Securing your Mazévo scheduling solution—like protecting any mission-critical application—is a balancing act. You’ve got to give people as much access as they need… but not more.
The robust security features in Mazévo let you do exactly that. One of our Mazévo Connect free live webinars titled “Unlocking the Power of Mazévo User Security: Safeguarding Your Scheduling System” covers this critical topic, and you can check out the recording on our YouTube channel.
Mazévo CEO Dean Evans starts the Connect session with the caution that you should be careful when giving users Global Administrator privileges. It’s tempting when defining security for your system to say, “Oh, heck, just give [insert user’s name] admin access.” But that’s not a good strategy, especially since it’s so easy to provide users with appropriate access rather than full access.
Dean goes on to provide a step-by-step demonstration of how to define a Mazévo user’s security settings. This includes the important note that when updating a user’s permissions, such as giving them additional privileges, they must log out of Mazévo and then back in to have the new permissions.
As part of this overview, he explains that:
It’s also helpful to know that you can give a user access that combines aspects of the security for requesters and event planners.
Dean continues with helpful visual examples of what a user sees in Mazévo based on the functions you give them access to. While or after viewing this presentation, you should check out a couple of helpful articles in the Mazévo Knowledge Base: Security in Mazévo and Security Roles in Mazévo: A Visual Guide.
Dean notes an essential fact about user security in Mazévo: If someone doesn’t require full global administrator access but has to perform specific administrative functions, the system easily accommodates that need. You simply navigate to the Other Security Roles tab and select the appropriate Role Type, which is a group of functions.
The Connect session continues with Dean showing examples of how security affects what users can view and do in Mazévo. This includes talking about a relatively new feature called “security tags,” which you can use to give a person access to selected rooms within a building.
He opens an event with one booking to which the user has access and one to which the person doesn’t have access, based on the event locations. Dean points out that the off-limits booking is highlighted in yellow to make the lack of editing access clear to the user. They have view-only access to this event.
Dean continues by walking through and explaining several Mazévo security roles.
Next, Dean opens the user record for a typical Mazévo user with requester access, showing that the Security Policy is Standard. Then, he drills deeper into the policy to explain how it’s defined, how it affects user access, and what “room security groups” are.
This includes new “Max Daily/Weekly/Monthly Hours” parameters that can, for example, keep users from easily grabbing “self-service” spaces (like the small study rooms in a library) for extended periods.
“Unlocking the Power of Mazévo User Security: Safeguarding Your Scheduling System” wraps up with an attendee asking an excellent question about giving users view-only access to one set of rooms and request access to others.
In an example of how we strive to be transparent about Mazévo’s current capabilities and to accommodate users’ needs, Dean acknowledges that the person’s scenario is something we’ll have to ponder.
If you have questions about Mazévo security or simply want a customized live demonstration of our advanced, web-based scheduling solution, reach out!