A security policy is used to define the rules that requesters must follow when making or editing requests. Every user who has request privileges is assigned a security policy.
Overview
There are two main questions that a security policy addresses:
- What locations can the user request?
- What are the allowed timeframes for making and editing requests?
Based on how your installation of Mazévo is configured, security policies are presented in one of two different modes: standard and advanced. This mode is set by Mazévo support for your installation.
Regardless of which setting is used, a security policy dictates the requesting restrictions for all users to whom it is assigned. A requester must be assigned a security policy to make requests.
The Difference Between Standard and Advanced Security Policies
Standard and advanced security policies have some key differences. They include:
Standard Security Policies
- Easier to configure
- No time-of-day restrictions
- No limit to the duration of requests
- No limit to the number of bookings per event
- The policy is associated with buildings, not rooms
Advanced Security Policies
- Allow for limiting requests to certain time blocks (e.g., rooms only available to request from 8 a.m. to 5 p.m.)
- Allow for limiting the number of bookings on a new request
- Allow for a maximum length/duration of a booking (e.g., bookings can only be up to four hours long)
- Allow for a granular selection of rooms
- Allow rooms to be reserved or requested (i.e., apply a status to a sub-policy—more on sub-policies are in the section on Advance Security Mode below)
- Allow for creating different rules for different sets of rooms within one policy.
- Allow for defining a check-in/no-show timeframe.
Both security policy types allow the same restrictions for how far into the future bookings can be requested and how many days in advance of the booking date requesters can create new bookings or changes must be made.
Determining Which Security Mode You Are Running
When you navigate to Security > Settings, you see an indicator of which mode you are running at the top of the page, like:
If you're running in advanced mode, the window looks like:
Standard Security Mode (Default)
When your system is set to use standard security policies, you can create one or more policies that determine the boundaries of time and location for requesters. Each requester must be assigned a security policy; however, the security administrator can assign a policy to multiple users.
Here are two sample scenarios:
- Students are allowed to request rooms only in the Student Center and marked as Low Security for events that will take place within the next 60 days. The Events Office requires that requests be made at least five days before the first booking so that event planners have enough time to process them, and requesters must make changes to requests at least two days in advance of a booking.
- Faculty are allowed to request rooms in the Student Center, Conference Center, and Smith Hall within the next 90 days. The events office requires at least two days before the first booking to process these requests, and requesters must make changes to requests at least two days before the booking.
To accommodate the scenarios above, you would create two security policies—one for student requesters and one for faculty requesters—tailoring each to enforce the appropriate restrictions.
To create a standard security policy:
1. Navigate to Settings > Security Policies.
2. Click Add Security Policy. 
3. On the Details tab, enter:
- The Name of the policy.
- The email address to notify when new requests are created.
- Any Notes for this policy.
- If you are using SSO and this policy is the default for new users, check Assign to New Users for Single Sign-on. A new user, authenticated thru SSO, will be created as a Requester with this policy. Only one policy can be used as the default for new users.
- If you are not using SSO and new users can create an account, checking Assign to New Anonymous Requesters will assign this policy to the new account.
4. On the Settings For Events tab, click Yes for either of the timeframe options to set limitations if appropriate. To allow users to make requests without time restrictions, leave the two settings set to the default of No.
5. If setting timeframes, enter the appropriate values for restrictions on new events and/or changes to events. When specifying how far into the future the requester can make a booking, you can indicate a rolling number of days (e.g., 180 days out) or a hard date (9/1/2021).
6. On the Buildings tab, select the building(s) available for users to request.
7. Click Save.
Advanced Security Mode
The main difference between standard security and advanced security modes is creating "room security groups" for a policy. Here's an example scenario:
- Students are allowed to request meeting rooms, but we need at least two days' notice, and they can't book more than 30 days into the future.
- Students can book study spaces within the next 48 hours but can only use a room for two hours or less.
- Students can request lounge spaces, but only for use after 5 p.m. Again, we need at least two days' notice, and they can't book more than 45 days into the future.
Each of the rules above would be a room security group within a single security policy.
Each room security group defined for a security policy is then applied to one or more rooms. A room can only have one security group assigned to it.
To create an advanced security policy:
1. Navigate to Settings > Security Policies.
2. Click Add Security Policy and enter the following information:
On the details tab:
- The Name of the policy.
- The email address to notify when new requests are created.
- Any Notes to describe the usage of this policy.
- If you are using SSO and this policy is the default for new users, check Assign to New Users for Single Sign-on. A new user, authenticated thru SSO, will be created as a Requester with this policy. Only one policy can be used as the default for new users.
- If you are not using SSO and new users can create an account, checking Assign to New Anonymous Requesters will assign this policy to the new account.
On the Options tab select the following options:
- Check/clear the box to indicate whether users assigned this policy will be limited to a maximum number of bookings for a new event.
- To allow requesters to enter a billing code when making a new request, select Show Billing Code. If you select this option, you can also make the Billing Code Required.
- If you allow requesters to use the copy event tool, check Allow Copy Events.
3. Click Save.
To manage rules for an advanced security policy:
After creating a new advanced security policy, you add rules to it.
1. Click on the Security Groups column to manage the rules for a policy.
You will be on the following screen:
To create a room security group:
After selecting a security policy to manage, you can create new room security groups or edit existing groups.
1. Click Add Room Security Group.
2. Enter the following information:
- Name for the Room Security Group.
- Request Mode - Determines if the bookings created for rooms tied to this group are requests or self-service events. Self-service events do not go through the requesting process.
- Status for New Bookings - If the mode is Request, select a status tied to the request behavior of Pending. If the group you are defining is for Reserve mode, select a status tied to a Booked request behavior.
- Status for Booking Changes - If the mode is Request, select a status tied to the request behavior of Pending. If the group you are defining is for Reserve mode, select a status tied to a Booked request behavior. The status selected for booking changes can be the same as new bookings. However, you can have a separate status to indicate that the booking has been changed.
- Status for Canceled Bookings - Select the status for the bookings that the requester cancels.
- If this group will be limited to the time of day for new bookings, check the box for Booking Time Frame and enter the starting and ending times. Bookings can only be added or changed within these boundaries.
- If you require that new bookings are only allowed within a certain number of hours before the booking start, check the Earliest Booking box and enter how many hours before the start time. For example, if you need 24 hours' notice before an event, entering 24 will prevent new bookings within the 24-hour window. Earliest Booking hours apply to new bookings, booking changes, and booking cancellations.
- If you are restricting how far out into the future the requester can request, check the Last Booking box and enter either the maximum number of days or the hard cutoff date.
- If you need to restrict the maximum duration of bookings, check the Max Time Block box and enter the maximum number of minutes for a booking. This time does not include setup and teardown time.
- If you need to restrict the total number of hours of bookings per day, check the Max Daily Hours and enter the maximum number of hours allowed per day. This is the number of hours for all bookings for the user for a day.
3. Click Save.
To assign rooms to a security group:
After creating one or more security groups, you will need to assign rooms to them.
Note: You can only assign a room to one security group.
To assign a security policy to one or more users:
Regardless of the mode—standard or advanced—a policy is assigned to users the same way.
1. Click the Users tab to assign the policy to users.
2. Click the checkboxes to select users. On the toolbar that is then displayed, click Assign Security Policy, select the appropriate security policy and click Save.
Copying a Security Policy (Advanced Mode)
You can copy a security policy and its associated groups by pressing the copy icon on the appropriate row in the grid. Copying a security policy will create a new policy with the name of the original policy appended with a numerical value.
