Skip to main content
OpenEye Knowledge Base

Best Practices for Configuring User Group Permissions Based on Role

User Group Permissions Best Practices

Taking the time to set up user groups that fit your organization not only saves time when onboarding new team members but ensures the OWS experience is tailored to a team member's role, reducing the potential for costly mistakes.  

Here are four examples of common roles that may exist for your organization; Tech Support, Operations/Management, Sales, and Billing/Finance. This article will show some recommendations for applying permissions to custom user groups that you can create based on the examples mentioned above. 

Operations Manager and Tech Support Manager 

This role would be a sub-administrator of an account and would have many of the permissions of an admin with a few differences. This role within your organization would be the person who manages teams as well as adds new team members into OWS. This could be someone who would be responsible for day-to-day management but not account management.

  • Channel Partner Permissions 
    • Manage Accounts 
    • Manage Unassigned Recorders
    • System Design Tool
    • All Alert permissions 
    • All Report permissions 
    • All Operations Permissions 
    • All Account Licenses Permissions 
    • View Subscription Billing Invoices 
  • Account Access 
    • Include All Accounts In This User Group 
  • Web Services Permissions 
    • Administrative Access
  • Remote Client Permissions 
    • Allows users to connect to recorders using the Command Station application 
    • Push to Client 
    • Allows users to connect to Web Services and recorders using a web browser 
    • Allows users to connect to recorders on the Local Console 
    • Allows users to connect to recorders using Mobile Applications 
  • Recorder Permissions 
    • ​​​​​​​All permissions selected 
  • Video Export/Clips 
    • ​​​​​​​All permissions selected 
  clipboard_ee410fec3f12c2da37c1f7f6c8b36459c.png clipboard_eee4da20d4d4063f5767b826f51e0bff7.png  
  clipboard_e82c9c118e5d95723c9ca9179a547292c.png clipboard_e1b97e0c0ec10178b3dfe47161dd591ec.png  
  clipboard_e6e315c59ef24db9a379b0d176f577ec3.png clipboard_ed95b5143fa8e7160f8012cbf9a5b94f5.png  
Sales and Sales Design 

The recommended Sales and Sales Design role has the permissions they need to get to the tools they need such as System Design Tool as well as access to features for training and demo purposes, but otherwise has minimal permissions selected. 

  • Channel Partner Permissions 
    • ​​​​​​​System Design Tool 
    • View Alerts 
    • View Reports 
  • Account Access 
    • ​​​​​​​This user would only need access to the demo account 
  • Web Services Permissions 
    • ​​​​​​​Recorder Access 
  • Remote Client Permissions 
    • ​​​​​​​Allows users to connect to recorders using the Command Station Application
    • Push to Client 
    • Allows users to connect to Web Services and recorders using a web browser 
    • Allows users to connect to recorders on the Local Console 
    • Allows users to connect to recorders using Mobile Applications 
  • Recorder Permissions 
    • ​​​​​​​All Video Permissions 
    • All Audio Permissions 
  • Video Export/Clips  
    • ​​​​​​​All permissions selected 
  clipboard_e8f4a9f5d7dede53f9c94a0b8d0299428.png clipboard_e9610df504c780d98879fb8e312266ba0.png  
  clipboard_ed427537f709b5db215bd20382e5446b1.png clipboard_ecbb0924c7ca6c79ab6f0a71b55741ef2.png  
  clipboard_edd3f507f11e396dc2d5ec41b68b3c147.png clipboard_ee1d69a791df5b343a1a2208b14e2e0ec.png  
Tech Support 

These recommended permissions would be for team members responsible for responding to customer problems. This role has been given access to the system design tool, as it can be used when troubleshooting problems a customer might be facing. They also have permission to view alerts, this permission along with ‘view reports’ are auto-selected and it’s considered best practice to give them to all team members. We would also give this role the ability to view subscription management for end users This would allow them to determine licensing without being able to make changes.

