Skip to main content
OpenEye Knowledge Base

User Group Permissions

In OpenEye Web Services (OWS), Users are never assigned permissions directly to their account. Instead, all OWS permissions are assigned to User Groups, to which a User can be added. Users in a User Group will have access to all permissions enabled in the User Group settings. It is recommended that you set permissions prior to adding Users to the group. Create as many users groups as you need to ensure only the right permissions are granted to each.

The following gives you a breakdown of each section within User Group Permissions, and the specific settings in each:

  • Users: View and add Users to a group.
  • Web Services Permissions: Manage permissions tied to Web Services access and settings.
  • 2-Step Verification: Enable Multifactor authentication for User Groups as a simple way to add security your system.
  • Recorders / Cameras: Enable User Group access to specific recorders and groups.
  • Hidden Cameras: Specify any cameras that should be inaccessible.
  • Recorder Permissions: Manage permissions tied to the recorder such as video and audio access, as well as setup functions.
  • Remote Client Permissions: Manage access to remote clients by either client type and IP range.
  • General Info: Edit the Name or Descriptions of the User Group, or to delete the group entirely.
Users

The first tab is Users, which allows you to add Users to User Groups. It is recommended to set all of the permissions in a User Group first and then add the Users. For more information on adding Users to a User Group, view the instructions in How to Create Users and User Groups.

OWS User Permissions Users.png

Web Services Permissions

Use the Web Services Permissions tab to enable or disable User Group permissions pertaining to managing Web Services settings on the recorder, managing other Users and User Group permissions, and alerts and reports. Under Management > User Groups > Web Services Permissions,  check the permissions you want to assign to the User Group. Click Save after checking permissions.

OWS User Permissions Web Services Permissions.png

  • Administration: Administrative Access allows complete access to all web services features and recorders registered to the account.
  • User Management: Enable Manage User and User Groups to give Users management permissions over users and User Groups.
    • Manage Built-in User Groups: Allows User to view, add, and remove other users from the Built-In User Groups.
    • Manage Auto Include: Allow enabling and disabling auto include devices and cameras in User Groups.
    • Manage Access by External IP Address: Allows Users to edit the External IP Address settings under the Remote Client Permissions tab. 
  • Recorders: Allows Users to connect to recorders and add, edit or delete recorders and recorder groups.
    • Recorder Access: Allow connecting to recorders that are specified in the Recorders tab with the permissions defined in the Recorder Permissions tab.
    • Manage Recorders and Recorder Groups: Allow Users to add, edit and delete recorders and recorder groups that are specified in the Recorder Management tab.
  • Reports: Allows Users to view, create or edit reports, along with assigning Report Administrator access to view, edit and delete any report, even those to which they’re not added.
    • View Reports: Allows User to view reports that they have been previously added to. User will only be able to see reports from companies added to this User Group.
    • Create/Edit Reports: Allows User to create and edit reports. User can only edit reports they have been previously added to.
    • Report Administrator: User will be able to see all Reports, even if they are not added to the Reports as a User. User will be able to create, edit, and delete reports, including Shared Reports.
  • Alerts: Customize Alerts Permissions to allow users to view, create, edit, assign Alert Administrator access, and allow third-party integration access.
    • View Alerts: Allows User to view alerts that they have been previously added to. The User will only be able to see alerts on recorders/cameras from companies added to this User Group.
    • Create/Edit Health Alert Rules: Provides the ability to create, edit, and delete health and storage retention alert rules. Permissions can also be enabled individually.
    • Create/Edit Non-Health Alert Rules: Provides the ability to create, edit, and delete non-health alert rules. Permissions can also be enabled individually.
    • Alert Administrator: Allows User to create any alert rule type. User will be able to see all alert rules, even if they are not a member.
    • Allow Third Party Integration Access: This option allows users to configure Alert Rules to send to third party integrations. This option also provides access to the alerts generated by the alert rule using the Web Services SDK.
2-Step Verification

Use this tab to enable multifactor authentication. Multifactor or 2-Step Verification is a simple way to add security to your system. Add another layer of protection to your OWS account by enabling 2-Step Verification in your User Group settings. Under Management > User Groups > 2-Step Verification, check the permissions you want to assign to the User Group and then click Save.

  • Enable 2-Step Verification: Using 2-step verification will help prevent unauthorized Users from accessing an account with just a stolen password. When Users sign in using a new device, 2-step verification will require them to enter both their password and a unique code that they receive on their phones.
  • Force Disable 2-Step Verification Requirement:  In some cases, there may be Users who are unable to use 2-Step Verification (Users who do not have access to a phone, etc.). When this happens, they may need to be exempted from 2-Step Verification.

OWS User Permissions Enable 2-Step Verification.png

Recorders / Cameras

Use the Recorders / Cameras tab to add recorders, recorder groups or individual cameras to a group. Whatever is chosen will dictate what recorders or individual cameras that Users in the group can view. For some groups, it may be advised to check the box labeled “Automatically include all recorders” so that any future recorders and their cameras added are available to the User Group. If this is enabled, view the Hidden Cameras menu below. Under Management > User Groups > Recorders / Cameras, add devices accessible to the User Group.

