In the following UI elements and their functionality are described.
Security Manager can be connected to different access control systems:
- Smart locks, such as Danalock or SALTO locks
- Physical Access Control Systems (PACS), such as SIPORT or SiPass
For configuring access control of smart locks all functions are required. For connected PACS the following restrictions apply:
- For PACS, no doors or locks are configured. The Door and Lock management is not relevant.
- For PACS, time schedules have no effect.
- Privileges are imported from the PACS and cannot be created or edited.
Doors and Locks
If smart locks are connected, the definition of doors with assigned locks is a prerequisite for the work in the Access section. For definition of doors and locks you need the rights of the role Security Manager or Service Engineer. Refer to Engineering Guide, Configuration for Access chapter.
Time Schedules are predefined combinations of days and time intervals. In Access > Time schedules pane, at least one time schedule needs to be created before privileges can be defined.
An access privilege defines an extent to which a user can access the system. The access privilege is defined by one or more combinations of door and time schedule. In Access > Privileges pane, you can create different types of privileges.
A role defines the permissions for users to perform an operation. Security Manager provides a set of predefined roles for each functionality of Security Manager. In Access > Identities pane, you can assign a role to an identity in the Roles tab.
The following roles allow the usage of certain Security Manager functionality:
An identity with assigned role Self-Service User gets the permission for self-service portal (Requests pane).
An identity with assigned role Security Manager gets the permissions for every function of Security Manager.
An identity with assigned role Service Engineer gets the permission for door and lock management (Configuration > Doors and Locks), connection management (Configuration > Connections) and system settings.
Customized Portals User
An identity with assigned role Customized Portals User gets the permission for Monitoring > Customized Portals.
Rule Editor User
An identity with assigned role Rule Editor User gets the permission for Configuration > Rule editor.
An identity with assigned role Approver gets the permission to approve and reject requests under Self Services > Requests for this tenant.
A credential defines verification of an individual's identity and authorization to pass access control. The identities can get access through physical card (physical credential) or through mobile phone (virtual credential). In Access > Identities pane, you can assign physical credentials to an identity and enable virtual credentials in the Credentials tab.
Access privileges can also be defined by membership in a user group. A user group is defined by a combination of one or more privileges and one or more roles. In Access > Identities pane, you can add a new member by assigning a user group to an identity in the User Groups tab.
In order to use the smart phone to open doors, a user needs to download the Access Mobile App from the App Store. After the successful login the smart phone of this user gets registered. In Access > Identities pane, all the devices a particular user registers with the service are listed in the Mobile Devices tab. A user with role Security Manger can perform certain actions, for example remove a device or mark the device as lost or stolen.