Event Manager without being Event Admin
Prevent Event Admins from editing member data - or allow some events to be configured by non-admin. We want to allow certain members (rotates - different person each year) to be the 'admin' of an event but not give them full access (editing member data, viewing member financial info unrelated to the event). Wish there were a way to allow them to edit and monitor event registrations without being an admin.
Kendra Sechovec
shared this idea
64 comments
-
Laurie Principe
commented
We would love to see this too. Event Admins have way too much access to financial records. Agree that access needs to be restricted to prevent everyone with event access from doing these tasks which should be handled only by someone with a higher level of event access.
Add/modify invoices
Record/modify payments
Settle/unsettle payment
Add/modify refundsThis request/idea has been known to Wild Apricot for four years. Why is nothing happening?
-
Ken Phillips
commented
The ability of event admins to have access to financial records and access to data base of members is a huge hole in the system. I is the main reason we kept our PayPal instead of using Wild Apricot. We have 5000 members and hold 500 events. We have 30 event admins with too much access. The big reason the need access is to know who the participants are and if they have paid. I see comments here 5 years old. This is a huge security problem and I think it should have more importance attached.
-
Tim Dahl
commented
Any Update on this? We need to have multiple individuals checking members into events but not have full access as Event Admin. It really seems like there is never any movement on security related issues. This may become a deal breaker very soon due to privacy and security.
-
Alex Sirota commented
A limited "events coordinator" role could be useful. The role would be a scaled down version of the event manager. These features available to a full events manager would be eliminated from an event coordinator capabilities:
View contacts list
View contact details
Add new contact
Modify contact details
Run saved searches
Export contactsThese financial roles would also be eliminated for an event coordinator:
Add/modify invoices
Record/modify payments
Settle/unsettle payment
Add/modify refunds -
Huw Morgan
commented
I just joined an organization and became an event manager. My mind was boggled by the access that I was granted. To be able to access all personal information (name, address, phone number) for all members is just not acceptable. It flouts every information security rule in the book. In order to get around this deficiency, we now have to have a tight group of event admins that respond to emails from event conveners because we can't grant them admin access without opening ourselves up to breaches of personal information. How do you get away with this?
-
Allison Morris
commented
Event Manager Administrator Role profile should have varying levels of permission. If levels are not available, an Account Administrator should be able to restrict access of an EVENT MANAGER administrator to specific events or limit to check-in only. Our events often involve a lot of volunteers that work check-in They don;t need access to create/manage ALL events. That is kinda scary:-)
-
Nina Cavanagh
commented
I hope there is somewhere a request under this subject to restrict Event Managers to their own event AND not allow them to touch the financials. Currently, an Event Manager has the same powers as our Treasurer - (who has to be a Donations Manager ???) which is extremely annoying to our Treasurer and potentially open to the Event Manager perpetrating fraud.
-
Webmaster
commented
Hi, thanks for the App. Our members and the organizers really love it. But as a main event manager of all our events, I would be happy if I could choose and reduce the rights of each event organizer. At the moment I have to give each organizer the full rights as an event manager - even when he only checks-in participants of his event via the App. Actual that means every organizer could modify or delete by mistake each event even it is not his own.
I would appreciate it if the event organizer (as set in the event emails) could manage only his own events.
If that will not be possible to realize I would appreciate it if I could choose the rights of each organizer. For example: can delete events, can edit, can add contacts (non-members) or can only check-in the participants.
That would be very helpful. -
Jason Yee
commented
Are there other wishlist items similar to this? I would love to give more access to event organizers in my organization, but it is not possible because allowing them to be event managers on the system also allows them to edit member data and view other financial information.
-
Randy Rensch
commented
I've already commented that this wish, maybe combined with the addition of a second Organizer (assistant, reservationist, whatever) would be firmly in the Top 5 of our organization's wishes, so I won't go on about how we would use it.
Meanwhile, for those here who mention that the Organizer of a single event should not receive emails regarding other events, note Support's advice that each event can have a separate organizer. But that still leaves a problem: Unless the Organizer is herself registered, she will receive all the promotional emails for it.
We have a privacy workaround that involves setting up an autoforward "event address" for each event, at our hosting service. After entering that event address in our Contacts list, it is then specified as the Event organizer. It's a Rube Goldberg scheme, and requires setup by someone trusted to access our hosting account (2-5 min chore for each address) but it works. We can forward simultaneously to the various managers in involved in the event (somewhat obviating the need for separate Manager, Organizer and Reservationist fields), and the Organizer's personal address is not broadcast to our entire mailing list. (However, unless a special Gmail (etc) account is used, it will be disclosed to Registrants who the Organizer contacts. The relevance to this thread (sorry for burying the lead!) is that unless the event address is configured to opt out of mass mailings, the Organizer will get all the promotional emails about ALL our events. Luckily that setup is very easy and a one-time thing.
Alternatively, if privacy is the only concern, maybe each Organizers could have their own Gmail address. I don't know offhand if Gmail can be configured to autoforward. If so, that would resemble our system. But without autoforwarding, accessing a special Gmail account would be yet more work for the Organizers and those who teach them. And it would be a ton of work for the Organization to create and configure many scores of Gmail accounts.
Maybe WA should think about ways to pull all these concerns and workarounds together within the WA system. If not, hopefully some of what I've described will be helpful to some here.
-
Doug, you can already change the event organizer for individual events. For details, see https://gethelp.wildapricot.com/en/articles/31#organizer
-
Scot McConnachie
commented
One more addition to my previous message:
1) i. A preset list of hashtags available for assigning to the event.