  • Add Recorder Group: Check the boxes from the menu to add all recorder groups or specific recorder groups to the User Group.
  • Add Recorder:  Check the boxes from the menu to add all recorders or specific recorders to the User Group. If auto include is enabled, all future recorders will also be added to the User Group.
  • Add Camera:  Check the boxes from the menu to add all recorders or specific recorders to the User Group.

OWS User Permissions Recorders Cameras.png

Adding Recorders and Cameras to a User Group
  1. Click Recorders / Cameras on the navigation sidebar. 
  2. Click Add Recorder Group, Add Recorder, or Add Camera.

Add Recorder Group button.png  Add Recorder button.png  Add Camera button.png 

  1. Click the Add button next to each device you'd like to be added for the User Group.

Green Add button.png

NOTE: To add all Recorder Groups, Recorders or Cameras to a User Group, click Select All.

  1. Click Select when finished.

Select button.png

Hidden Cameras

Use this tab and permission setting allows to restrict access to specific cameras. Users will not be able to see the cameras or any sensor events the cameras are associated to. This permission will override any other camera permissions. Users in this group will be denied access to the cameras even if they are granted access in another user group. You may use this permission if you selected “Automatically include all recorders” in the previous tab (as you’ve provided access to all of the cameras available on all recorders). Under Management > User Groups > Hidden Cameras,  add cameras that are inaccessible to the User Group.

  • Add Hidden Camera:  Click Add Hidden Camera and check the boxes from the menu to add hidden cameras that will be inaccessible to the User Group.

OWS User Permissions Hidden Cameras.png

Recorder Permissions

This tab allows you to granularly configure a number of permissions tied to the recorders. Under Management > User Groups > Recorder Permissions,  check the permissions you want to assign to the User Group.

  • Video: Allows you to granularly configure video access. An example may be you wish to grant Users the ability to live view video but not grant permissions to control a PTZ camera so those users would never leave a camera in an unwanted view.
  • Audio:  Allows you to grant permissions to listen to audio and utilize two-way audio as well.
  • Web Services:  Allows management of all Web Services settings on the recorder as well as more granular permissions like allowing Users in the group to add a recorder to OWS.
  • System User Management:  Allows management of local Users and groups on the local recorder console.
  • Setup:  Allow management of system setup settings. Take care to choose the correct user permissions here. For example, you may want certain support groups to be able to reboot a recorder but not perform a software update. Its advised to create as many users groups as you need to ensure only the right permissions are granted for each.

OWS User Permissions Video Recorder.png

Remote Client Permissions

This tab allows you to restrict User access to remote clients by need and location. Access to clients is managed in User Groups and can be restricted both by client type and by IP range. This gives you the flexibility to enforce policies such as preventing Users from accessing video using the mobile app or to prevent access to clients when a user is not on the corporate network.

Note: Adding Users to a report automatically grants them permission to view reports for cameras and recorders they have access to based on their User Group permissions.

Under Management > User Groups > Remote Client Permissions, check the remote client permissions you want to assign to the User Group.

OWS User Permissions Client Access.png

  • Client Access
    • Command Station: Allows Users to access recorders using the Command Station desktop application. Further customize allowing users to view and edit shared layouts, edit linked cameras, and allow push notifications to users logged into Command Station.
    • Web Browser:  Allows Users to connect to Web Services and recorders using a web browser.
    • Local Console:  Allows Users to connect to the recorder when using a monitor and keyboard / mouse attached to it.
    • Mobile Applications:  Allows Users to connect to recorders using iOS devices (iPhone, iPad, etc) and Android devices (phones, tablets, etc).
  • Restrict Access by External IP Address: When enabled, Users in this user group will only be able to connect from the external IP Addresses added here.
  1. Enable restrictions. 
  2. Enter range of external IP Addresses that OWS can be accessed from.
  3. Select  to add additional ranges if necessary.

Video Export / Clips

This tab allows you to enable or disable Video Clip Export and Video Clip Management permissions. Under Management > User Groups > Video Export / Clips, check the permissions you want to assign to the User Group. Click Save after checking permissions.

OWS User Permissions Video Clips Exports.png

  • Video Clip Exports
    • Export Video Locally - Allows exporting of recorded video to a local storage location (USB, Disc, etc.)
    • Export Video to Web Services - Allows exporting of recorded video to Web Services.
  • Video Clip Management
    • Access Other Users' Video Clips - Allows access to view and manage video clips uploaded by other users based on the permissions below.
      • Limit Video Clips to Only Accessible Recorders - Allow access to video clips only from accessible recorders.
    • Video Clip Permissions - Allows access to all Video Clip Permissions.
    • View Video Clips - Allows viewing and downloading of video clips.
    • Edit Video Clips - Allows editing video clip titles and notes.
    • Delete Video Clips - Allows permanently deleting video clips.
    • Share Video Clips - Allows sharing of video clips to users who have a full Web Services accounts.
      • Share with Guest Accounts - Video clips can be shared with guest accounts and users who do not have Web Services accounts. Users without accounts will be given guest accounts.
General Info

Use this tab to edit the Name or Descriptions of the User Group, or to delete the group entirely. Deleting a group cannot be undone and will remove all users from the group.

OWS User Permissions General Info.png

  • Was this article helpful?