We need an access level for someone at an event check in desk to have access to Mark Attended only in NXT. Currently with the minimum access I can give there are the following risks outstanding:
It is possible to Export the participant list including email addresses and phone numbers. It's fine to display these on screen but we don't want them to be able to be exported.
It is possible to click on any participant’s name and see their date of birth. This would not normally be listed on an event check in list.
It is possible to navigate to our full list of RE events as well as the lists of participants for other events (and Export these). Ideally we would like to only give access to the relevant event.
It is possible for participant records to be deleted. There is a pop-up warning first but Delete is in the same drop down as Mark Attended. They should not have rights to delete participants, only Mark Attended.
Agreed! Since event sign-in is a job where we should be able to rely heavily on volunteers, we have had to stick to pen-and-paper event sign in even for events that have the NXT pre-registration. I'd love to see some security setting options that strictly limit to common volunteer tasks like this.