When was the last time you audited the administrative users within your MSR account? The answer to this for many clubs in MSR is “never”, which exposes your organization to some level of risk which you may not be comfortable with.Depending upon the permissions granted, your admin users have the ability to view potentially sensitive information about your organization, your events, your financials, your club members, and more. Admins can also edit and delete club information, event information, export reports, export member lists, etc. This is all to say that we highly recommend keeping a close eye on who has these permissions for your club at all times.
All too often we see roles within a club transition from one person to another, but the outgoing person never has their admin rights adjusted/revoked in MSR. While uncommon, this has the potential to lead to some serious security issues. As a best practice your club should be looking at your admin user list and making adjustments annually - and what better time to start than right now??
Below we’ll provide an overview of how you can check your existing admins and make any necessary permission changes. To start, keep in mind that there are a few different roles and permission levels for admins within MSR:
- Eventmaster - This is the top level of admin access. Eventmaster’s are the only members of your organization that have the ability to grant or revoke admin access for other users.
- Staff - Staff admins have all admin access, aside from the ability to grant to revoke admin access for other users.
- Permissions: As Eventmaster, you’re able to dictate the permissions for your Staff admins.
- Read - The ability to view all information within the account, but not make any edits or delete any information.
- Write - The ability to edit all information within the account, but not delete any information.
- Delete - The ability to read, edit, and delete information within the account.
Now lets show you how to check and make any necessary changes to those existing account admins. Keep in mind that you must hold the Eventmaster role in order to remove other admins.1. From your organizer home screen, click on “Settings” in the vertical menu on the left side of your screen, and then click “Administrative Users”
2. You’ll now see a list of all current admin users in your account, along with their roles, permission levels, and login activity. In order to remove admin access for a user who no longer requires it, click the “edit” button at the end of their row.
3. Within the “Passords & Permissions” box, select “Edit permissions”
4. Add/remove checkmarks in the Roles and Permissions boxes as needed to grant or revoke admin access for this user.
5. Done! Your MSR account is now more secure and only accessible by those users who should currently hold admin access.
You may want to consider adding this task to your annual calendar to ensure it takes place every year. If you need any assistance, or have questions about this process please let us know by contacting our support team at firstname.lastname@example.org. We are always happy to help walk you through this process, but as a general policy we do not edit admin permissions for users within your account in order to prevent any well-intentioned but undesired changes to your administrative teams.