Creating and configuring roles

A role is intended for assigning a group of users individual rights and permissions for administration, management and/or monitoring of individual components of Axxon One.

To create a new role, do the following:

1. At the end of the list of system roles, click the Create link. The new role will be added to the system, with its properties displayed on the right side.
   
2. Enter a name for the role in the corresponding field (1).
   

3. Select the access level to the maps for users with the current role (2). 

   Access level	Description
   View only	You can only view maps
   View/move/scale	You can move and scale maps
   Full access	All options available

4. If you need to limit the access of users of a given role to all system archives, you can specify the archive depth limit in hours in the Archive depth viewing restriction field (3). If no limit is set, users may access the entire video footage.

5. Set access permissions for Axxon One features (4). Access can be restricted to such features as:
   
   1. Archive search (see Video surveillance in Archive Search mode).
   2. Adding a camera to a layout in live video mode (see Adding cameras to cells).
   3. Adding and editing presets for PTZ cameras (see Creating and editing presets).
   4. Alarms Management (see Video surveillance in Alarm Management mode). 
      1. No access − users have no access to alarm videos.
      2. View only − users can view alarm videos but they can't evaluate alarms.
      3. Full access − users can view alarm videos and evaluate alarms. 

   5. Creating comments (see Operator comments) and protected records in video footage (see Protecting video footage from FIFO overwriting).

      Access level	Description
      No access	No comments allowed
      Create	Add comments to the archive
      Create / Protect	Add comments to the archive, create protected records
      Create / Protect / Edit / Delete	Add comments to the archive, create and edit protected records

   6. Removing videos from the footage archive (see Delete a part of an archive).
   7. Allow unprotected export (see Frame export, Standard video export). Set No to require setting a password for exported images and video (see Exporting Frames and Video Recordings).
   8. Exporting frames and video recordings (see Exporting Frames and Video Recordings).

   9. Editing layouts (see Configuring Layouts).

   10. Minimizing the Client to the system tray (see Interface of the Axxon One Software Package).
   11. Managing an Axxon domain (see Axxon Domain operations).

   12. Access to the Web server (see Working with Axxon One Through the Web-Client).

   13. Displaying captions (see Viewing titles from POS terminals).
   14. Show faces (see Masking faces).
   15. Viewing the system log (see The System Log).

   16. Context menu of a video camera in a viewing tile (see Viewing Tile Context Menu).

   17. View masked video (see Setting up privacy masking in Video Footage).

6. Configure access rights to the Settings tabs and to the system error messages (5).

   Attention!

   If you set the User Permission settings parameter to Device access rights only, all users of the given role will be permitted to change only access rights to connected devices.

   Note

   Error messages are displayed in real time in the Layouts interface.

   
   

7. Set access permissions for Layouts in Axxon One (6). This parameter applies to both the Client and the Web Client (see Web-Client's GUI).

8. Set the parameters to apply the four-eye principle (7):

   1. If the administrator has to confirm the launch of export for users of this role (see Exporting Frames and Video Recordings), select the appropriate role in the Supervisor for access to export list.

   2. If the administrator has to confirm the login of users of this role (see Starting an Axxon One Client), select the corresponding role in the Supervisor for authorization in client list.

9. If you need to grant the users in this role permissions only for a certain period of time, select a Time schedule (8) from the list. These users will not be able to use their permissions outside of the selected time schedule.

10. Configure rights to manage connected Clients' monitors by setting permissions for each Server on an Axxon domain (9). A user who has management permissions for the monitors of a particular Server can manage monitors of any Client connected to that Server.

11. Set access permissions to hardware and archives on an Axxon domain (10).

    Device	Access permissions	Description
    Video camera	No access	You cannot access the device
    	Archive only	You can only view video footage in archive
    	Live in Armed mode	You can view video from the camera only when the camera is armed
    	Live	You can live video from the camera. Other functions and device configuration are not available
    	Live/Archive	You can view live and recorded video from the camera. You cannot arm/disarm/configure the camera
    	Live/Archive/Control	All functions available. You cannot configure the device
    	Live/Archive/Control/Configure	All functions and settings available
    Microphone	No access	You cannot listen to live sound from the video camera. You cannot listen to sound recordings from the archive
    	Live Audio	You can listen to live sound from the video camera (the microphone should be turned on). You cannot listen to sound recordings from the archive
    	Live Audio and Archive	All functions are available
    PTZ	No access	You cannot control the PTZ device
    	Minimum level	You control the PTZ device with the corresponding priority (see Controlling a PTZ Camera)
    	Low level
    	Medium level
    	High level
    	Maximum level
    Archive	No access	Access is not provided to this archive
    	Full access	Archive is available for all function

    You can configure group rights for accessing devices and archives of a particular Server. To do so, select an access level for the Server object. Depending on the selected level, particular access levels are automatically configured for the devices and archives of the relevant Server:

    Server access level	Device/archive	Device/archive access level
    Custom	-	Access levels for devices and archives are set manually
    No access	-	No access to devices and archives
    Archive Only	Video camera	Archive only
    	Microphone	Live Audio and Archive
    	PTZ	Medium level
    	Archive	Full access
    Live in Armed Mode	Video camera	You can view armed cameras
    	Microphone	Live Audio.
    	PTZ	Medium level.
    	Archive	No access
    Live	Video camera	You can view live video
    	Microphone	Live Audio
    	PTZ	Medium level
    	Archive	No access
    Live/Archive	Video camera	You can view live and recorded video
    	Microphone	Live Audio and Archive
    	PTZ	Medium level
    	Archive	Full access
    Live/Archive/Control	Video camera	All functions. Configuration not available
    	Microphone	Live Audio and Archive
    	PTZ	Medium level
    	Archive	Full access
    Live/Archive/Control/Configure	Video camera	All functions + configuration available
    	Microphone	Live Audio and Archive
    	PTZ	Maximum level
    	Archive	Full access

12. Select the appropriate access level to set the possibility to manually run all or some macros (see Configuring Macros) from the Layouts interface (11).
    

    Attention!

    By default, created macros are available only to users from the admin group.

    Users outside the admin group can create macros, if they have the permissions to create them. They cannot use them until they have the permissions to use them.

13. Click the Apply button to save the role.

The new role has been created.

You can copy Roles. To do it, follow the steps below:

1. Select the role to copy.
2. Click the Create button.

This creates a new identical role.

To delete a role, do the following:

1. Select the role to delete.

2. Click the Delete button.


   Note

   You cannot delete a role if the user who is logged in belongs to that role.

3. Click the Apply button to save the changes.

The role has been deleted. All users who belong to this role will also be deleted.