Raiser's Edge NXT Specific Role Access by Level for Events
Implementing event security rights in Raiser’s Edge NXT is crucial for maintaining data integrity and operational efficiency. By isolating rights to those working specific events from those managing them, organizations can ensure that sensitive information is only accessible to authorized personnel. This targeted access control minimizes the risk of data breaches and unauthorized changes, enhancing overall security. Additionally, it streamlines workflows by allowing event staff to focus on their specific tasks without being overwhelmed by unrelated data, while managers retain the ability to oversee and coordinate the event comprehensively. This separation of duties not only protects the organization but also fosters a more organized and efficient event management process.
-
Mari Nguyen
- Oct 15 2024
- Reviewed: Voting Open
Related ideas
Event access needs to be granular to protect both data and users. Many event helpers, like those handling check-ins or RSVPs, lack the expertise (and will never have the level of expertise) for the permissions the current Event Role settings allow in order to perform these tasks, and this poses risks to system and data integrity. As database managers, we can't perform all roles ourselves - especially during events where multiple people need to have access to Check-in, or update RSVP statues of participants. However, they don't need access to add participants, delete participants, or change any other information on the participants record. We must prevent accidental deletions, unintended record changes, or duplicate constituent creation by limiting permissions appropriately. The following should all be their own permissions: Edit participant, Add participant, delete participant, add guest, add fee/payments, update RSVP status, Mark not attended, Update invitation status, Mark attended, Add participant options, Link Gift.
And on top of this all, they should NOT be able to delete the profile picture of a constituent, which they currently are able to do with the way-to-powerful Add/Edit Participants permission.
Yes, access to events needs to be set at a granular level. It protects the data and protects the users. Many people who help with Events, especially
I believe this is related or is the same idea I have. I need to be able to give specific users access to specific events and specific parts of the events records. I do not want some users to see the Events "Overview" that lists all the events with income information etc. that is listed there for every event. Even if I restrict which gifts they can see by fund and set it so that gifts for specific events are listed under a specific fund, and therefore give access to gifts for specific events based on the funds, and therefore making it so that a user who has gift access restricted by fund can't actually see specific gifts if they click into an event that is not "their" event, they are still able to see all the information on the events overview page. I need to be able to limit which events show up on the event overview page so that they can see only the information associated with the events that pertain to them. It is not good enough that they can't view individual gifts based on funds, I need to have the ability to give security based on individual event ID just like gifts can be restricted based on fund ID.