Security Policies: What They Are and How to Create Them

This article covers security policies, which are rules for making and editing requests.

Overview

A security policy is used to define the rules that requesters who are assigned the policy must follow when making or editing requests. Every user who has requesting privileges is assigned a security policy. 

There are two main questions that a security policy addresses:

  • What locations can the user request?
  • What are the allowed timeframes for making and editing requests?

Based on how your installation of Mazévo is configured, security policies are presented in one of two different modes: standard and advanced. This mode is set by Mazévo support for your installation.

Regardless of which setting is used, a security policy dictates the requesting restrictions for all users to whom it is assigned. A requester must be assigned a security policy in order to make requests.

The Difference Between Standard and Advanced Security Policies

Standard and advanced security policies have some key differences. They include:

Standard Security Policies

  • Easier to configure 
  • No time-of-day restrictions 
  • No limit to the duration of requests 
  • No limit to the number of bookings per event
  • Policy is associated with buildings not rooms

Advanced Security Policies

  • Allow for limiting requests to certain time blocks (e.g., rooms only available to request from 8 a.m. to 5 p.m.)
  • Allow for limiting the number of bookings on a new request
  • Allow for a maximum length/duration of a booking (e.g., bookings can only be up four hours long)
  • Allow for granular selection of rooms
  • Allow rooms to be reserved or requested (i.e., apply a status to a sub policy—more on sub-policies are in the section on Advance Security Mode below)
  • Allow for the creation of different rules for different sets of rooms within one policy 

Both security policy types allow the same restrictions for how far into the future bookings can be requested and how many days in advance of the booking date, new bookings must be created, or changes must be made.

Determining Which Security Mode You Are Running

When you navigate to Security > Settings, you see an indicator of which security mode you are running at the top of the page, like:

Security Policies - Standard-1

If you're running in advanced mode, the window will also have a Manage button:

Security Policies - Advanced

Standard Security Mode (Default)

When your system is set to use standard security policies, you can create one or more policies that determine the boundaries of time and location for requesters. Each requester must be assigned a security policy; however, a policy can be assigned to multiple users.  

Here are two sample scenarios:

  • Students are allowed to request rooms only in the Student Center and marked as Low Security for events that will take place within the next 60 days. The Events Office requires that requests be made at least five days before the first booking, so that event planners have enough time to process them, and changes to requests must be made at least two days in advance of a booking.
  • Faculty are allowed to request rooms in the Student Center, Conference Center, and Smith Hall and marked as Medium Security or below for bookings taking place within the next 90 days. The events office requires at least two days before the first booking to process these requests, and changes to requests must be made at least two days prior to the booking.

To accommodate the scenarios above, you would create two security policies—one for student requesters and one for faculty requesters—tailoring each to enforce the appropriate restrictions.

To create a standard security policy:

1. Navigate to Settings > Security Policies.

Security Policy - Grid-1

2. Click Add Security Policy. On the Details tab, enter the name of the policy and any notes, and select the highest security level of rooms available for this policy.

Security Policy - Standard - New

3. On the Settings For Events tab, click Yes for either of the timeframe options to set limitations if appropriate. To allow users to make requests without time restrictions, leave the two settings set to the default of No.

Security Policy - Standard - New - No timeframe

4. If setting timeframes, enter the appropriate values for restrictions on new events and/or changes to events. When specifying how far into the future a booking can be made, you can indicate either a rolling number of days (e.g., 180 days out) or a hard date (9/1/2021). 

Security Policy - Standard - New  with timeframe

5. On the Buildings tab, select the building(s) that will be available for users to request.

Security Policy - Standard - New - Buildings

6. Click Save.

Advanced Security Mode

The main difference between standard security mode and advanced security mode is the ability to create what are called "room security groups" for a policy. Here's an example scenario:

  • Students are allowed to request meeting rooms, but we need at least two days notice, and they can't book more than 30 days into the future.
  • Students can book study spaces within the next 48 hours but can only use a room for two hours or less.
  • Students can request lounge spaces, but only for use after 5 p.m. Again, we need at least two days notice, and they can't book more than 45 days into the future.

Each of the rules above would be a room security group within a single security policy. 

Each room security group defined for a security policy is then applied to one or more rooms. A room can only have one security group assigned to it.

To create an advanced security policy: 

1. Navigate to Settings > Security Policies.

Security Policies

2. Click Add Security Policy. Enter the name of the policy and any notes, and check/clear the box to indicate whether users who are assigned this policy will be limited to a maximum number of bookings for a new event.

Security Policy - NewEdit

3. Click Save.

To manage rules for an advanced security policy:

After creating a new advanced security policy, you add rules to it. 

1. Click on the Security Groups column to manage the groups for a policy. 

Security Policies - adding security groups to a policy

You will be on the following screen:

Security Policies - Adding a group

 

To create a room security group:

After selecting a security policy to manage, you can create new room security groups or edit existing groups. 

1. Click Add to create a new room security group.

Security Policy - Group NewEdit all fields

2. Enter the following information:

  • Name of the group
  • Status for new events created in rooms in this group
  • If this group will be limited to the time of day for new bookings, check the box for Booking Time Frame and enter the starting and ending times. Bookings can only be added or changed within these boundaries.
  • If you require that new bookings are only allowed within a certain number of hours prior to the start time of the booking, check the Earliest Booking box and enter a number of hours prior to the start time. For example, if you need 24 hours notice before an event, entering 24 will prevent new bookings within the 24-hour window.

Note: When your Earliest Booking date is seven days or fewer, weekend days are not included in the calculation. This means that if you set the earliest booking to 24 hours and someone is requesting a room on Friday afternoon for Sunday morning; they will not see any rooms available. Monday will be the earliest they can request.

  • If you are restricting how far out into the future a request can be made, check the Last Booking box and enter either the maximum number of days or a hard cutoff date.
  • If you need to restrict the maximum duration of bookings, check the Max Time Block box and enter the maximum number of minutes for a booking. 

3. Click Save.

To assign rooms to a security group:

After creating one or more security groups, you will need to assign rooms to them.   

Note: A room can only be assigned to one security group.

 

Security Policy - Group - Room Assignments

To assign a security policy to one or more users:

Regardless of the mode—standard or advanced—a policy is assigned to users the same way.

1. Click the Users tab to assign the policy to users.  

Security Policy - Users

2. Click the checkboxes to select users. On the toolbar that is then displayed, click Assign Security Policy, and select the appropriate security policy and click Save.

Security Policy - Assign to users

Copying a Security Policy (Advanced Mode)

You can copy a security policy and all of its associated groups by pressing the copy icon on the appropriate row in the grid. A new policy will be created with the name of the original policy appended with a numerical value.  

Security Policies - Copy