Event Manager without being Event Admin
Prevent Event Admins from editing member data - or allow some events to be configured by non-admin. We want to allow certain members (rotates - different person each year) to be the 'admin' of an event but not give them full access (editing member data, viewing member financial info unrelated to the event). Wish there were a way to allow them to edit and monitor event registrations without being an admin.
This might be one of the most serious flaws in the Wild Apricot system and it seems that it has been around for a long time. The developers seem to not take this flaw seriously and as far as I can tell they have done nothing about it. This is strange since the solution of making a subset of the Events Admin designation with limited rights seems to be an easy fix. Does anyone know of a competitor MMS that does have this capability?
I agree with this need as all the members of a HOA should all be empowered to create events in their association. To limit it to just one person is illogical and to give everyone the much too powerful capabilities attached to the "Event Manager" designation is malpractice. As it is now the Events functionality of the website is unusable for my purpose. There have been a few work arounds published by frustrated users in the attempt to make this function work:
1. Embed a Google calendar in the website and lose the Wild Apricot gadget. Members can add events which can then be sent to the admin for a manual entry.
2. Subscribe to the Teamup shared calendar and embed it in the website. It also must inform the admin to do a manual event entry.
Of course at a certain point when you find that you have to replace Wild Apricots functionality with other apps to make the site work you will eventually come to the conclusion that replacing the whole website and moving to another host is the better solution.
Alan B commented
Totally agree with the comments here. There should be an event admin role who is assigned an event(s) and has limited access/capability
Will Phillipson commented
As a club, we have admins who set up events and manage WA. However, each event is run by an activity leader who is not necessarily an admin. We would like to enable the activity leader to be an "admin" to manage their event, but not have access to other events. In particular, the ability to see the registrations; manage the waitlist; send emails to registrants; use the admin app to record attendance / check in attendees, etc.
Jen Ontario Camps Association commented
I agree with the comments I'm seeing. I've had to go to paper check-ins at the registration table because event admins have access to the full database of sensitive member information. Feel like I'm going backwards!!
Laurie Principe commented
We would love to see this too. Event Admins have way too much access to financial records. Agree that access needs to be restricted to prevent everyone with event access from doing these tasks which should be handled only by someone with a higher level of event access.
This request/idea has been known to Wild Apricot for four years. Why is nothing happening?
Ken Phillips commented
The ability of event admins to have access to financial records and access to data base of members is a huge hole in the system. I is the main reason we kept our PayPal instead of using Wild Apricot. We have 5000 members and hold 500 events. We have 30 event admins with too much access. The big reason the need access is to know who the participants are and if they have paid. I see comments here 5 years old. This is a huge security problem and I think it should have more importance attached.
Tim Dahl commented
Any Update on this? We need to have multiple individuals checking members into events but not have full access as Event Admin. It really seems like there is never any movement on security related issues. This may become a deal breaker very soon due to privacy and security.
I don't want my event managers to view finances and have anything to do with invoices. My website is set up so that all payments are made online in order for someone to register for an event and become a member. My event managers don't need to deal with any finances.
I only want my event manager adding new events, modifying/duplicating existing ones, adding/modifying/canceling registrants, managing waitlists, and emailing members or event registrants (creating their own customized event emails, announcements etc). The finances side should have the option of hiding details from the event manager admins.
Alex Sirota commented
A limited "events coordinator" role could be useful. The role would be a scaled down version of the event manager. These features available to a full events manager would be eliminated from an event coordinator capabilities:
View contacts list
View contact details
Add new contact
Modify contact details
Run saved searches
These financial roles would also be eliminated for an event coordinator:
Huw Morgan commented
I just joined an organization and became an event manager. My mind was boggled by the access that I was granted. To be able to access all personal information (name, address, phone number) for all members is just not acceptable. It flouts every information security rule in the book. In order to get around this deficiency, we now have to have a tight group of event admins that respond to emails from event conveners because we can't grant them admin access without opening ourselves up to breaches of personal information. How do you get away with this?
Allison Morris commented
Event Manager Administrator Role profile should have varying levels of permission. If levels are not available, an Account Administrator should be able to restrict access of an EVENT MANAGER administrator to specific events or limit to check-in only. Our events often involve a lot of volunteers that work check-in They don;t need access to create/manage ALL events. That is kinda scary:-)
Nina Cavanagh commented
I hope there is somewhere a request under this subject to restrict Event Managers to their own event AND not allow them to touch the financials. Currently, an Event Manager has the same powers as our Treasurer - (who has to be a Donations Manager ???) which is extremely annoying to our Treasurer and potentially open to the Event Manager perpetrating fraud.
Hi, thanks for the App. Our members and the organizers really love it. But as a main event manager of all our events, I would be happy if I could choose and reduce the rights of each event organizer. At the moment I have to give each organizer the full rights as an event manager - even when he only checks-in participants of his event via the App. Actual that means every organizer could modify or delete by mistake each event even it is not his own.
I would appreciate it if the event organizer (as set in the event emails) could manage only his own events.
If that will not be possible to realize I would appreciate it if I could choose the rights of each organizer. For example: can delete events, can edit, can add contacts (non-members) or can only check-in the participants.
That would be very helpful.
Jason Yee commented
Are there other wishlist items similar to this? I would love to give more access to event organizers in my organization, but it is not possible because allowing them to be event managers on the system also allows them to edit member data and view other financial information.
Randy Rensch commented
I've already commented that this wish, maybe combined with the addition of a second Organizer (assistant, reservationist, whatever) would be firmly in the Top 5 of our organization's wishes, so I won't go on about how we would use it.
