access to resident data. Able to manage calendars and view resident reports.
Memory Care Director - Access to sensitive data, able to make select administrative updates to charting.
Medication Tech - Basic resident and charting access, including Pass Meds. Unable to edit any past charting data.
Nurse - Access to sensitive data. Able to chart on all care and meds and process orders from the pharmacy.
Pharmacy - View-only access to basic resident data, medication data, and pharmacy data.
Receptionist - View-only access to resident data and staff data. Able to add and remove staff.
Regional Team - Access to all sensitive information, able to make most changes and view all reports.
Sales Manager - Able to manage resident status and financial dates. Access to applicable reports.
Outside Provider* - View-only access to basic resident data, medication data and care plan data.
State Surveyor* - View- only access to basic resident profile, resident compliance documents. For more information about preparing for state surveys with ALIS, read this article: ALIS Survey Preparedness Guide.

*These are customized versions of the 'Third Party - Restricted Access' role as they provide the ability to restrict access based on specifically associated residents.

For more assistance with Security Roles,

Contact our ALIS Customer Success Team:

888.404.2547 or support@go-alis.com

Was this article helpful?

0 out of 0 found this helpful

Have more questions? Submit a request

Comments

0 comments

Please sign in to leave a comment.