It's important that you review the security settings in your IMIS instance for the IQA package that facilitates the integration between Higher Logic and iMIS EMS.

NOTE: iMIS recommends that your queries be restricted to All Staff Full Control and that the user that you use for your integration is a Full Staff user, but not a system administrator. This will better ensure that your queries are secure but that you don't have an additional user account that could be used to get or update anything in the system.

IMPORTANT: Information about the latest security-settings update from iMIS is available in iMIS Security Settings Updates.

You should:

• Review the configuration settings for the Contacts and CustomDemographics IQAs. These IQAs might include personally identifiable information (PII), so you want to be sure that the proper permissions are in place and that your data is protected.
  • iMIS recommends that Access mode be set to Advanced: All Staff Full Control and that the user that you use for your integration is a Full Staff user, but not a system administrator.  If you make a change, make sure that the account that Higher Logic has been provided retains access.
• Consider setting your MailingLists IQAs to the same permission.

Before we begin...

NOTE: For more information from iMIS about IQA, check out this official iMIS resource.

NOTE: Higher Logic can help you with questions that are specific to your Higher Logic integration, but questions about IQAs should be directed to the ASI team.

Review and update the IQA permissions

1. Log in to your iMIS instance.
2. On the Staff page, navigate to RISE > Intelligent Query Architect. 
3. Locate and open the HigherLogic folder which contains folders for each set of IQAs:

• Contacts
• CustomDemographics
• GroupLists
• MailingLists
• ValueLists

4. In the Contacts folder, open the Contacts IQA.

5. On the Security tab:

• • change the Access mode to All Staff Full Control.
  • check the Available via the REST API box (ASI requires this to be enabled).

6. Do this for all of the IQAs in the CustomDemographics folder.

NOTE: By default, CustomDemographic IQAs do not contain PII, but your staff has likely mapped fields with PII to these demographics for use in the integration.

7. Other IQAs do not contain PII by default, but should still be reviewed in case a staff member added other fields to them.

• MailingLists should return contact ID only; all other fields can be removed.
• GroupLists should return contact ID, group code, name, description and join/end dates.
• ValueLists should return contact ID, event code, and title.
• If other fields have been added, consider removing or changing permissions.