Meanwhile, for those here who mention that the Organizer of a single event should not receive emails regarding other events, note Support's advice that each event can have a separate organizer. But that still leaves a problem: Unless the Organizer is herself registered, she will receive all the promotional emails for it.
We have a privacy workaround that involves setting up an autoforward "event address" for each event, at our hosting service. After entering that event address in our Contacts list, it is then specified as the Event organizer. It's a Rube Goldberg scheme, and requires setup by someone trusted to access our hosting account (2-5 min chore for each address) but it works. We can forward simultaneously to the various managers in involved in the event (somewhat obviating the need for separate Manager, Organizer and Reservationist fields), and the Organizer's personal address is not broadcast to our entire mailing list. (However, unless a special Gmail (etc) account is used, it will be disclosed to Registrants who the Organizer contacts. The relevance to this thread (sorry for burying the lead!) is that unless the event address is configured to opt out of mass mailings, the Organizer will get all the promotional emails about ALL our events. Luckily that setup is very easy and a one-time thing.
Alternatively, if privacy is the only concern, maybe each Organizers could have their own Gmail address. I don't know offhand if Gmail can be configured to autoforward. If so, that would resemble our system. But without autoforwarding, accessing a special Gmail account would be yet more work for the Organizers and those who teach them. And it would be a ton of work for the Organization to create and configure many scores of Gmail accounts.
Maybe WA should think about ways to pull all these concerns and workarounds together within the WA system. If not, hopefully some of what I've described will be helpful to some here.
Doug, you can already change the event organizer for individual events. For details, see https://gethelp.wildapricot.com/en/articles/31#organizer
Scot McConnachie commented
One more addition to my previous message:
1) i. A preset list of hashtags available for assigning to the event.
Doug Walters commented
Would like to see the ability to select a contact as an Event Manager per event instead of only one Event Manager for all events. Most orgs have event committees and chairpersons per event. No need for every committee chairperson getting registration notifications for events that are not theirs.
Scot McConnachie commented
An admin asked me to repost this message from the following topic:
It is posted here in a slightly edited form. Our organization hosts many events with recurring sessions that, on a limited basis, are open to the public, so we found the proposal in the above link to be too limited. Our typical events will have free registration options for members and the public, the latter of which are constricted by the member event organizer’s Membership Level. In effect, the public attendees are “guests at-large” of the event organizer and can self-register into the event (the organizer, when a member, can also register specific guests as well). We use bifurcated event registrations, to members or the public, as a primary recruiting and retention method for our organization.
1) This proposal is to extend the administrator paradigm by giving a contact (not just a member) Limited Event administrator access to the Administrative View of the organization website. I propose the following options for setting up each Limited Event Administrator.
a. To view or not view but not edit others’ events in the Event List (or a calendar UI). This allows one to see potential event conflicts. See item 3) below for more options.
b. Allowing specific Visibility (i.e. Event Access) settings when creating and editing one’s events. For example, if a Limited Event administrator is restricted to creating Admin Only visibility events then that creates an implicit workflow where that administrator must have de facto approval to change Visibility.
c. A numerical limit on the total number of attendees in an event (no limit is possible).
d. A numerical limit to the total number of future event sessions on the system at any time (no limit is possible).
e. A preset list of Saved Searches that may be chosen from to announce an event.
i. As a sub-option, limits on the number of announcements to reduce “spamming” effects on the recipients.
f. Whether the administrator can create RSVP events, Regular events, or both.
g. For Regular events I see the following Limited Event administrator options.
i. Similar to item 1) b. above, restrict to specific Visibility (i.e. Event Access) settings for Regular events. Because Regular events are more complicated, it is a reasonable control to separate this setting from RSVP events.
ii. A different preset list of Saved Searches that may be chosen from to announce the event. Why is this a different list of saved searches from RSVP events? Because RSVP events cannot have a separate registration limit for the public versus members. If an RSVP event is open to the public, then the organization loses control over how many public members would be admitted to the event. This might be acceptable to many organizations, particularly when they can charge admission to the event. However, for us we have to ration public access differently since our competitors offer free events: we do this using membership dues. Since we have to ration public access differently, it is very likely that our RSVP events would be members only; we would not want to announce such events to the public.
iii. Across all Event Registration Types, set a maximum allowed price ($0.00 is possible; no limit is also possible).
iv. Across all Event Registration Types, set a minimum allowed price ($0.00 is possible).
v. Across all Event Registration Types open to the public, limit the number of non-members allowed to register (0 is possible, which would negate public access; no limit is also possible).
vi. Across all Event Registration Types open to the public, set a minimum price ($0.00 is possible).
vii. Across all Event Registration Types, set a maximum number of guests allowed per registrant (0 is possible; no limit is also possible).
h. Allow the Limited Event administrator to exceed any or all of the limits set above, but highlight the exceeded limits in red (or some fashion). The system would retain an event that exceeds its author’s limits but it could not leave Admin Only status, nor accept registrations, nor be announced by email blast: only a higher level administrator could make these changes. This would provide an implicit workflow.
2) The Calendar interface in the linked to topic is a great idea: event administrators need it too.
a. Calendar events could be coded by their Visibility and/or Open to Registration status.
3) There is more that could be done with the scope of events that a Limited Administrator could view or edit, such as
a. Events by chapter.
b. Events by administrators within a membership group.
c. Events by administrators within a membership level.
d. Events by hashtag.
Giving members backend access to their events becomes a natural way to recruit them as eventual administrators and officers.