-
Doug Walters
commented
Would like to see the ability to select a contact as an Event Manager per event instead of only one Event Manager for all events. Most orgs have event committees and chairpersons per event. No need for every committee chairperson getting registration notifications for events that are not theirs.
-
Scot McConnachie
commented
An admin asked me to repost this message from the following topic:
It is posted here in a slightly edited form. Our organization hosts many events with recurring sessions that, on a limited basis, are open to the public, so we found the proposal in the above link to be too limited. Our typical events will have free registration options for members and the public, the latter of which are constricted by the member event organizer’s Membership Level. In effect, the public attendees are “guests at-large” of the event organizer and can self-register into the event (the organizer, when a member, can also register specific guests as well). We use bifurcated event registrations, to members or the public, as a primary recruiting and retention method for our organization.
1) This proposal is to extend the administrator paradigm by giving a contact (not just a member) Limited Event administrator access to the Administrative View of the organization website. I propose the following options for setting up each Limited Event Administrator.
a. To view or not view but not edit others’ events in the Event List (or a calendar UI). This allows one to see potential event conflicts. See item 3) below for more options.
b. Allowing specific Visibility (i.e. Event Access) settings when creating and editing one’s events. For example, if a Limited Event administrator is restricted to creating Admin Only visibility events then that creates an implicit workflow where that administrator must have de facto approval to change Visibility.
c. A numerical limit on the total number of attendees in an event (no limit is possible).
d. A numerical limit to the total number of future event sessions on the system at any time (no limit is possible).
e. A preset list of Saved Searches that may be chosen from to announce an event.
i. As a sub-option, limits on the number of announcements to reduce “spamming” effects on the recipients.
f. Whether the administrator can create RSVP events, Regular events, or both.
g. For Regular events I see the following Limited Event administrator options.
i. Similar to item 1) b. above, restrict to specific Visibility (i.e. Event Access) settings for Regular events. Because Regular events are more complicated, it is a reasonable control to separate this setting from RSVP events.
ii. A different preset list of Saved Searches that may be chosen from to announce the event. Why is this a different list of saved searches from RSVP events? Because RSVP events cannot have a separate registration limit for the public versus members. If an RSVP event is open to the public, then the organization loses control over how many public members would be admitted to the event. This might be acceptable to many organizations, particularly when they can charge admission to the event. However, for us we have to ration public access differently since our competitors offer free events: we do this using membership dues. Since we have to ration public access differently, it is very likely that our RSVP events would be members only; we would not want to announce such events to the public.
iii. Across all Event Registration Types, set a maximum allowed price ($0.00 is possible; no limit is also possible).
iv. Across all Event Registration Types, set a minimum allowed price ($0.00 is possible).
v. Across all Event Registration Types open to the public, limit the number of non-members allowed to register (0 is possible, which would negate public access; no limit is also possible).
vi. Across all Event Registration Types open to the public, set a minimum price ($0.00 is possible).
vii. Across all Event Registration Types, set a maximum number of guests allowed per registrant (0 is possible; no limit is also possible).
h. Allow the Limited Event administrator to exceed any or all of the limits set above, but highlight the exceeded limits in red (or some fashion). The system would retain an event that exceeds its author’s limits but it could not leave Admin Only status, nor accept registrations, nor be announced by email blast: only a higher level administrator could make these changes. This would provide an implicit workflow.
2) The Calendar interface in the linked to topic is a great idea: event administrators need it too.
a. Calendar events could be coded by their Visibility and/or Open to Registration status.
3) There is more that could be done with the scope of events that a Limited Administrator could view or edit, such as
a. Events by chapter.
b. Events by administrators within a membership group.
c. Events by administrators within a membership level.
d. Events by hashtag.
Giving members backend access to their events becomes a natural way to recruit them as eventual administrators and officers.
-
Jason Yee
commented
Our organization has a lot of events and each committee has to email our admin to get the registration list and setup events. It would be a huge cost saver and convenience if each our committee members could setup an event and check their own registration details.
-
Randy Rensch
commented
I'd include this among our top five most important wishes. We run scores of events per year, many of them involving registrations, which are managed by a Reservationist. They are volunteers. Some handle one event, some handle recurring events. Many of them are ordinary Members who should not have access to Admin functions and data, but they do need access to data for their particular event.
Giving them that access would make it SO much easier for them to do their jobs, and thus to recruit volunteers, and simplify life for the webmaster and other admins who manage them.
-
Anonymous
commented
The event manager should not have access to contacts, dashboards or finances. The only finances that they should have access too is to see if attendees have paid or not. The same goes for emails. They should only be able to email event attendess
-
Mark Bower
commented
Highly desired to have function of designating a member as an "Event Manager" (EM). EM would be designated on a "per event" basis and would be duplicated if an event were duplicated. EM would be able to manually add registrants, manage wait list, cancel registrations, review registrations, export registrations, and send emails. EM would also be able to edit event attributes if that were needed. EM would NOT be able to edit or change contact information.
-
AdminEvgeny Zaritovskiy
(VP Technology of Wild Apricot by Personify, Wild Apricot by Personify)
commented
I'm sorry to hear that. Unfortunately, this not in our nearest plans as of now.
-
Mona Schorow
commented
We have about 10 events a week each of which is led by a different person. We've been using Wild Apricot for years but this may be a requirement that we can't work around any longer.
