Skip to main content
OpenEye Knowledge Base

User Group Permissions

The following gives you a breakdown of each section within User Group Permissions and the specific settings in each:

UsersView and add Users to a group.

Web Services Permissions: Manage permissions tied to Web Services access and settings.

2-Step Verification: Enable Multifactor authentication for User Groups as a simple way to add security to your system.

Locations / Cameras: Enable User Group access to specific locations and groups.

Hidden Cameras: Specify any cameras that should be inaccessible.

Recorder Permissions: Manage permissions tied to the recorder such as video and audio access, as well as setup functions.

Remote Client Permissions: Manage access to remote clients by either client type and IP range.

Video Clips PermissionsManage permissions for video clip exports and manage access to video clips.

General Info: Edit the Name or Descriptions of the User Group, or to delete the group entirely.


The first tab is Users, which allows you to add Users to User Groups. It is recommended to set all of the permissions in a User Group first and then add the Users. For more information on adding Users to a User Group, view the instructions in How to Create Users and User Groups.

User Groups Users tab.png

Web Services Permissions

Use the Web Services Permissions tab to enable or disable User Group permissions pertaining to managing Web Services settings for a location, managing other Users and User Group permissions, and alerts and reports. Under Management > User Groups > Web Services Permissions, check the permissions you want to assign to the User Group. Click Save after checking permissions.

User Groups Web Services Permissions tab.png

  • Administration: Administrative Access: Allows complete access to all web services features and devices registered to the account.
  • User Management: Enable Manage Users and User Groups to allow user to add, edit and delete Users and User Groups.
    • Manage Built-In User Groups: Allows user to view, add, and remove other users from the Built-In User Groups.
    • Manage Auto Include: Allows to enable or disable the option to automatically include locations and cameras in User Groups.
    • Manage Access by External IP Address: Allows user to edit the External IP Address settings under the Remote Client Permissions page. 
    • Manage Non-Email User Accounts: Allows user to add, edit and delete non-email users.
  • Locations: Allows Users to connect to locations and add, edit or delete locations and location groups.
    • Location Device Access: Allows connecting to devices organized by Locations. Users are able to access devices by locations specified in the Locations / Cameras section with the permissions defined in the Recorder Permission section.
    • Manage Locations and Location Groups: Allows users to add, edit and delete locations and location groups that are specified in the Location Management sections. Users will only be able to see locations and location groups listed in this user group.
  • Reports: Allows Users to view, create or edit reports, along with assigning Report Administrator access to view, edit and delete any report, even those to which they’re not added.
    • View Reports: Allows user to view reports that they have been previously added to. User will only be able to see reports on locations / cameras listed in this user group.
    • Create/Edit Reports: Allows user to create and edit reports. User can only edit reports they have been previously added to.
    • Report Administrator: Allows user to create, edit, and view all Reports, even if they are not added to the Reports as a user.
  • Alerts: Customize Alerts Permissions to allow users to view, create, edit, assign Alert Administrator access, and allow third-party integration access.
    • View Alerts: Allows user to view alerts that they have been previously added to. User will only be able to see alerts on locations / cameras listed in this user group.
    • Create / Edit Health Alert Rules: Allows user to create new health and storage retention alert rules. User can also edit any health and storage retention alert rules they are a member of.
    • Create / Edit Non-Health Alert Rules: Allows user to create new non-health alert rules. User can also edit any non-health alert rules they have permission to view.
    • Alert Administrator: Allows user to create any alert rule type. User will be able to see all alert rules, even if they are not a member.
    • Allow Third Party Integration Access: This option allows users to configure Alert Rules to send to third party integrations. This option also provides access to the alerts generated by the alert rule using the Web Services SDK.
    • Configure Alert Rules to Activate Relays: Allows users to configure alerts to activate relays when an alert occurs. Applies to all alert rules this user has access to.

IMPORTANT: To make changes to an End User account that is admin enabled, the technician who is making the changes must have full administrative access under the Web Services Permissions section.

Web Services Permissions Administrative Access.png

2-Step Verification

Use this tab to enable multifactor authentication. Multifactor or 2-Step Verification is a simple way to add security to your system. Add another layer of protection to your OWS account by enabling 2-Step Verification in your User Group settings. Under Management > User Groups > 2-Step Verification, check the permissions you want to assign to the User Group and then click Save.

  • Enable 2-Step Verification: Using 2-step verification will help prevent unauthorized Users from accessing an account with just a stolen password. When users sign in using a new device, 2-step verification will require users to enter both their password and a unique code that they receive on their phones.
  • Force Disable 2-Step Verification Requirement:  In some cases, there may be users who are unable to use 2-Step Verification (users who don't have access to a phone, etc.). When this happens, they may need to be exempted from 2-Step Verification.

