Go to documentation repository
Documentation for Axxon One 2.0. Documentation for other versions of Axxon One is available too.
Previous page
Next page
On the page:
General information
A role is intended for assigning a group of users individual rights and permissions for administration, management and/or monitoring of individual components of Axxon One.
Creating a role
To create a new role, do the following:
- At the end of the list of system roles, click the Create link. The new role is added to the system, with its properties displayed on the right side.
Configure the access permissions:
Parameters Access level Description Basic Name − Enter a name for the role Map control Select the access level to the maps for users with this role Map management No access Users cannot view maps View only Users can only view maps View/move/scale Users can views, move, and scale maps Full access All operations with map are available Other
Archive depth viewing restriction − If you need to limit the access of users of this role to all system archives, you can specify the archive depth limit in hours. If no limit is set, users can view all videos Access to Functions Set access permissions to Axxon One functions Access to confidential comments Yes Add and view confidential comments No Access to Search in archive mode
Yes Archive search (see Video surveillance in the Archive Search mode)
No Adding camera to layout in monitoring mode Yes Add a camera to a layout in the Live mode (see Adding cameras to cells)
No Adding/editing presets Yes Add and edit presets for PTZ cameras (see Selecting a preset)
No Alarms processing − Alarms management (see Video surveillance in the Alarm management mode)
No access Users have no access to alarm events View only Users can view alarm events, but they can't assess them Full access Users can view alarm events and assess them Allow comments in archive − Create comments in the archive (see Operator comments) and protected records (see Protecting video recordings from FIFO overwriting) No access No comments allowed Create Users can add comments to the archive Create/Protect Users can add comments to the archive, create protected records Create/Protect/ Edit and delete Users can add comments to the archive, create and edit protected records Allow to delete records Yes Remove videos from the archive (see Deleting a part of archive)
No Allow unprotected export Yes Export frames and videos without password protection (see Frame export, Standard video recordings export). Set No to require setting a password when exporting (see Exporting frames and video recordings)
No Export Yes Export frames and videos (see Exporting frames and video recordings)
No Layouts editing Yes Edit layouts (see Editing layouts)
No Minimize to taskbar Yes Minimize the client to the tray (see Interface of Axxon One)
No Operating domain Yes Manage Axxon domain (see Operations with domains)
No Permissions to access via WebUI Yes Access to the Web-Server (see Working with Axxon One through the Web-Client)
No Show captions Yes Display captions (see Viewing titles from POS terminals)
No Show faces Yes Showing faces (see Masking faces)
No System log Yes View the system log (see System log)
No Unlock camera menu button Yes Context menu of a camera (see Context Menu of the Surveillance window)
No View masked video Yes View masked video (see Configuring privacy masking in archive, Configuring the People masking)
No Access to Interfaces Configure the access permissions to the interfaces Group panels Yes Configure the access permissions to camera groups on the Hardware tab and to the camera groups on the Layouts interface
No Layouts tab Yes Configure the access permissions to the Layouts tab. This parameter applies to both the client and the Web-Client (see Web-Client GUI)
No Objects panel and Camera search panel Yes Configure the access permissions to the Objects panel (see Objects Panel) and the Camera search panel (see Camera Search Panel)
No Access to Settings Archive settings Yes - Configure the access permissions to the Settings tabs
Attention!
- If you select the Device access rights only value in the User Permission settings parameter, all users of the given role will have the permissions to change only the access permissions to the connected devices.
- If the Programming setup is not available for the user role, the user will not be able to use the created macros until the appropriate permissions are granted.
- Configure the access permissions to the system error messages
Attention!
- System error messages are displayed in real-time in the Layouts interface.
- Critical error messages in the system are displayed regardless of the Show error messages parameter.
- Critical errors include:
- geomap connection error;
- export error;
- domain disconnection error;
- insufficient network bandwidth error that is disabled by default. If necessary, you can enable it by adding the SHOW_INSUFFICIENT_BANDWIDTH_WARNING system variable with the TRUE value (see Appendix 9. Creating system variable).
- System error messages are displayed in real-time in the Layouts interface.
No Detection settings Yes No Device settings Yes No Options settings Yes No Programming setup Yes No Show error messages Yes No User Permission settings Yes Device access rights only No Additional Comment − Specify additional information about the user, if necessary
Supervisor confirmation Supervisor for acccess to export − - If the administrator has to confirm the launch of export for users of this role (see Exporting frames and video recordings), select the corresponding role in the list
- If the administrator has to confirm the login of users of this role (see Starting the client), select the corresponding role in the list
Attention!
- If a user belongs to several roles and each of these roles has its own supervisor, the user can receive confirmation to access export or authorization from a single administrator.
Note
For example, a user can belong to several roles at the same time: Operator 1, Operator 2, Operator 3.
Each of these roles has its own supervisor:- For Operator 1, the supervisor is Admin 1.
- For Operator 2, the supervisor is Admin 2.
- For Operator 3, the supervisor is Admin 3.
The user needs to receive confirmation from only one of the three administrators.
- If a user belongs to a regular role (such as Operator) and an administrator role at the same time, supervisor confirmation isn't required, provided that the administrator role can be used as supervisor.
Note
For example, a user belongs to the Operator 1 and Admin 1 roles at the same time. If Admin 1 is selected as supervisor in the Supervisor confirmation settings, the user doesn't need to receive confirmation to access export or authorization.
