Privileges define what users can do, such as arming zones,
blocking cameras, and unlocking doors, over the part of the system they have access
rights to.
User privileges in
Security
Center are divided into
the following groups:
Application privileges:
Grant access to the Security
Center
applications.
General privileges:
Grant access to the generic Security
Center
features.
Administrative privileges:
Grant access to entity configuration in Config
Tool.
Task privileges:
Control accessibility to the various Security
Center tasks.
Action privileges:
Control the actions that can be performed on the system entities.
For a list of available privileges, see Security
Center
5.8 Privilegeson the Genetec™ TechDoc Hub.
You can also refer to the Privileges page of a user or user group in the
Config
Tool
User management task.
Privilege hierarchy
Privileges are organized in a hierarchy, with the following behavior:
- For a child privilege to be allowed, the parent privilege must be allowed.
- If a parent privilege is denied, all child privileges are denied.
- A child privilege can be denied when the parent privilege is allowed.
Privilege inheritance
Privilege settings can be inherited from user groups and replaced at the member (user or
user group) level according to the following rules:
- A privilege that is undefined at the group level can be allowed or denied at the
member level.
- A privilege that is allowed at the group level can be denied at the member level.
- A privilege that is denied at the group level is automatically denied at the member
level.
- When a user is a member of multiple user groups, the user inherits the most
restrictive privilege settings from its parents. This means that
Deny overrules Allow, and
Allow overrules Undefined.
Exceptions to privilege rules
The following exceptions apply to the privilege rules:
Administrative users:
Members of the Administrators user group (which include the Admin
user) have full administrative rights over the system. They can configure Security
Center as they see fit. The Admin
user and the Administrators user group are created at system installation. They
have all the privileges and cannot be modified nor deleted.
Actions reserved for administrative users:
There are actions that only administrative users can perform because they can
potentially affect the entire system. These actions are not associated to any
privilege.
- Adding, modifying, and deleting macros.
- Creating generic event-to-actions (without a specific source entity).
- Running the Diagnostic data collection tool.
Privilege exceptions for partitions
A user (or user group) has a set of basic privileges that is the result of the
privileges inherited from their parent user groups, plus the ones explicitly allowed or
denied to the user.
When a user is given access to a partition, their basic
privileges are applied by default to the partition. As a system administrator, you can
overwrite the privileges a user has over a specific partition. For example, a user can be
allowed to configure alarms in partition A, but not in partition B. This
means that a user can have a different set of privileges for each partition they have
access to. Only
Administrative and Action privileges, plus the privileges over
public tasks, can be overwritten at the partition level.
