The following gives you a breakdown of each section within User Group Permissions, and the specific settings in each:
- Users: View and add Users to a group.
- Web Services Permissions: Manage permissions tied to Web Services access and settings.
- 2-Step Verification: Enable Multifactor authentication for User Groups as a simple way to add security your system.
- Recorders / Cameras: Enable User Group access to specific recorders and groups.
- Hidden Cameras: Specify any cameras that should be inaccessible.
- Recorder Permissions: Manage permissions tied to the recorder such as video and audio access, as well as setup functions.
- Remote Client Permissions: Manage access to remote clients by either client type and IP range.
- General Info: Edit the Name or Descriptions of the User Group, or to delete the group entirely.
The first tab is Users, which allows you to add Users to User Groups. It is recommended to set all of the permissions in a User Group first and then add the Users. For more information on adding Users to a User Group, view the instructions in How to Create Users and User Groups.
Web Services Permissions
Use the Web Services Permissions tab to enable or disable User Group permissions pertaining to managing Web Services settings on the recorder, managing other Users and User Group permissions, and managing video clips, alerts and reports. Under Management > User Groups > Web Services Permissions, check the permissions you want to assign to the User Group. Click Save after checking permissions.
- Administration: Administrative Access allows complete access to all web services features and recorders registered to the account.
- User Management: Enable Manage User and User Groups to give Users management permissions over users and User Groups.
- Manage Built-in User Groups: Allows User to view, add, and remove other users from the Built-In User Groups.
- Manage Auto Include: Allow enabling and disabling auto include devices and cameras in User Groups.
- Manage Access by External IP Address: Allows Users to edit the External IP Address settings under the Remote Client Permissions tab.
- Recorders: Allows Users to connect to recorders and add, edit or delete recorders and recorder groups.
- Recorder Access: Allow connecting to recorders that are specified in the Recorders tab with the permissions defined in the Recorder Permissions tab.
- Manage Recorders and Recorder Groups: Allow Users to add, edit and delete recorders and recorder groups that are specified in the Recorder Management tab.
- Video Clip Permissions: Allow access to view and manage video clips uploaded by other Users, as well as Edit, Delete, Share or View Video Clips.
- Access Other Users’ Video Clips: Allow access to view and manage video clips uploaded by other Users based on the Video Clip Permissions enabled.
- Video Clip Permissions: Allow access to all Video Clip Permissions. Permissions can also be enabled individually: Edit, Delete, Share, View.
- Reports: Allows Users to view, create or edit reports, along with assigning Report Administrator access to view, edit and delete any report, even those to which they’re not added.
- View Reports: Allows User to view reports that they have been previously added to. User will only be able to see reports from companies added to this User Group.
- Create/Edit Reports: Allows User to create and edit reports. User can only edit reports they have been previously added to.
- Report Administrator: User will be able to see all Reports, even if they are not added to the Reports as a User. User will be able to create, edit, and delete reports, including Shared Reports.
- Alerts: Customize Alerts Permissions to allow users to view, create, edit, assign Alert Administrator access, and allow third-party integration access.
- View Alerts: Allows User to view alerts that they have been previously added to. The User will only be able to see alerts on recorders/cameras from companies added to this User Group.
- Create/Edit Health Alert Rules: Provides the ability to create, edit, and delete health and storage retention alert rules. Permissions can also be enabled individually.
- Create/Edit Non-Health Alert Rules: Provides the ability to create, edit, and delete non-health alert rules. Permissions can also be enabled individually.
- Alert Administrator: Allows User to create any alert rule type. User will be able to see all alert rules, even if they are not a member.
- Allow Third Party Integration Access: This option allows users to configure Alert Rules to send to third party integrations. This option also provides access to the alerts generated by the alert rule using the Web Services SDK.
Use this tab to enable multifactor authentication. Multifactor or 2-Step Verification is a simple way to add security to your system. Add another layer of protection to your OWS account by enabling 2-Step Verification in your User Group settings. Under Management > User Groups > 2-Step Verification, check the permissions you want to assign to the User Group and then click Save.
- Enable 2- Step Verification: Using 2-step verification will help prevent unauthorized Users from accessing an account with just a stolen password. When Users sign in using a new device, 2-step verification will require them to enter both their password and a unique code that they receive on their phones.
