System configuration, user management, audit logging, integrations, email templates, and backup procedures for the NDSS CRM NDIS care management platform.
The NDSS CRM Administration Panel is the centralised hub through which Super Administrators and Organisation Administrators configure every aspect of the platform. Accessible via the left-hand sidebar under Administration → Settings, the panel consolidates user management, role configuration, audit logging, system settings, data operations, integrations, email templates, and backup procedures into a single, well-organised interface.
Access to the Administration Panel is governed by the platform's Role-Based Access Control (RBAC) system. The following roles have varying levels of administrative access:
| Role | Access Level | Permissions Summary |
|---|---|---|
| Super Admin | Full Access | All settings, user management, role management, audit logs, backups, integrations, data management |
| Org Admin | Extended Access | User management (within own organisation), system settings, email templates, audit logs (own org), integrations |
| Manager | Limited Access | View audit logs, view system settings (read-only), manage team members in assigned region |
| Staff / Support Worker | No Access | Administration panel is not visible in sidebar for these roles |
When a user with administrative privileges navigates to the Admin Panel, they see a tabbed interface with the following sections:
The Admin Panel is built using the following technologies:
The User Management module provides comprehensive capabilities for creating, editing, deactivating, and monitoring all user accounts in the NDSS CRM platform. Every person who accesses the system - whether they are a Super Administrator, Organisation Administrator, Manager, Support Worker, Clinician, Finance Officer, or Client - has a user record managed through this interface.
The default view displays all users in a paginated, searchable, and filterable table. Administrators can quickly locate any user by typing into the search bar (which filters by name, email, or NDIS number) or by selecting a role filter from the dropdown.
Clicking the + Add New User button opens a modal dialog with a multi-step form. The form is implemented using React Hook Form with Zod schema validation to ensure data integrity before submission.
| Field | Type | Required | Validation |
|---|---|---|---|
| First Name | Text | Yes | 2–50 characters, letters and hyphens only |
| Last Name | Text | Yes | 2–50 characters, letters and hyphens only |
| Email Address | Yes | Valid email format, must be unique in the system | |
| Phone Number | Tel | No | Australian phone format: 04XX XXX XXX or +614XXXXXXXX |
| Date of Birth | Date | No | Must be a past date; user must be 16+ years old |
| Address | Text | No | Free-form Australian address |
| Field | Type | Required | Description |
|---|---|---|---|
| Role | Select | Yes | Choose from available roles (Super Admin, Org Admin, Manager, Support Worker, Clinician, Finance Officer, Client) |
| Organisation | Select | Yes | Assign to an organisation (auto-filled for Org Admins) |
| Region | Select | No | Optional geographic region assignment |
| Team | Multi-select | No | Assign to one or more teams |
| Direct Manager | Select | No | Assign a direct reporting manager |
| Send Welcome Email | Checkbox | - | If checked, system sends an automated welcome email with password setup link |
Clicking Edit on any user row opens the same multi-step form pre-populated with the user's current data. All fields are editable except the email address (which serves as the unique identifier). To change an email address, the administrator must deactivate the existing account and create a new one.
Key edit actions available:
Users are never permanently deleted from the NDSS CRM platform. Instead, they are deactivated, which:
Reactivation reverses all of the above. The user regains their previous role and access level. The administrator may optionally send a reactivation welcome email.
Under NDIS Quality and Safeguards Commission requirements, all user records must be retained for a minimum of 7 years after the last service delivery. NDSS CRM enforces this by preventing permanent deletion and maintaining immutable audit trails for all user account changes.
The Role Management section allows administrators to define custom roles, assign granular permissions, and establish a role hierarchy that controls data visibility and action authorisation throughout the platform. NDSS CRM ships with a set of pre-defined system roles, but organisations can create additional custom roles to match their operational structure.
| Role Name | Level | Scope | Description |
|---|---|---|---|
| Super Admin | 1 (Highest) | Global | Full platform access. Can manage all organisations, users, settings, and system configuration. Cannot be deleted. |
| Org Admin | 2 | Organisation | Full access within assigned organisation. Can manage users, settings, and all operational modules. |
| Manager | 3 | Region/Team | Manages staff, clients, and operations within assigned region or team. Can approve timesheets and shifts. |
| Team Leader | 4 | Team | Leads a specific team. Can view team rosters, manage shift swaps, and submit reports. |
| Support Worker | 5 | Assigned Clients | Provides direct support to allocated clients. Can view assigned client details, log notes, and complete shifts. |
| Clinician | 5 | Assigned Clients | Clinical role with access to health records, behaviour support plans, and clinical notes. |
| Finance Officer | 4 | Organisation | Manages invoicing, payroll, NDIS claims, and financial reports. No access to clinical data. |
| Client | 6 (Lowest) | Own Data | Client portal access only. Can view their own plan, bookings, invoices, and submit requests. |
Permissions in NDSS CRM are organised into categories corresponding to platform modules. Each permission follows the pattern module.action (e.g., clients.create, shifts.approve).