User Groups 2-Step Verification tab.png

Locations / Cameras

Use the Locations / Cameras tab to add locations or location groups to a User Group. Whatever is chosen will dictate what locations or location groups that Users can view. For some groups, it may be advised to click Enable Auto Include so that any future locations and their devices added are available to the User Group. If this is enabled, view the Hidden Cameras menu below. Under Management > User Groups > Locations / Cameras, add devices accessible to the User Group.

  • Add Location: Select All or select specific locations from the menu to add to the User Group. Enable Auto Include so that any future locations and their devices added are available to the User Group.

Enable Auto Include Switch.png

  • Add Location Group: Select All or select specific location groups from the menu to add to the User Group.
  • Add Camera: Select All or select specific cameras to add to the User Group.

User Groups Locations Cameras tab.png

Adding Locations and Cameras to a User Group
  1. Click Locations / Cameras on the navigation sidebar.
  2. Click Add Location, Add Location Group, or Add Camera.

Add Location button.png  Add Location Group button.png  Add Camera button.png 

  1. Click the Add button next to each device you'd like to be added for the User Group.

Green Plus button.png

NOTE: To add all Locations, Location Groups or Cameras to a User Group, click Select All.

  1. Click Select when finished.

Select button.png

Hidden Cameras

Use this tab and permission setting to restrict access to specific cameras. Users will not be able to see the cameras or any sensor events the cameras are associated to. This permission will override any other camera permissions. Users in this group will be denied access to the cameras even if they are granted access in another user group. You may use this permission if you selected Enable Auto Include in Locations / Cameras (as you’ve provided access to all of the cameras available on all recorders). Under Management > User Groups > Hidden Cameras,  add cameras that are inaccessible to the User Group.

  • Add Hidden Camera: Click Add Hidden Camera Add Hidden Camera button.png and select cameras that will be hidden and inaccessible to the User Group.

Add Camera popup.png

User Groups Hidden Cameras tab.png

Recorder Permissions

This page allows you to granularly configure a number of permissions tied to the recorders. Under Management > User Groups > Recorder Permissions, check the permissions you want to assign to the User Group.

  • Video: Allows you to granularly configure video access. An example may be you wish to grant Users the ability to live view video but not grant permissions to control a PTZ camera so those users would never leave a camera in an unwanted view.
  • Audio: Allows you to grant permissions to listen to audio and utilize two-way audio as well.
  • Web Services: Allows management of all Web Services settings on the recorder as well as more granular permissions like allowing Users in the group to add a recorder to OWS.
  • System User Management: Allows management of local Users and groups on the local recorder console.
  • Setup: Allow management of system setup settings. Take care to choose the correct user permissions here. For example, you may want certain support groups to be able to reboot a recorder but not perform a software update. Its advised to create as many users groups as you need to ensure only the right permissions are granted for each.

User Groups Recorder Permissions tab.png

Remote Client Permissions

This page allows you to restrict User access to remote clients by need and location. Access to clients is managed in User Groups and can be restricted both by client type and by IP range. This gives you the flexibility to enforce policies such as preventing Users from accessing video using the mobile app or to prevent access to clients when a user is not on the corporate network.

NOTE: Adding Users to a report automatically grants them permission to view reports for devices and locations they have access to based on their User Group permissions.

Under Management > User Groups > Remote Client Permissions, check the remote client permissions you want to assign to the User Group.

User Group Remote Client Permissions.png

  • Client Access
    • Command Station: Allows users to access locations using the Command Station desktop application. Further customization allows users to view and edit shared layouts, edit linked cameras, and allow push notifications to users logged into Command Station.
    • Web Browser:  Allows users to connect to Web Services and recorders using a web browser.
    • Local Console:  Allows users to connect to the location when using a monitor and keyboard / mouse attached to it.
    • Mobile Applications:  Allows users to connect to locations using iOS devices (iPhone, iPad, etc) and Android devices (phones, tablets, etc).
    • QSR Security Application: Allows users to connect to recorders using the QSR Security Application.
  • Restrict Access by External IP Address: When enabled, Users in this user group will only be able to connect from the external IP Addresses added here.
  1. Enable restrictions. 
  2. Enter range of external IP Addresses that OWS can be accessed from.
  3. Select Green Plus button.png to add additional ranges if necessary.

Restrict Access by External IP Address.png

Video Clips Permissions

This page allows you to enable or disable Video Clip Export and Video Clip Management permissions. Under Management > User Groups > Video Clips Permissions, check the permissions you want to assign to the User Group. Click Save after checking permissions.

User Groups Video Clips Permissions.png

  • Export
    • Export Video Locally - Allows exporting of recorded video to a local storage location (USB, Disc, etc.)
    • Export Video to Web Services - Allows exporting of recorded video to Web Services.
  • Management
    • View and Download Any Video Clip - Allows viewing and downloading any video clip.
      • Edit Any Video Clip - