The Series25 Group Administration tool handles permissions in a clean and straightforward way. In order to make this possible, certain best practices are enforced when you use Group Administration.
In order to edit the group's security in the Groups tool, it must meet the following minimum security requirements. If they are not met, you will be prompted to automatically update them before continuing.
- Events: Can view
- Cabinets: Can view
- Folders: Can view
- Location Access: Can view
- Resource Access: Can view
- Organization Access: Can view
- Event Drafts: Can view, edit, create, and copy
- Event Search: Can view, run, create and save event searches
- Layouts and Images: Can view
- Security Groups: Can view
- Event Resource: Full Control
- Event Space Profile: Full Control
If a group needs more than this (for example, the ability to create events) then you will have a chance to set higher permissions later.
These are the best practices for security in 25Live, and you will not be able to use the Group Administration tool without following them. Please see our recommendations below if you are accustomed to different permissions.
Why do we enforce these best practices?
As Series25 evolved over time, more and more settings were added to handle increasingly complex permissions. The combinations of these settings could be unpredictable and even contradictory. In addition, the average scope of Series25 on campus has grown as 25Live is used by greater numbers of users with increasingly diverse requirements. All of this put a great burden on administrators to know how to correctly configure their environments and follow best practices.
With the development of the Group Administration tool we decided to make administrators' jobs easier by bringing certain permissions up to a specific minimum level. This allowed us to accomplish the following goals:
- The new tool should support the same range of use cases for 25Live without eliminating functionality.
- All permissions should be configurable using simple "yes/no" questions regarding a user's permissions.
- As an event scheduling application, 25Live should allow all users to see and search for events.
- Object Level Security should be mandatory to allow a more precise configuration of event, location, organization, and resource visibility.
Most institutions are already following the best practices described by these goals, but if you're reading this page it's probably because one of your security groups wasn't. If you want to know how to adapt your settings to achieve the same functionality as before while meeting best practices, read the following section.
Adjusting Your Configurations to Accommodate Best Practices
Here is a list of all the minimum permissions enforced by Group Administration, along with tips to achieve the same functionality if you are used to having lower permissions.
Permission | Minimum Enforced | Tips |
|---|---|---|
| Event Drafts | Can view, edit, create, and copy | To prevent users from creating or editing drafts, configure their allowed event states. |
Events | Can view | This permission should not be removed. If users aren't viewing events, why are they using 25Live? |
| Event Search | Can view, run, create, and save event searches | Similar to the previous setting, it is CollegeNET's position that all 25Live users should be able to search for events. |
| Folders, Cabinets | Can view | Viewing folders and cabinets is necessary to allow users to view the events contained within. Use object security to hide specific folders and cabinets if desired. |
| Location/Organization/Resource Access | Can view | To prevent users from viewing specific locations, organizations, or resources, use object security. |
| Layouts and Images | Can view | In order to ensure smooth operation of location requests, we require that any layouts and their images are visible to all users. |
| Security Groups | Can view | Viewing security group names is necessary for the new Contact Details page in 25Live. |
| Event Resource and Event Space Profile | Full Control | To prevent users from assigning locations or resources in the event form, use event form configurations. |