| Category | Permissions |
|---|---|
| Users | users.view, users.create, users.edit, users.deactivate, users.reset_password, users.force_logout |
| Roles | roles.view, roles.create, roles.edit, roles.delete, roles.assign |
| Clients | clients.view, clients.create, clients.edit, clients.delete, clients.view_plan, clients.edit_plan, clients.view_notes, clients.create_notes |
| Staff | staff.view, staff.create, staff.edit, staff.delete, staff.view_qualifications, staff.manage_availability |
| Shifts | shifts.view, shifts.create, shifts.edit, shifts.delete, shifts.approve, shifts.allocate, shifts.swap |
| Finance | finance.view, finance.create_invoice, finance.approve_invoice, finance.submit_claim, finance.view_payroll, finance.process_payroll |
| Incidents | incidents.view, incidents.create, incidents.edit, incidents.close, incidents.escalate, incidents.view_all |
| Clinical | clinical.view, clinical.create, clinical.edit, clinical.view_bsp, clinical.edit_bsp, clinical.medication_management |
| Reports | reports.view, reports.create, reports.export, reports.schedule |
| Admin | admin.view_settings, admin.edit_settings, admin.view_audit_log, admin.manage_integrations, admin.manage_backups, admin.manage_email_templates |
To create a custom role, navigate to Admin → Roles & Permissions → + New Role. The creation form requires:
Role-based access control is enforced at three levels: (1) the Next.js middleware checks route-level access, (2) the API layer validates action-level permissions using TypeScript decorators, and (3) Supabase / Oracle Row-Level Security (RLS) policies enforce data-level isolation at the PostgreSQL database layer. Python and PHP service endpoints also validate permissions using shared JWT token verification libraries.
The Audit Log provides a comprehensive, immutable record of every action performed within the NDSS CRM platform. Every user interaction - from logging in, to editing a client record, to approving an invoice - is captured with full context including the user, timestamp, action type, affected resource, details of the change, and the IP address from which the action originated.
The audit log is presented as a searchable, filterable, and exportable table. Administrators can narrow results using the following filters:
Each audit log entry is stored in the audit_logs PostgreSQL table with the following schema:
CREATE TABLE audit_logs (
id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
timestamp TIMESTAMPTZ NOT NULL DEFAULT NOW(),
user_id UUID REFERENCES users(id),
user_email VARCHAR(255),
action VARCHAR(50) NOT NULL, -- LOGIN, CREATE, UPDATE, DELETE, etc.
resource_type VARCHAR(100) NOT NULL, -- Client, Staff, Shift, Invoice, etc.
resource_id UUID,
details JSONB, -- Structured change data
ip_address INET,
user_agent TEXT,
severity VARCHAR(20) DEFAULT 'INFO',
org_id UUID REFERENCES organisations(id),
created_at TIMESTAMPTZ NOT NULL DEFAULT NOW()
);
-- Index for fast filtering
CREATE INDEX idx_audit_logs_timestamp ON audit_logs(timestamp DESC);
CREATE INDEX idx_audit_logs_user_id ON audit_logs(user_id);
CREATE INDEX idx_audit_logs_action ON audit_logs(action);
CREATE INDEX idx_audit_logs_resource ON audit_logs(resource_type, resource_id);Audit logs are retained for a minimum of 7 years in compliance with NDIS Quality and Safeguards Commission requirements and the Australian Privacy Act 1988. Logs older than 7 years are archived to cold storage (compressed and encrypted) rather than deleted. The retention policy is configurable per organisation in System Settings.
Audit logs can be exported in CSV, JSON, or PDF format. Scheduled exports can be configured to automatically send audit reports to designated compliance officers on a daily, weekly, or monthly basis. Python batch processing services handle large export jobs asynchronously.
