1.0 Introduction
The Operators Permissions feature allows you to create software users and operator groups. You can then assign different permissions to the groups, (so that certain features can be hidden/shown for the different users). User account types can be restricted to view only certain controllers and/or only certain access groups. Routes can also be assigned so the software users will only be able to see events generated from hardware that has that same route(s) assigned to it. Users can also be set audit permissions.
The software supports an unlimited number of additional users and user groups, however, the number of users that can connect at any one time is dependent upon the Application Server's client license count. The standard Doors.NET software includes one licensed client connection.
The Permissions tab in the Operator setup controls the display of the
menus/what the operator can see (i.e hide the buttons on the main toolbars). The application
permissions are applied once you are in the menu. If you want to cut
down on the number of menus/icons shown, then you have to use the
Permissions tab. The
application permissions apply to the menus once you get into them.
- Click Setup >> Operators Permissions.
- The Application Server authenticates each user 'login' and assigns a unique session identifier for the duration of the user's connection.
There are six tabs in the Operator Permissions setup section:
- General - create individual operator permission levels and add new user accounts
- Permissions - set the individual, specific tasks on which operator are allowed to perform operations
- Locations - set which gateways and controllers within the gateways on which operator are allowed to perform operations
- Access Groups - set which access groups on which the operator is allowed to perform operations
- Routing - used to restrict the viewing of events, (from hardware with routes assigned)
- Audit - review events and operations performed by operators
2.0 Set Software Permissions
The second tab is Permissions. The software uses a combination of database rights and account types to control what an operator can 'see' when they login. The permissions tab in Operator Setup controls the display of menus (i,e hide the buttons on the main toolbars). Application Permissions are then applied to settings within those menu items. The Permissions are most commonly used to cut down on the number of menu items shown. - Scroll through the Operators list and select an operator group to which permissions should be assigned.
- Scroll through the properties grid and for each line item, select the permission level you wish to allow.
- Depending upon the Permission type, the setting options are either Show or Hide, or there will be three options: Full Control, View-Only, or Hidden.
As an example, you may want the 'Security Management' Operators to view, but not be able to Add Cardholders, or Activate/Deactivate Cardholders. Select View-Only and when a 'Security Management' user logs into Doors.NET they will be able to go into Cardholders, but the Add button will be grayed-out.
In addition, if a credential is highlighted in a cardholder record you will notice that it's also not possible to change the status.
- Click Save.
3.0 Adding Locations
The Locations tab configures which controllers the user group is allowed to manipulate. Those that are unchecked will not be shown to any login in that user group. In the example below, the Security Management user group will only see the first PXL500 controller listed on the London Office PXL gateway. It will appear to them as though there is only 1 PXL on the gateway when in fact there are two. By not being able to 'see' the second controller, the logins in this user group will not be able to configure, override, receive messages, or run reports on the second PXL500.
- Scroll through the list of Available Locations and select the ones you wish this operator to view.
- Click Save.
- Now, if the operator views Hardware Setup there will only be the selected controller and selected gateway listed in the hardware tree - the first controller in the London Office gateway.
4.0 Adding Access Groups
The third part of the virtual database permissions is the Access Groups tab. The system administrator must assign access groups to a user group. This controls what is shown in the access group and cardholder menus. In the access group menu, the list of available access groups will be the ones the system administrator has assigned. They will also be the ones available to assign access rights to a cardholder in the cardholder menu, and they will be used when the user searches the cardholder database. For example, suppose the cardholder database has 100 entries with the last name of 'Smith' and of those 30 are assigned to an access group named "Executives." When a user in the Security Management user group performs a search for cardholders with the last name of 'Smith', only those 30 records will be shown in the search results. This is because the other 70 cardholders do not have an access group assigned that is in the available access groups for the Security Managers.
- To configure the access groups for a specific user group, select the user group and click on the Access Groups tab. The entire list of all access groups is displayed.
- A check mark indicates that the selected access group will be available to the selected user group.
- Click save.
5.0 Adding Routing
In addition to controlling which hardware items are available through Location assignment, and the search limits imposed by the access group assignment, the user group can also be assigned one or more routes. A route is part of the event message notification and only user groups that have a route assigned can receive messages from the hardware which also has the same routes assigned. This allows the system administrator to configure a user login that receives messages from just a selection of hardware (i.e from certain readers in certain locations).
- To configure a user groups for a specific route, select the user group and click on the Routing tab. The entire list of all routs is displayed.
- A check mark indicates that the selected route will be available to the selected user group.
- Click save.
6.0 Auditing Operator Permissions
The Audit section in Operator Permissions allows you to view all of an operator's login sessions and activity. This is viewed by user, not by user group.
- Select the user whose operator permissions you wish to audit.
- Click on the Audit tab.
- Click the Search button to retrieve login information for the selected user using the default date of today's date. The start time is the time that the user logged in.
- You can expand each one to view what activity was performed by that user. If there is no information then the + will disappear when you click it.