Securing your Mazévo scheduling solution—like protecting any mission-critical application—is a balancing act. You’ve got to give people as much access as they need… but not more.
The robust security features in Mazévo let you do exactly that. One of our Mazévo Connect free live webinars titled “Unlocking the Power of Mazévo User Security: Safeguarding Your Scheduling System” covers this critical topic, and you can check out the recording on our YouTube channel.
TL;DR Key Takeaways:
- Mazévo uses three primary security roles you can fine-tune to your needs: global administrator, requester, and event planner.
- Granting global administrator access by default is not a good strategy.
- Mazévo takes a layered approach to security that lets you grant access very granularly.
- You can give access to specific administrative functions without making someone a global administrator.
- Features like security policies, security tags, room security groups, and others provide tremendous flexibility.
An Overview of Mazévo Security
Mazévo CEO Dean Evans starts the Connect session with the caution that you should be careful when giving users Global Administrator privileges. It’s tempting when defining security for your system to say, “Oh, heck, just give [insert user’s name] admin access.” But that’s not a good strategy, especially since it’s so easy to provide users with appropriate access rather than full access.
Dean goes on to provide a step-by-step demonstration of how to define a Mazévo user’s security settings. This includes the important note that when updating a user’s permissions, such as giving them additional privileges, they must log out of Mazévo and then back in to have the new permissions.
As part of this overview, he explains that:
- Global admins have access to all system functions.
- Requesters can add events to the system for themselves, becoming the primary contact for any event they schedule. They can also edit events, but only those they created. In addition, they can see events on which they’re a secondary or billing contact but can’t edit them.
- Event planners can put in events for any organization and contact and can edit those events. The one caveat is that you can limit their access to specific buildings. Dean also notes that “event coordinator” is just a title we use by default and points out a field you can use to change it to something more relevant to a person’s role (“Catering Sales Manager” in his example).
It’s also helpful to know that you can give a user access that combines aspects of the security for requesters and event planners.
Dean continues with helpful visual examples of what a user sees in Mazévo based on the functions you give them access to. While or after viewing this presentation, you should check out a couple of helpful articles in the Mazévo Knowledge Base: Security in Mazévo and Security Roles in Mazévo: A Visual Guide.
Not a Global Administrator but Need Certain Administrative Privileges?
Dean notes an essential fact about user security in Mazévo: If someone doesn’t require full global administrator access but has to perform specific administrative functions, the system easily accommodates that need. You simply navigate to the Other Security Roles tab and select the appropriate Role Type, which is a group of functions.
An Interesting Example of a Mazévo User With Limited Access
The Connect session continues with Dean showing examples of how security affects what users can view and do in Mazévo. This includes talking about a relatively new feature called “security tags,” which you can use to give a person access to selected rooms within a building.
He opens an event with one booking to which the user has access and one to which the person doesn’t have access, based on the event locations. Dean points out that the off-limits booking is highlighted in yellow to make the lack of editing access clear to the user. They have view-only access to this event.
Dean continues by walking through and explaining several Mazévo security roles.
Another Example: Requester-Specific Security (Policies, Room Security Groups, etc.)
Next, Dean opens the user record for a typical Mazévo user with requester access, showing that the Security Policy is Standard. Then, he drills deeper into the policy to explain how it’s defined, how it affects user access, and what “room security groups” are.
This includes new “Max Daily/Weekly/Monthly Hours” parameters that can, for example, keep users from easily grabbing “self-service” spaces (like the small study rooms in a library) for extended periods.
Closing With a Thought-Provoking Q&A Question
“Unlocking the Power of Mazévo User Security: Safeguarding Your Scheduling System” wraps up with an attendee asking an excellent question about giving users view-only access to one set of rooms and request access to others.
In an example of how we strive to be transparent about Mazévo’s current capabilities and to accommodate users’ needs, Dean acknowledges that the person’s scenario is something we’ll have to ponder.
If you have questions about Mazévo security or simply want a customized live demonstration of our advanced, web-based scheduling solution, reach out!