The System Settings section allows administrators to configure organisation-wide preferences that affect the behaviour, appearance, and defaults across the entire NDSS CRM platform.
| Setting | Description | Default |
|---|---|---|
| Organisation Name | Legal name of the NDIS provider organisation | - |
| ABN | Australian Business Number | - |
| NDIS Registration Number | NDIS provider registration number | - |
| Primary Contact Email | Main contact email for the organisation | - |
| Primary Contact Phone | Main contact phone number | - |
| Registered Address | Official business address | - |
| Logo | Organisation logo (PNG/SVG, max 2MB) | NDSS CRM default |
| Favicon | Browser tab icon (ICO/PNG, 32x32px) | NDSS CRM default |
| Setting | Description | Default |
|---|---|---|
| Primary Brand Colour | Hex colour code used for buttons, links, and accents | #E8672A |
| Secondary Brand Colour | Complementary colour for backgrounds and highlights | #1a1f2e |
| Sidebar Theme | Light or Dark sidebar | Dark (#1a1f2e) |
| Login Page Background | Custom background image for the login screen | Default gradient |
| Email Header Logo | Logo used in outgoing email notifications | Organisation logo |
| Invoice Footer Text | Custom text displayed at the bottom of all generated invoices | Organisation name and ABN |
Administrators can configure which events trigger notifications and through which channels:
| Event | In-App | SMS | Push | |
|---|---|---|---|---|
| New shift assigned | On | On | Off | On |
| Shift cancelled | On | On | On | On |
| Incident reported | On | On | On | On |
| Invoice approved | On | On | Off | Off |
| Timesheet submitted | Off | On | Off | Off |
| New client intake | On | On | Off | On |
| Compliance alert | On | On | On | On |
| Password reset request | On | Off | Off | Off |
| User deactivated | On | On | Off | Off |
| Backup completed | On | On | Off | Off |
| Setting | Description | Default |
|---|---|---|
| Default Timezone | Organisation-wide timezone for display purposes | Australia/Sydney (AEST/AEDT) |
| Date Format | How dates are displayed throughout the platform | DD/MM/YYYY |
| Time Format | 12-hour or 24-hour clock | 12-hour (AM/PM) |
| Currency | Currency for financial displays and calculations | AUD ($) |
| Language | Platform display language | English (Australian) |
| First Day of Week | Which day starts the week in calendar views | Monday |
| Financial Year Start | Start month of the financial year | July (Australian FY) |
The Data Management module provides tools for importing, exporting, and maintaining data within the NDSS CRM platform. These operations are essential during initial setup (migrating from legacy systems), ongoing operations (bulk updates), and regulatory compliance (data exports for audits).
NDSS CRM supports importing data from CSV, XLSX, and JSON files. The import wizard guides administrators through the following steps:
| Data Type | Supported Formats | Max Records | Processing |
|---|---|---|---|
| Clients | CSV, XLSX, JSON | 10,000 | Python batch processor |
| Staff | CSV, XLSX, JSON | 5,000 | Python batch processor |
| Shifts (Historical) | CSV, XLSX | 50,000 | Python batch processor |
| Invoices | CSV, XLSX | 20,000 | Python batch processor |
| NDIS Plan Data | CSV, JSON | 10,000 | Python batch processor |
| Legacy System Data | CSV, XML, JSON | 100,000 | PHP migration service |
Data can be exported from any module in CSV, XLSX, JSON, or PDF format. Export operations respect role-based access control - a user can only export data they have permission to view.
Bulk operations allow administrators to perform actions on multiple records simultaneously:
The data cleanup utility helps maintain data quality by identifying and resolving:
NDSS CRM supports integration with a range of third-party services to extend platform functionality. The Integration Settings panel provides a centralised interface for managing all external connections, API keys, and webhook configurations.
| Integration | Purpose | Status | Configuration |
|---|---|---|---|
| NDIS myplace Portal | Claim submission and plan retrieval | Connected | API credentials, provider number, certificate |
| Xero | Accounting and financial reconciliation | Connected | OAuth2 connection, account mapping |
| MYOB | Alternative accounting integration | Not configured | API key, company file |
| Twilio | SMS notifications | Connected | Account SID, Auth Token, sender number |
| SendGrid | Transactional email delivery | Connected | API key, sender domain, templates |
| Google Calendar | Shift calendar sync | Pending | OAuth2 connection, calendar selection |
| Microsoft 365 | Email and calendar integration | Not configured | Azure AD app registration, permissions |
| Deputy | External rostering data sync | Not configured | API token, location mapping |
Webhooks allow external systems to receive real-time notifications when events occur in NDSS CRM. Administrators can configure multiple webhook endpoints, each subscribed to specific event types.
| Setting | Description |
|---|---|
| Endpoint URL | The HTTPS URL that will receive POST requests |
| Secret Key | HMAC-SHA256 signing key for payload verification |
| Events | Select which events trigger the webhook (e.g., client.created, shift.completed, invoice.approved) |
| Retry Policy | Number of retries on failure (default: 3) with exponential backoff |
| Timeout | Maximum wait time for endpoint response (default: 30 seconds) |
| Active | Toggle webhook on/off without deleting configuration |
API keys allow external systems to authenticate with the NDSS CRM API. Each key is scoped to specific permissions and can be revoked at any time.
