Allow Member profile Access Control by Member Level
Bottom Line: The matrix for controlling "Access to Others" for Profiles is insufficient. Currently the only choices are: Anyone, Members and No Access. We need another layer between Anyone and Members. This way we can use the full functionality of Wild Apricot and control access to information by delineating between the Public/Prospects and all real Members.
Discussion: What this is about is how Wild Apricot allows us and our Members to control access to the information they provide in their profiles and how they and we control everyone's privacy.
We have created two member levels:
In order to make use of the full functionality of Wild Apricot, each level is given the status of Active Member.
We want Guests to be able to freely register on our web site and we want to be able to add them to our e-mailing list. We also want Guests to receive notice of our weekly speaker series. The Guests are in effect prospective members.
Our organization is run entirely by volunteers and assists experienced professions in job search and job transition. The majority of our Members are unemployed. One becomes a Member by participating in our intensive job search training program which costs several hundred dollars.
One of the services we want to provide to our Members is the ability to post detailed profiles of their professional experience and job skills. The kind of profiles we want to provide would be similar to those found on LinkedIN. This allows current Members to learn about networking opportunities among one another and it also lets them learn about inactive Members who might be willing to help in their job search. Wild Apricot handles this quite well.
In addition, we want to be able to afford our Members the option of a public listing. After all, many of them are looking for jobs. The Wild Apricot field Directory Listing Text is just what we need for this and the Public Directory page is made to order for this too. The Member can create a mini-profile promoting their own job search without revealing just the amount of information they feel comfortable.
We are restricting the profile details available to Guests and we are not placing the Guests on the Public Directory. Again, we can do this with the member level controls currently available.
So far so good. The problem arises in that we want to distinguish services provided between Members who pay a lot of money and invest considerable volunteer hours and Guests who register for free on the web site to receive notice of our events, etc. Remember our Guests are really members of the public who are prospects and we really don't want to afford them the privileges of Members. But to use the Wild Apricot features we have to give Guests the status Member Active in Wild Apricot.
So, here is the rub. We created our Public Directory which excludes Guests. We limited the profile available for Guests. Members can write short promotional profiles, if they want, for the Directory Listing Text field. Our Members who have substantial detail available to them for their profiles can control what is seen by “Anyone”, “Members”, and “No Access.” We would hope that most if not all Members would allow access to their profiles to fellow Members. Their only choice to do so is to select the Wild Apricot choice of Member, which really means ALL member levels which have been created, without distinction.
This means that all Guests who go to the Public Directory and click on any Member name will see all of the profile information that Member has available (which might include phone numbers and addresses, etc). But we DO NOT want Guests to be able to do this.
(repeating the) Bottom Line: The matrix for controlling "Access to Others" for Profiles is insufficient. Currently the only choices are: Anyone, Members and No Access. We need another layer between Anyone and Members. This way we can use the full functionality of Wild Apricot and control access to information by delineating between the Public/Prospects and all real Members.
Azam Ghani commented
We have two levels of membership:
We want to give access to email and phone of members available in Directory to Premium Members only and not Freemium members however we are not able to manage it.
We have the same problem as that of Phil i.e. profile access as per the membership level.
It is really problematic that Free members can access contact details including Phone and Email or can send message to members. However, if we disable it, the access is disabled to our Premium Members as well.
I am wondering if there is any work going on this. If yes, when we can expect this?
Though in July 2015 Dmitry said it's in their wish list however no update/upgrade yet is of concern. We were planning to upgrade to Paid Account at Wild Apricot. Let's see how it goes.
Kim Skimmons commented
I'd like to see more flexibility on the member profile page so that the admin can reset the privacy settings by membership level and thus create different privacy defaults for different membership levels.[/quote]
Me, too. A sponsor or affiliate is very different from a member in most organizations in terms of data collected. Totally different fields are needed to show in the profile by default, including the profile header -- a member probably wants his/her name as the main heading, but a sponsor or affiliate wants the Company Name as the profile heading and probably wants their personal contact information hidden.
Evgeny Zaritovskiy commented
Do you think that we need to have tools in WA so that admin can actually LOCK some fields privacy and members cannot change privacy options for these fields?
Or member should always be able to define any field privacy option but administrator just needs tools to make mass change to privacy options for some specific member groups (for example - by saved search)?
Or even both options?
Unfortunately, this is still on our wishlist as we have quite a few requests already on our roadmap so I can not provide any timeframe yet.
Given that the need is now recognised, in what sort of timeframe might we expect to see a solution?
For me implementing this http://forums.wildapricot.com/forums/308929-general-discussion-and-questions/suggestions/8822308-behaviour-security-of-memberpublicprofile-aspx would also significantly improve security as it would provide another route to a degree of differential security based in membership levels.
Given my current security concerns then one or the other solution would be desirable fairly quickly, and ideally both in time.
Tim, I think your need is pretty much the same as raised earlier in another thread so I will merge it.
Re manual editing - I agree, this is crazy so I would not really consider this a feasible workaround, I consider that we do not have this capability at the moment.
At present the defaults for privacy settings (anybody/members/no access) on fields on the members' records are set for the whole database via the Member Profile Page. The next level of granularity is at the level of the individual field edit for each individual member. This is a huge jump and can be a major administrative burden for admins.
Imagine that you have some membership levels where a substantial part of the profile should be available to all and other membership levels where those same fields should only be visible to other members. At the moment you can only set one set of defaults across the entire database and must manually edit each individual field privacy setting for every member of every membership level that needs the other setting.
If you have a 15,000 members database (max recommended by WA), of which half the records should be visible to all and half only to members, and twenty fields on each record then the admin needs to make 15,000 x 50% x 20 = 150,000 edits to set security levels on the database.
I'd like to see more flexibility on the member profile page so that the admin can reset the privacy settings by membership level and thus create different privacy defaults for different membership levels. Thus a new member would inherit the default privacy settings appropriate to his/her membership level and not a site-wide default that may be completely inappropriate and require field-by-field edits to correct.
(not merging it for now, it's a bit different)
Thank you! I was just coming on to post a note about this exact need.
Since you don't allow differentiation between members, sponsors, etc. we have created different member types with different access etc. (per your recommendation).
This is fine except, some sponsorship levels do NOT include full contact details to be displayed on the sponsor directory. We can set this initially in the access section but have no way to lock them out from making changes and adding all kinds of information like name, industry, logo, etc. Since we charge by what information is included, this is a huge problem.
Also, fields that are marked so that the member can not edit it in their profile should not allow an edit to the profile views either!
Everybody - I would appreciate comments/votes about this