  • Channel Partner Permissions 
    • ​​​​​​​System Design Tool 
    • View Alerts 
    • View Reports 
    • View Subscription Management 
  • Account Access 
    • ​​​​​​​Select Auto-Include 
  • Web Services Permissions 
    • ​​​​​​​Manage Users and User Groups 
    • Recorder Access 
    • Manage Recorders and Recorder Groups 
    • Report Administrator 
    • Alert Administrator 
    • Allows Third Party Integration Access 
    • Configure Point of Sale Options 
    • Search Point of Sale Data 
  • Remote Client Permissions 
    • ​​​​​​​Allows users to connect to recorders using the Command Station application 
    • Push to Client 
    • Allows users to connect to Web Services and recorders using a web browser 
    • Allows users to connect to recorders on the Local Console 
    • Allows users to connect to recorders using Mobile Applications 
  • Recorder Permissions 
    • ​​​​​​​All Video permissions 
    • All Audio permissions 
  • Video Export/Clips 
    • ​​​​​​​Export Video Locally 
    • Export Video to Web Services 
    • Access Others Users' Video Clips 
    • View Video Clips 
    • Edit Video Clips 
    • Share Video Clips 
    • Share with Guest Accounts 
  clipboard_e07da5cf7ad756214b56c0942d1e98ae7.png clipboard_ec7514fdd51ddce5c7432bd7ef9314d65.png  
  clipboard_e1dfcc8a1f67d7a82fbce38c544ed45b9.png clipboard_e2fc755127707120e7bff8ee8a359b504.png  
  clipboard_e0a5ff17403903771e2d3cc1b4b3238b7.png clipboard_e62f759c987ae7bbc9fe4a50ae02ccf3a.png  
Purchasing, Finance, or Accounting

This role would be for the person within your organization who is managing purchasing or accounts payable.  There are some very specific permissions they would need to access tools such as Subscription Management, the Inventory Report and the Order and Shipping Report.

  • Channel Partner Permissions
    • ​​​​​​​View Alerts 
    • View Reports 
    • Order and Shipping Report 
    • Manage Subscription Management 
    • View Subscription Management 
    • View Subscription Billing Invoices 
    • Receive Subscription Billing Notifications 
  • Account Access 
    • ​​​​​​​Select Auto-Include 
  • Web Services Permissions 
    • ​​​​​​​No permissions selected 
  • Remote Client Permissions 
    • ​​​​​​​Allows users to connect to recorders using the Command Station application 
    • Push to Client 
    • Allows users to connect to Web Services and recorders using a web browser 
    • Allows users to connect to recorders on the Local Consoles 
    • Allows users to connect to recorders using Mobile Applications 
  • Recorder Permissions 
    • ​​​​​​​No permissions selected 
  • Video Export/Clips
    • ​​​​​​​No permissions selected 

 

  clipboard_e1b6a81ff64b979e52e2fa34220c04188.png clipboard_edcd8a0a959ad7d3e51c0b726022a342d.png  
  clipboard_ed2fc955d448cb2ebe0c682142178faf6.png clipboard_e214db425ddb43a932a5e68aec7e9c85a.png  
  clipboard_e202b37fabd552a20bf6d6d9486f6c091.png clipboard_ebf81af60748789ab092015de6c4cd6b1.png  
Training Access Only User Group

If wanting to extend training access to specific users but no other features, you can can create a Channel Partner User Group for Training Access Only. This may be a dedicated group that needs access to partner tools like training, but not other features such as video. 

Create a Training Access Only User Group:

  1. Click on Management > User Management > User Groups > Add New User Group.
  2. Enter a Name for the Group and a Description and click Create.
  • Suggested Name: Training Access
  • Description: Training Access only
  1. The Channel Partner Users menu shows the users in the group. We'd recommend adding users after the user group permissions are selected and saved.
  2. Under Channel Partner Permissions, uncheck all default settings, then enable System Design Tools and click Save.
  3. Under 2-Step Verification, take no action. Keep default settings so that no options are selected.
  4. Under Account Access, take no action. Keep default settings so that no options are selected.
  5. Under Web Services Permissions, take no action. Keep default settings so that no options are selected.
  6. Under Remote Client Permissions, uncheck all default settings except Allows users to connect to Web Services and locations using a web browser. under the Web Browser heading and click Save.
  7. Under Recorder Permissions, take no action. Keep default settings so that no options are selected.
  8. Under General Information, review the name and description. No need to add anything if they are correct.

Create and Add a New User to the Training Access User Group:

  1. Click on Management > User Management > Users > Add New User.
  2. Enter the name and email address of the user you wish to add.
  • An invite will be sent to that email address allowing the user to choose a password and log in once they have accepted the invitation.
  1. Select the Training Access User Group and click Add New User.

Training Access User Group Training Video

 

  • Was this article helpful?