NDSS CRM sends automated email notifications for various platform events. The Email Templates module allows administrators to customise the content, layout, and branding of these notifications. All templates use a variable substitution system, enabling dynamic content insertion.
| Template Name | Trigger Event | Default Subject Line |
|---|---|---|
| Welcome Email | New user account created | Welcome to NDSS CRM - Set Up Your Account |
| Password Reset | Password reset requested | Reset Your NDSS CRM Password |
| Shift Assignment | Staff assigned to a new shift | New Shift Assigned: {{shift_date}} |
| Shift Cancellation | Shift cancelled by manager | Shift Cancelled: {{shift_date}} |
| Shift Reminder | 24 hours before shift start | Reminder: Shift Tomorrow at {{shift_time}} |
| Incident Notification | New incident reported | Incident Report Filed: {{incident_type}} |
| Invoice Generated | New invoice created | Invoice #{{invoice_number}} - ${{invoice_amount}} |
| Timesheet Submitted | Staff submits timesheet | Timesheet Submitted for {{period}} |
| Account Deactivated | User account deactivated | Your NDSS CRM Account Has Been Deactivated |
| Compliance Alert | Compliance item expiring | Action Required: {{compliance_item}} Expiring |
| Client Portal Invite | Client invited to portal | You Have Been Invited to the NDSS CRM Client Portal |
| Backup Notification | Backup completed or failed | System Backup {{backup_status}}: {{backup_date}} |
Template variables are enclosed in double curly braces {{variable_name}} and are automatically replaced with actual values when the email is sent:
| Variable | Description | Available In |
|---|---|---|
{{user_first_name}} | Recipient's first name | All templates |
{{user_last_name}} | Recipient's last name | All templates |
{{user_email}} | Recipient's email address | All templates |
{{org_name}} | Organisation name | All templates |
{{reset_link}} | Password reset URL (valid 24 hours) | Password Reset |
{{setup_link}} | Account setup URL (valid 7 days) | Welcome Email |
{{shift_date}} | Shift date (DD/MM/YYYY) | Shift templates |
{{shift_time}} | Shift start time | Shift templates |
{{shift_location}} | Shift location/address | Shift templates |
{{client_name}} | Client's full name | Shift, Incident, Invoice |
{{invoice_number}} | Invoice reference number | Invoice templates |
{{invoice_amount}} | Invoice total amount (AUD) | Invoice templates |
{{incident_type}} | Type of incident reported | Incident Notification |
{{portal_link}} | Direct link to platform login | All templates |
Each template can be edited using a rich-text editor that supports:
All emails are sent via the configured email provider (SendGrid by default). The system includes delivery tracking, bounce handling, and unsubscribe management. Email send logs are available in the Audit Log for compliance purposes. The PHP email service handles template rendering for legacy integrations, while the Next.js API routes handle modern React-based email templates using the @react-email/components library.
Data protection is a critical responsibility for NDIS service providers. NDSS CRM implements a comprehensive backup and recovery strategy that ensures business continuity and data integrity in the event of hardware failure, data corruption, accidental deletion, or security incidents.
| Backup Type | Frequency | Retention | Storage | Encryption |
|---|---|---|---|---|
| Full Database Backup | Daily at 02:00 AEST | 30 days | Supabase / Oracle automated + external S3 | AES-256 at rest |
| Incremental Backup | Every 6 hours | 7 days | Supabase / Oracle point-in-time recovery | AES-256 at rest |
| Transaction Log Backup | Continuous (WAL) | 7 days | Supabase / Oracle WAL archiving | AES-256 at rest |
| File Storage Backup | Daily at 03:00 AEST | 30 days | Supabase / Oracle Storage + external S3 | AES-256 at rest |
| Configuration Backup | On every change | 90 days | Version-controlled Git repository | GPG-encrypted |
Administrators can trigger a manual backup at any time from the Backup & Recovery panel. Manual backups are recommended before:
Manual backups are processed by a Python service that coordinates the database dump, file storage snapshot, and configuration export. The process takes approximately 5–15 minutes depending on database size and completes asynchronously with email notification.
Data restoration is a privileged operation available only to Super Administrators. The restore process follows these steps:
| Metric | Target | Description |
|---|---|---|
| Recovery Time Objective (RTO) | < 4 hours | Maximum acceptable time to restore service after a disaster |
| Recovery Point Objective (RPO) | < 6 hours | Maximum acceptable data loss measured in time (last incremental backup) |
| Point-in-Time Recovery | Up to 7 days | Ability to restore to any specific point within the retention window |
NDSS CRM recommends conducting a full disaster recovery test at least once per quarter. The test should include restoring a backup to a staging environment, verifying data integrity, and documenting the recovery time. Results should be recorded in the compliance module for audit purposes.