Hi all
We've recently applied protection types to a subset of records in v15, preparing for our v16 upgrade. However the protection types are currently associated to the default control group, so all users can see and edit all records. When we upgrade to v16 we will be linking the new protection types to the control groups to switch on the record security.
However, in analytics in v15, we're now seeing records with a protection type displaying in dashboards as _Protected, hiding the customer number and all other details.
I'm sure this is a simple configuration issue, but can't find anything in the help documentation. I've tried associating the Default Division (the only one we use) with all the control groups, even though the control groups aren't yet in use.... Can anyone put me out of my dashboard misery and suggest what I've missed?
I'm seeing this as Sys Admin. And all other users are also seeing the same results, even those with control group permissions.
many thanks
Alison
Hi Alison,
Currently, even in v16, if any protection type is logged against a constituent, their name information is masked in Analytics. May I suggest logging an IDEA to enhance constituent name information in Analytics to be stored differently such that some users will see the true name and other users will see it masked based on the configured Tessitura permissions?
Wait, WHAT?
Wow. Okay. Somewhere in all of our v16 testing I guess nobody looked at a dashboard that used constituent information or clicked through to a Jump to Constituents window. So, simultaneously shaken my faith in my testing pool and essentially killed one of the primary benefits we were hoping to get out of v16.
Okay, done: https://community.tessituranetwork.com/ideas/i/ideas/protected-types-should-obey-control-group-rules-in-analytics
Chris Wallingford are there any other cases of Analytics not following Control Group security rules that I should be mindful of?
Hi Chris - thanks for the reply.
As Gawain says: Wow! That's a major curve-ball and big issue for us.We have had to move to use protection types in v16 because of the deprecation of constituency-based security, which we have been happily using since implementation. All our Development contacts have a protection type to ensure that records are only editable by selected user groups, which means that we won't be able to use dashboards for any pivot tables of donor names.As Protection types are fundamentally linked to control groups, I reasonably assumed (and seems like Gawain did too) that analytics would respect control group rules here. (Edited): I've just checked our Plans and Portfolios dashboards, in daily use by our DEV team to manage their pipeline, and they can no longer see the names of their donors.
thanks Gawain. I've +1'd it.
yeah, feels more like a bug fix than a feature request. anyways, I updooted!
Gawain, just to clarify, the behavior Chris described re: protected constituents has been the case in Analytics since 2018. If you were not using protection types in v15, then users would not have observed this. However if you are using protection types in v15, your testers would not have seen anything different in v16 - other than the number of protected constituents increasing if your use of protection types increased in the test environment.
Hi Amanda,
We currently do not use Protection Types in v15, but with the improved functionality intended to use them on _all_ constituents in v16, so I am surprised it didn't come up in our months of v16 testing.