- Force Disable 2-Step Verification Requirement: In some cases, there may be Users who are unable to use 2-Step Verification (Users who do not have access to a phone, etc.). When this happens, they may need to be exempted from 2-Step Verification.
Recorders / Cameras
Use the Recorders / Cameras tab to add recorders, recorder groups or individual cameras to a group. Whatever is chosen will dictate what recorders or individual cameras that Users in the group can view. For some groups, it may be advised to check the box labeled “Automatically include all recorders” so that any future recorders and their cameras added are available to the User Group. If this is enabled, view the Hidden Cameras menu below. Under Management > User Groups > Recorders / Cameras, add devices accessible to the User Group.
- Add Recorder Group: Check the boxes from the menu to add all recorder groups or specific recorder groups to the User Group.
- Add Recorder: Check the boxes from the menu to add all recorders or specific recorders to the User Group. If auto include is enabled, all future recorders will also be added to the User Group.
- Add Camera: Check the boxes from the menu to add all recorders or specific recorders to the User Group.
Adding Recorders and Cameras to a User Group
- Click Recorders / Cameras on the navigation sidebar.
- Click Add Recorder Group, Add Recorder, or Add Camera.
- Click the Add button next to each device you'd like to be added for the User Group.
NOTE: To add all Recorder Groups, Recorders or Cameras to a User Group, click Select All.
Click Select when finished.
Use this tab and permission setting allows to restrict access to specific cameras. Users will not be able to see the cameras or any sensor events the cameras are associated to. This permission will override any other camera permissions. Users in this group will be denied access to the cameras even if they are granted access in another user group. You may use this permission if you selected “Automatically include all recorders” in the previous tab (as you’ve provided access to all of the cameras available on all recorders). Under Management > User Groups > Hidden Cameras, add cameras that are inaccessible to the User Group.
- Add Hidden Camera: Click Add Hidden Camera and check the boxes from the menu to add hidden cameras that will be inaccessible to the User Group.
This tab allows you to granularly configure a number of permissions tied to the recorders. Under Management > User Groups > Recorder Permissions, check the permissions you want to assign to the User Group.
- Video: Allows you to granularly configure video access. An example may be you wish to grant Users the ability to live view video but not grant permissions to control a PTZ camera so those users would never leave a camera in an unwanted view.
- Audio: Allows you to grant permissions to listen to audio and utilize two-way audio as well.
- Web Services: Allows management of all Web Services settings on the recorder as well as more granular permissions like allowing Users in the group to add a recorder to OWS.
- System User Management: Allows management of local Users and groups on the local recorder console.
- Setup: Allow management of system setup settings. Take care to choose the correct user permissions here. For example, you may want certain support groups to be able to reboot a recorder but not perform a software update. Its advised to create as many users groups as you need to ensure only the right permissions are granted for each.
Remote Client Permissions
This tab allows you to restrict User access to remote clients by need and location. Access to clients is managed in User Groups and can be restricted both by client type and by IP range. This gives you the flexibility to enforce policies such as preventing Users from accessing video using the mobile app or to prevent access to clients when a user is not on the corporate network.
Note: Adding Users to a report automatically grants them permission to view reports for cameras and recorders they have access to based on their User Group permissions.
Under Management > User Groups > Remote Client Permissions, check the remote client permissions you want to assign to the User Group.
- Client Access
- Command Station: Allows Users to access recorders using the Command Station desktop application. Further customize allowing users to view and edit shared layouts, edit linked cameras, and allow push notifications to users logged into Command Station.
- Web Browser: Allows Users to connect to Web Services and recorders using a web browser.
- Local Console: Allows Users to connect to the recorder when using a monitor and keyboard / mouse attached to it.
- Mobile Applications: Allows Users to connect to recorders using iOS devices (iPhone, iPad, etc) and Android devices (phones, tablets, etc).
- Restrict Access by External IP Address: When enabled, Users in this user group will only be able to connect from the external IP Addresses added here.
- Enable restrictions.
- Enter range of external IP Addresses that OWS can be accessed from.
- Select to add additional ranges if necessary.
Use this tab to edit the Name or Descriptions of the User Group, or to delete the group entirely. Deleting a group cannot be undone and will remove all users from the group.