Forums

Greater Flexibility with Access Permissions

Hi guys


I know I have had this discussion for the last few years and I know I am not asking something that is simple but I do believe it is something that really needs to be made a priority if we are encouraging Elvanto to be used by our Ministry Areas.  I have been told previously that it is an area that is being worked on but as yet I haven't seen anything come from it.  I know you have been working on other areas which is great but I do believe security is an area that is paramount to the success of a system and there needs to be flexibility to cater.


The issue I have is that the Access Permissions do not allow for a varied level of access.  The way the access permissions are designed is that the greater level of access takes priority - which for me is an issue because I have people I have had to grant a broader level of access than I would like because of the varying roles they undertake.


Here are a couple of examples...

EXAMPLE 1

A user is a small group leader - which means that they require access to the GROUP in which they lead.  

The same user is also a team leader - which means they require access to a DEPARTMENT.

The people in the group and the people in the department may or may not be the same - more often than not they are different!


EXAMPLE 2

A user is a kids minister - they require the ability to roster and communicate with their team but they also require the ability to communicate with parents and record notes against children.

At the moment I must give them full access to a location which includes youth and other people who have nothing to do with the kids team or the parents / children.  Something that goes against everything I agree with.  Users should only have access to what they require.


I know I am asking a total re-work of the security make up but I do believe it is important.


One thought I had is for the access to be tiered - maybe instead of ADMIN / MEMBER it might need to read GROUP / DEPARTMENT / ADMIN etc...  And depending on the function a user is undertaking they go to a different area and the security is applied at that level.  
This would allow us to define a user a a Group Leader with a specified level of access and then a Department Leader with a specified level of access and it does not overlap providing access to information for people they should not have.


I would love to help be involved in finding a solution if required.


Regards

Kristy Sonneman-Smith

Dreambuilders Church 



Hi Kristy


Thanks for the message.


As you've said this is a massive task. The Access Permission system is rather integral to most areas of Elvanto and rebuilding it would most likely take as long, if not longer, then V2 took!


We're aware of the issues like this that the current system has, and we're wanting to look into this more in the future For now though there's not much we can currently do with the current system. While we could add a few extra options, it would still need an overhaul to fix some of the issues it faces.


We are looking into this though and exploring ways we can progress with these changes without rebuilding the entire system.


Stewart

I second this request wholeheartedly. A more granular approach to access permissions is desperately required.  We are only in the rollout phase of using Elvanto - chosen by others, but I am being asked to administrate it. Having managed data access permissions in large network environments the lack of adequate restrictions is frightening.

Fortunately we are only a small church and we can "get away with" some things because we know and trust each other. But this is a highly exploitable situation to be in.

One 'simple' access permission that would significantly help us in the "People - Restrict Access" section would be "Can only EDIT people within the group they lead".  If this actually stuck it would be a great level of access.

Kristy have you found any clever work-arounds?


Cheers,

Cameron Arms

Extreme Life Church

Warrnambool, Australia


Hi Cameron

I really take every need on a case by case basis.  For now I find myself building user specific access permissions which increases the number I have and it is definitely not my first option but it does give me an element of greater control.


I do still have some people that go beyond the capabilities of the current structure but I keep those to a minimum and as you say they are people I can trust.


Elvanto is a good system and I know the team are constantly developing.  I love that it is Australian based and the support you receive is of a high standard.


All the best as you set the system up.


Hope this helps.

Kristy



Also as new users who are used to greater access control in other systems, we'd like to see some improvements in this area too.


For example:


We can already control who can view and add people to Groups based on whether the user

  • administers the group category
  • leads the group
  • belongs to the group
But we can only control who can edit positions and remove peopl from groups as either Yes/No regardless of the above distinctions. That means I can't add someone to a group I don't lead, but I can remove people or edit their positions on groups I don't lead. Either that, or I can't do it at all - even for groups I do lead.


Login or Signup to post a comment