Page 1 of 2

Secure Data Fields

Posted: Sat Jan 05, 2008 10:05 pm
by mkmurray
How come I can see age and priesthood office while using MLS on some screens like browsing the Elders Quorum membership, but I cannot see those same field when viewing or printing custom reports? It tells me somthing like I don't have sufficient rights, but obviously I do in some circumstances.

Thanks in advance.

Posted: Mon Jan 07, 2008 12:57 pm
by mkmurray
Anybody have a guess?

Posted: Mon Jan 07, 2008 3:11 pm
by russellhltn
Just wild ideas. Most anyone running of lists for Priesthood is going to need to know the office held. But if you were to run off a general ward list, I can see where that might be considered sensitive. I think that has to be kicked back to the developers to see if MLS is acting "as designed" or if this a bug somewhere.

I'm assuming you don't have administrative rights - if you do then something is acting up because you should be able to see everything.

Posted: Mon Jan 07, 2008 4:08 pm
by mkmurray
RussellHltn wrote:I'm assuming you don't have administrative rights - if you do then something is acting up because you should be able to see everything.

Correct. I am an EQ Secretary. I have no clue what rights have been set up for me. I just expected there to be consistency, but I can see how what you are saying may be "as designed."

Posted: Thu Jan 10, 2008 11:33 am
by mkmurray
RussellHltn wrote:I think that has to be kicked back to the developers to see if MLS is acting "as designed" or if this a bug somewhere.

Church Developers,

Any comments on this bug and/or feature that I have described would be appreciated. Thank you.

Posted: Thu Jan 10, 2008 1:26 pm
by Mikerowaved
I'm not sure how much I'm allowed to post, as this gets a bit into the security aspect of the program, so someone please stop me if this isn't kosher.

I setup a test account where an individual can only access the "Organization", which is basically how EQ, HP, RS, Primary, etc. accounts are setup and played with it for a bit. I could access individual records with only a few of the areas not showing up, but there is definitely quite a bit of information there that could be considered sensitive. Are these needed for the above listed callings? Not in my very tiny opinion. Maybe birthdays.

What's disturbing about the Custom Reports is it allows you to use criteria you don't have privileges for. For example, "Member Status IS Endowed". As long as the Custom Report Format doesn't have any sensitive fields selected, like just the name and address, the report runs without a hitch. Hummm... this isn't right.

Posted: Thu Jan 10, 2008 5:35 pm
by mkmurray
Mikerowaved wrote:I setup a test account where an individual can only access the "Organization", which is basically how EQ, HP, RS, Primary, etc. accounts are setup and played with it for a bit. I could access individual records with only a few of the areas not showing up, but there is definitely quite a bit of information there that could be considered sensitive. Are these needed for the above listed callings? Not in my very tiny opinion. Maybe birthdays.

As an EQ Secretary, I can come up with many situations where it could be justified that I (or more likely the Presidency) need(s) such information as Priesthood Office, Age, Birthday, Is Endowed, etc. And obviously from my very first post, I have rights to most of that already when looking at the EQ membership tab. But when I do a custom report with the same data fields, magically I don't.

Posted: Thu Jan 10, 2008 5:39 pm
by mkmurray
mkmurray wrote:As an EQ Secretary, I can come up with many situations where it could be justified that I (or more likely the Presidency) need(s) such information as Priesthood Office, Age, Birthday, Is Endowed, etc.

More specific to my first post in the thread, I needed to give President a list of Prospective Elders in the quorum. I couldn't find that report already made somewhere, so I did a custom report. But what good is the report if I have a bunch of names and I can't see the Priesthood office. All I know is they made it into the report. Age is important as well when talking about somebody who is not really on par as far as priesthood office is concerned with others of their same age.

Posted: Thu Jan 10, 2008 11:11 pm
by Mikerowaved
I guess my example wasn't very good. What I was trying to emphasize is MLS will allow you to search on criteria that you aren't allowed to view in your report. For example, find all Deacons over the age of 18, but then not let you see that they hold the office of Deacon in the report. (Obviously, they are all Deacons.) That's the part that doesn't make sense to me from a security/privacy point of view. Besides being able to readily see this very same information in other areas of MLS that you aren't allowed to view in a custom report (as you pointed out). Doesn't seem consistent to me either.


In our unit the EQ Pres. has a bit of extra privilege letting him run the kind of reports you were referring to that his counselors and secretary can't. This most likely follows the guidelines from HQ when setting up accounts in MLS. (I know, probably not what you wanted to hear, but I'm not going to comment on their policies.) I guess the only work-around for you is to have your president run the report.

Posted: Fri Jan 11, 2008 7:47 am
by mkmurray
Mikerowaved wrote:What I was trying to emphasize is MLS will allow you to search on criteria that you aren't allowed to view in your report. For example, find all Deacons over the age of 18, but then not let you see that they hold the office of Deacon in the report. (Obviously, they are all Deacons.) That's the part that doesn't make sense to me from a security/privacy point of view. Besides being able to readily see this very same information in other areas of MLS that you aren't allowed to view in a custom report (as you pointed out). Doesn't seem consistent to me either.

I whole-heartily agree. I would have accepted my restrictive permissions if they had been consistent.
Mikerowaved wrote:In our unit the EQ Pres. has a bit of extra privilege letting him run the kind of reports you were referring to that his counselors and secretary can't. This most likely follows the guidelines from HQ when setting up accounts in MLS.

Can you refer me to which guideline you are talking about? Thanks.