Security Groups

Christina DeYoung,

I mean, people always react to things differently, but I have had the best success in explaining that it is to help THEM avoid issues and errors.  When people are doing X, they do not want have to be worried about accidentally doing Y or Z because then the reporting gets messed up, or someone has to redo it later.  And while yes, sometimes people need two different sets of duties, and yes it IS annoying to have to go to "File\Relogin" to change your access, the thing is, again, it IS safer in terms of access but also, someone is rarely doing thing to two different aspects of the organization so interchangeably that they have to re-login every few minutes.  Usually you can stay logged in as one user group for a while and get X work done, and then later that day, log in as the other user group and get Y and Z work done.  If you can talk about it positively enough, sometimes that can work.  It also never hurts to show them what happens when mistakes get made and how much work it is to undo and fix issues.  But yeah, sometimes communicating to people can be difficult.  That is why we spend so much time on it!

Our Box Office Manager and Assistant Manager post all Box Office batches as well as the Web batch.  The person in our Development department who does the contribution entry is always the one who posts the contribution batches as well.  Usually just the one person, but there are two others who can do it as well.  Who ever does the entry does the posting.  That is easiest for us.  Everyone who posts sends the post numbers to Finance who then know who to ask if they have any questions.  I am sure there are other ways to do it, but that is how we do it.

John A. Moskal II

I'll second what John said!  It's for their protection.  And also, sometimes I can spin it as "we're making the data more secure and everyone likes secure data, right? You only access what you need to do your job!" Though if I have a user who is really keen on learning more about different areas of Tess, I'll often grant elevated access in the Test environment for self-directed learning.

As far as posting, we're similar as well - the ticket office manager on duty does the ticketing batch types (incl. web), and the devo ops manager does contribution batches. If finance spots an issue, they can either investigate on their own, or they'll work with the ticketing ops mgr and devo ops mgr.  I only get called in once all other avenues are exhausted :-)

I'll second what John said!  It's for their protection.  And also, sometimes I can spin it as "we're making the data more secure and everyone likes secure data, right? You only access what you need to do your job!" Though if I have a user who is really keen on learning more about different areas of Tess, I'll often grant elevated access in the Test environment for self-directed learning.

As far as posting, we're similar as well - the ticket office manager on duty does the ticketing batch types (incl. web), and the devo ops manager does contribution batches. If finance spots an issue, they can either investigate on their own, or they'll work with the ticketing ops mgr and devo ops mgr.  I only get called in once all other avenues are exhausted :-)