Helping you help others.
Umbrella Rules, Data Access and Privacy
Umbrella Rules Overview
Umbrella rules encompass the overall security administration structure and rules established for Workforce One (WF1).
They are the global business rules that govern how system security will control access to view data in WF1.
 COFFR (Contract or Federal Fund Recipient) – The contract or federal funding recipient associated with the
agency. Agencies can have multiple COFFR’s associated with them. COFFR has replaced WSA Region as COFFR is
more descriptive of these entities.
 Agency – An entity that receives funds from a WF1 COFFR to provide employment and training services.
 Agency Locations – The agency location where a staff is located to provide the employment and training services
for a person.
The following examples illustrate the relationship between COFFR, Agency, Agency Location and Program in WF1.
Page 1
2/6/2016
Helping you help others.
Person Record Rules
The following umbrella rules cover access to view summary and detailed information on person records. Most WF1
users can access summary information for person records after searching for a person and clicking the links found on the
left navigation panel. Users whose agency is serving the person and statewide users can view detailed information for
person records.
Primary Staff, Secondary, Support or Placement Staff
o Can view detailed information for person program sequences associated with the user’s assigned agency
location(s), COFFR(s) and programs.
o If the currently assigned Agency Location and COFFR for the case sequence matches the Agency Location
and COFFR of the user, the details for the same case sequence are accessible and actions can be taken
on this case sequence (e.g. determine eligibility, delete eligibility/enrollment, enroll, add/edit activities,
exits, etc.)
o If the currently assigned Agency Location and COFFR for this case sequence do NOT match the Agency
Location and COFFR of the user, but the Agency Location matches the Agency Location and COFFR of the
user (can occur with case transfers), those details are viewable but no new actions can be taken on this
case sequence.
o Users associated with Dislocated Worker have read-only access to TAA activities.
o Multiple Secondary Staff can be currently assigned at one time and do not need to be in the same
agency as the primary. Only one primary, placement, and support staff can be assigned.
Non-Statewide Users Who Are Not Assigned to the Person’s Program Sequence
o Users who are not assigned to a given program sequence who do not have statewide rights, can view
only summary case information. For example, these users can view the Activity Summary, but cannot
click on the activities to view the details. Likewise, such users can view the case note summary, but
cannot read the case notes. COFFR monitors have similar access to a statewide monitor, but it is limited
to their assigned COFFR.
Case Note Rules
In the rewrite, users can control who can see a case note that they entered. The privacy levels set when the case
note is entered are as follows:
o Private: Only the user who entered the case note and user assigned in the case note can view the case
note.
o All Staff in Servicing Agency: Currently assigned users can view case notes regardless of COFFR, agency,
location, or program. Once users are no longer assigned to a case, if they are not working for the agency
that is serving the person for that sequence, they lose the capability to see case notes not entered by
them unless they were the user assigned at case note entry.
o All WF1 Staff: All users can view this case note regardless of program or agency. This replaces the Notes
section in use in the legacy system.
o State/COFFR monitors will be able to see all case notes for a person regardless of level assigned to the
case note.
User (Staff) Record Rules



Security Administration 1 users (SA 1) have access to the full user records, except user password and secret
answer.
Security Administrator 2 users (SA 2) have access to all user data for their COFFR, except the user password and
secret answer. They do not have access to edit their own SA 2 profile.
Security Administrator 3 users (SA3) have access to all user data for their agency, even when their agency is in
different COFFRs. They do not have access to edit their own SA 3 profile.
Page 2
2/6/2016
Helping you help others.


Users can have multiple profiles for navigating between multiple agencies or profile types.
User Detail Rules:
o User Password or Secret Answer is never viewable by any user (including Security Administrators).
o Security Administrators DO NOT have the capability to change the user’s password.
o Security Administrators DO have the capability to reset a user’s secret question/answer.
o Users can view other user’s phone, email, COFFR/agency location association and program association,
which also includes access group.
o Users can update their own phone number and e-mail. It is important to keep your email address updated
as it is the way we reach you about changes to WF1, outages, etc.
o Users can reset their own password, once logged into the system.
o Users have the capability of using a secret question/answer to reset their passwords prior to logging in.
o Users have the capability of changing their secret question/answer while changing their password.
o Users can set their own default profile.
o Security Administration 1s have access to edit/view all user details.
o Local Security Administrator 2s have access to edit all user details for their COFFR.
o Local Security Administrator 3s have access to edit all user details for their agency.
o Inactive users must check with their security administrator or call the MN.IT @ DEED service desk at 651-3550500.
Agency Record Rules


All users have access to view agency details such as address.
Users with the appropriate privileges are allowed to change a location’s Mailing Address for Correspondence.
Privacy Levels and Settings
Privacy rules in WF1 define which information in a person record can be viewed based on umbrella rules as well as
whether the person’s record is private or not private. Different levels of access and the capability to secure a person’s
record detailed information is governed by an indicator in the assigned staff user profile. Whether a user is allowed to
access ALL private records is added or edited by those in the central office with Security Administrator 1 privileges.
Privacy in a Person Record
Privacy settings for a person’s entire record is handled differently than privacy settings for case notes within that record
(described elsewhere in this document). An indicator can be set to determine if a person record is available for users
under the appropriate umbrella to view or if viewing record details is only available to the currently assigned staff,
monitors or users with privacy privileges.
Record Details are Not Private
This is the default level for all person records until a situation for extra privacy is needed, or until a privacy status
update transaction is sent to WF1 via the MAXIS interface. This is similar to umbrella rules for whether or not a
link is active to view detailed information from a summary or in a search or report.
Record Details are Private
Once a privacy indicator is set on a person’s record, currently assigned staff are able to view detailed
information for the person’s activities, contact and demographic information, assessments, plans and case
notes. Detailed information can also be viewed by those with the appropriate privileges in the agency of the
staff assigned, and by monitors. Users who do not have the appropriate privileges can see basic information in a
report or person record such as name, birth date and “identifying” numbers (WF1 Record ID, last 4 digits of SSN,
MAXIS Case, and PMI), program name and current case status. No contact or demographic information display,
nor do agency and staff assigned information.
Page 3
2/6/2016