You are browsing myClubhouse Knowledge Base

Access Control in myClubhouse

Owned by Joanne Shovelton
Oct 03, 2019
4 min read

myClubhouse has fine grained access control which allows you to tightly control exactly who has access to which features and data in the system. Before we start on explaining how the system works and how you can set it up, let's first introduce the core concepts:

  • Security Level - a predefined, ordered list of general access levels increasing from Public through to Administrator. Each user has a maximum security level which is derived from the roles they are assigned into and their membership status.

  • Role - defined by system administrators, a role can be occupied by multiple incumbents and is assigned a security level. You can have as many different roles as you like. The incumbents in each role are manually allocated.

  • Entitlement - a right to access and use a function or resource whose access is controlled. For example, the ability to send emails or the ability to make use of a particular member list.

  • Entitlement Grant - the granting of an entitlement to one or more users.

  • Membership Subset - if you have the Membership Subsets Add-on, you can define subsets of your membership (using member lists) and then scope roles and entitlements within these subsets. For example, you could define a "Tennis" subset which contains all members of the Tennis Section. You can then define a "Tennis Administrator" who has administrator-level access to the system but confined to Tennis Section members. Such an administrator with the "View all member details" entitlement would only be able to view the details of Tennis Section Members.

Security Levels

Security Levels are predefined in myClubhouse and cannot be changed. In increasing level of access, they are:

  1. Public - anybody who has arrived at the website and not logged in is considered to be a member of the Public. An entitlement that is granted to Public is available to everybody on the planet.

  2. Registered - you are registered if you have an account/profile on the website and have logged in. You do not need to be a member.

  3. Member - the system considers anybody who has a paid-up and in-date membership subscription (which grants member-level access) to be a Member. Note that if you only have an active subscription for a membership category that gives Guest-level access, you will not be considered to be a member. To be considered a member, you must be logged in to the website.

  4. Staff/Official - the lower tier of administrator access. You can only get this level through being an incumbent in a role. Note that you do not need to be considered to be a member in order to be an official.

  5. Administrator - the upper tier of administrator access. As with Staff/Official, you need to be in a role in order to get this security level and, again, you don't need to be a member.

Each user of the system has a security level. Users with higher level access can automatically access all features granted to lower levels of access.

Roles

Roles are defined by system administrators according to the requirements of the club or organisation. You can have as many roles as you like. Apart from certain special roles, each role can have as many incumbents as you like. The special roles are Treasurer and Membership Secretary - both of these can only have one incumbent each. Also, these roles cannot be deleted.

Each user can be in multiple roles. A role is allocated a security level; this would usually be Staff/Official or Administrator, though can be any of the others. If a user is in multiple roles, then their security level will be the maximum level bestowed by any of their roles.

To create, edit and delete roles you should go to the Club Roles page which can be accessed from the Admin / Settings menu.

Entitlements and Grants

An entitlement is a permission to access a feature of function of the website. For example, there is an entitlement to be able to send email from the site; and one to be able to create events. Each entitlement can be granted to any combination of Security Levels, Roles, Member Lists or individual users. To change the entitlement grants, go to the Entitlements Manager page which can be accessed from the Admin / Settings menu. To grant an entitlement, simply type in the first few characters of the security level, role, member list or user name and then select from the drop-down. Grants are automatically saved as soon as you select them. Note that changes to entitlement grants take effect immediately.

Membership Subsets

Membership Subsets is an add-on that can be purchased alongside myClubhouse. It allows you to grant entitlements that only apply over a subset of your membership. For example, you could define a subset that contains all members with an active Tennis Membership, and then grant "View all Member Details" entitlement on this subset to, say, the Tennis Membership Secretary. This would mean that the person in this role can see the full details of all tennis members but not of anybody else.

Membership Subsets are defined with Member Lists. This means that you can define your subset using pretty much any characteristic of your members; e.g. membership status, personal details (e.g. age, gender), team squads, event or purchase history etc. etc. Membership Subsets can overlap; so, for example, you could create subsets for each club section and then one subset for all junior members across all sections.

Each subset can have its own set of roles and entitlement grants (where it is possible to apply them to a subset). So a Membership Secretary role for a subset, with Administrator-level access, would only get the granted entitlements for the members within the subset.