More Flexible Roles & Permissions Needed to Avoid Security Risks

Hi NB Community!  

Our team has been very pleased with the overall functionality, tools, and networking capabilities of NationBuilder throughout our campaign.  However, as an experienced system administrator, I have some concerns about the limitations on security and permissions. In reviewing our online campaign plan, the team asked:

Short of conducting full background checks on every volunteer, how can we limit access to their individual responsibility or assigned activity on the system??

After reviewing the system and Community blog, we learned -- with the current permission schema, we can not modify the existing Roles.  Therefore, NB Admins are faced with the choice between effective security and workload management.  

Our team chose to limit the number of staffer accounts, in favor of overall system security -- but in return, must manage most of the data activities offline &/or do the work ourselves.  Not ideal, considering all the features and capabilities we'd like to use in NB with a host of available volunteers.

Since I'm sure this affects more than our camp, I'd like to share our perspective on NB permissions and offer some suggestions for future development ~

Our Situation:  Large campaigns (probably any size, actually) rely on many volunteer workers ("staffers) of different skillsets to do specific data management tasks, like simple data-entry, deduping, defining lists/reports, organizing volunteers/call banks, updating news feeds.  Most of these volunteer staffers are unfamiliar to our team, but we really need & depend upon their help. With the current permission schema, this tradeoff can be very risky:

• Unexpected 'explorers,' 'meddlers,' or outright dishonest staffers (God forbid!) could cause serious damage to the campaign and/or candidate by inadvertently or intentionally misusing the system tools.
• There is no available user access or activity log for an Admin to use & determine who might have misused the system and hold them accountable, if desired.
• In Texas, the Candidate can be held liable for misuse of the voter registration data with severe penalties (imagine the potential for ID theft in one export...)

While the database can be backed up & recovered without public awareness or impact, security issues in other areas may be visible to the public or will be scrutinized by government auditors -- potentially destroying a campaign or candidate.

Problem Scenario:  In order to allow a volunteer to perform a number of low-risk data management activities, such as data entry, defining maps, updating addresses, deduping records, creating a call list, etc., they will also have full permission to perform other undesired, high-risk activities, such as:

• Tampering with any web page--like altering the Candidate's Biography with false information or simply deleting the page,
• Broadcasting unauthorized and/or false messages to thousands of people instantly,
• Exporting & selling or distributing the voter data file that has been updated with additional personal information, emails, cell phone numbers, and private correspondence gathered throughout the campaign,
• Altering financial records by modifying donor amounts, or adding false donations & inflating the supposed financial status

Any one of these could become a media blitz and campaign nightmare.  We just can not afford to take these risks with our community's data or candidate's reputation, so we have chosen to limit our staffers to ensure security -- which is causing a great logistical strain on our campaign project tasks & timelines. 

Desired Scenario:  Ideally, we would like to assign access/permissions by Roles or Groups, which are defined by how we organize certain volunteer activities/responsibilities or even by the individuatl tools/features used in NB.  For example:

• Only our qualified & *paid* web designers on our Communications Team would have authority to create or change pages, themes, etc.
• Only Finance Committee members would have authority to view, add/update the campaign financial records or responding to new donations.  
• Broadcasting tools would be assigned to specific Communication Team members 
• etc...

We really do enjoy the NB and would love to see more development on the security features, so we can take full advantage of the productivity tools!  Thanks!!

Unauthorized Page Edits - How can I find out who/what changed?

Hi NB Team,

From the Pages list > "Updated" column, I can see that some Pages have been modified in the past few hours by one of our many Staffers or Admins.

Most of these changes were not approved by the Candidate or Comm. Committee and must be reverted ASAP(!).  Others, I can't even tell what they changed - which concerns me even more.

1. How can I tell which team members are doing this?
   
   
2. How can I identify exactly what was changed/updated (settings, content, templates, etc.)?
   
   
3. How can I revert to a previous version?
   
   
4. What is your recommendation for efficiently monitoring or regulating unauthrized page edits, since system permissions give all Staffers & Admins capability to edit/publish? 
   (I do not have time to check the "Updates" column on Page list for new changes all day, every day or hunt through each page to try and figure out what they meddled with...I really need a more efficient method of maintaining page security & oversight.)

Thanks!

Amanda McNamara, Admin
ParnellMcNamaraForSheriff.com