Access Expert User Group (Permissions)

Issue

Information for User Permissions using Access Expert is needed

Product Line

EcoStruxure Access Expert

Environment

Access Expert V3 Hosted

Cause

Access Expert User Permissions Overview 

Resolution

Overview

User groups and permission are set by an Administrator to manage and control what aspects of the system an operator has. There are no default user login credentials. The user group (permissions) determines what areas of the software a user can access as well as what type of actions they can execute (i.e. update, delete, etc.).

User Groups

A key aspect of the Keep permissions engine is the ability to explicitly Deny a trait or option for an operator. This Deny approach allows Administrators to quickly and easily create a new Permission group like an Administrative level operator but without a specific item.

User Group Lists

From the General Configuration tab, click on the Groups icon in the Administrative section. This will open a list of all the Permissions currently available in your system. Every system comes with a single System Administrator permission level and there is no limit to the number of Permissions a single system can have.

Adding User Groups

To add a new Permission:

1. Click “Add Group”.
2. Assign a Display Name.
3. Assign a Description. The Description should be concise but also provide enough information about the functionality this role will have.
4. Add desired Permissions.
5. Click "Save" or "Save & Close".

***IMPORTANT: The minimum permissions to log in are read on the Instance.

Keep Objects

Begin by adding rights to the new Permission Group. Note this process starts with the first available tab at the bottom of the screen which is the Objects.

Click Add Permission – This will start the process of building out the rights for this type of operator. A full list of Object Types will be provided at the bottom of this article with the associated Linking options.

Key Terms:

1. Object Type – the type of Keep object to be assigned. Object types follow the menu structure of the Keep system such as Access Levels, Badge Design and Controllers. Selecting the All Types option will provide full access to all aspects of the Keep system.
2. Create – Allows the user to create new objects.
3. Read – Allows the user to read the objects.
4. Update – Allows the user to modify existing objects.
5. Delete – Allows the user to delete the objects.
6. Publish – Allows the user to publish events with the object type specified.
7. Advanced Actions - Allows the user to enable advanced actions for integrations such as HID Origo and Single-Sign On.
8. Linking – When an object type is selected the Linking column will become active. Each object type has a unique series of possible linking traits. When Linking traits are available, the Linking window will display “…”. By clicking the “…” the operator will be presented with the full list of possible traits that can be Added or Removed by checking the available boxes.
9. Tags – A keyword applied to a series of objects within Keep to help provide additional separation of permissions. An example: an operator can be provided with Administrative level permission but only for items with a specific keyword.
10. Applies To – Allows the administrator to limit controls to a specific device or series of devices. When being used simply click the “…” icon and the operator will be presented with the ability to choose the devices needed by clicking the Assign Object. Multiple objects can be added. Once the Assign Object icon is pushed simply start typing in the name of the device(s) needed.
11. Type – Allows for Granting or Denying rights for the object type in that line.

The second portion of setting up a new Permissions Group is to determine the Event Types that the operator will be able to interact with. Event Types is a very dynamic list because the available options will be determined based upon the integrations deployed on your system.

The Event Types section is focused on the types of messages that an operator will be able to see as well as the type of commands the operator will be able to take.

Key Terms:

1. Application – the specific service associated with an application in the system such as Mercury Controllers, Allegion Locks, Video Expert, Mobile, and LDAP.
2. Event Types – The specific traits associated with the Application. Each Event Type will be different and the options available will be determined by the integrations deployed on your system.
3. Tags - a keyword applied to a series of objects within Keep to help provide additional separation of permissions. An example: an operator can be provided with Administrative level permission but only for items with a specific keyword.
4. Type - Allows for Granting or Denying rights for the object type in that line.

Object Types

Each object type has a unique series of possible linking traits. When Linking traits are available, the Linking window will display “…”. By clicking the “…” the operator will be presented with the full list of possible traits that can be Added or Removed by checking the available boxes.