Supervisor for authorization in client − Time schedule management Time schedule − If you need to grant the users in this role permissions only for a certain period of time, select a time schedule from the list. These users will not be able to use their permissions outside of the selected time schedule
Video walls management Server Yes Configure the permissions to manage the connected clients' monitors by setting permissions for each server on Axxon domain. A user who has management permissions for the monitors of a particular server can manage monitors of any client connected to that server
No - Configure the access permissions to the Settings tabs
On the Groups tab, configure the Default permissions (see Types of permissions to access hardware, archives and macros).
Note
When you create a new role, you cannot go to another tab until the role is saved. If you change any access permissions on any tab, you cannot go to another tab until the settings are saved.
Device
Access level
Description
Default permissions Configure the default permissions to devices Camera access
No access
No access to the device
Archive only User can view only the archive
Live in Armed mode
User can view video from the camera only when the camera is armed
Live
User can view live video from the camera. Other functions and device configuration are not available
Live/Archive
User can view live and recorded video from the camera. User cannot arm/disarm/configure the camera
Live/Archive/Control
All functions available. User cannot configure the device
Live/Archive/Control/Configure All functions and device configuration available
Microphone access
No access
User cannot listen to live audio:
- from the camera;
- in the archive.
Audio recording to an exported file is not available
Live Audio
User can listen to live audio from the camera (the microphone must be turned on). User cannot listen to audio in the archive
Live Audio and Archive
All functions are available
PTZ priority
No access
User cannot control the PTZ device
Minimum level
User can control the PTZ device with the corresponding priority (see Controlling a PTZ сamera)
Low level Medium level High level Maximum level On the Groups tab, configure the Group permissions if there are camera groups (see Configuring video camera groups).
Device
Access level
Description
Group permissions Configure group access permissions to cameras (see Types of permissions to access hardware, archives and macros) Camera group
Inherited Access permissions are inherited from the Default permissions tab → Camera access No access
No access to the device
Archive only User can view only the archive
Live in Armed mode
User can view video from the camera only when the camera is armed
Live
User can view live video from the camera. Other functions and device configuration are not available
Live/Archive
User can view live and recorded video from the camera. User cannot arm/disarm/configure the camera
Live/Archive/Control
All functions available. User cannot configure the device
Live/Archive/Control/Configure All functions and device configuration available
If necessary, configure the access permissions to a specific device on the Devices tab.
To do this, select the access level for a specific device (see Types of permissions to access hardware, archives and macros).Access level Device Access level to device Inherited Camera Access levels are inherited from the Default permissions tab → Groups or from the group permissions Microphone Access levels are inherited from the Default permissions tab → Groups PTZ Archive only Camera Archive only Microphone Live audio and archive PTZ Medium level Live in Armed mode Camera View in armed mode Microphone Live audio PTZ Medium level Live Camera View live video Microphone Live audio PTZ Medium level Live/Archive Camera View live video and archive Microphone Live audio and archive PTZ Medium level Live/Archive/Control Camera All functions, configuration isn't available Microphone Live audio and archive PTZ Medium level Live/Archive/Control/Configure Camera All functions, configuration is available Microphone Live audio and archive PTZ Maximum level You can specify the access level to a specific camera and extend it to other cameras. To do this, do the following:
- Select the access level to a camera from a drop-down list on the Devices tab.
Click the
button and select the cameras, to which you want to specify the same access level.
Click the Apply button.
As a result, the specified access level is extended to the selected cameras.
To quickly select multiple cameras, press down the Shift key, select the first and last camera, to which you want to specify the same access level. The checkboxes set for all selected cameras when you select any of them.Note
Similarly, you can extend the access levels to microphones, PTZ devices and archives.
Configure the Default permissions to domain archives or Archive permissions to a specific archive in the Archives section.
Device Access level Description Default permissions Configure the default access permissions to the archive (see Types of permissions to access hardware, archives and macros) Archive access No access No access to this archive Full access Full access to the archive Archive permissions Configure the permissions to a specific archive (see Types of permissions to access hardware, archives and macros) Archive Inherited Access level is inherited from the Default permissions tab No access No access to this archive Full access Full access to the archive - Configure the Default permissions to macros or Macro permissions to a specific macro in the Macros section.
Attention!
Users outside the admin role can create macros, if they have the permissions to create them. They cannot use them until they have the permissions to use them.
Macro type Access level Description Default permissions Configure the default permissions to macros (see Types of permissions to access hardware, archives and macros) Macro access No access No access to macros Full access Full access to macros Macro permissions Configure the access permissions to a specific macro (see Types of permissions to access hardware, archives and macros) Automatic rules
Inherited Access level is inherited from the Default permissions tab No access No access to macros Full access Full access to macros Event rules Inherited Access level is inherited from the Default permissions tab No access No access to macros Full access Full access to macros Cycle rules Inherited Access level is inherited from the Default permissions tab No access No access to macros Full access Full access to macros Click the Apply
button to save the changes.
A new role is created.
Copying a role
You can copy a role. To do this, do the following:
- Click the name of the role that you want to copy.
- Click the Create button.
A new role is created with the same parameters as the selected role.
Note
To create an empty user role with no parameters specified, select the Roles common group, and click the Create button.
Removing a role
To remove a role, do the following:
Select the role that you want to remove.
Click the Remove
button.
Note
You cannot delete a role if the user who is logged in belongs to that role.
- Click the Apply button.
The role is removed. All users who belong to this role are also removed.
Overview
Content Tools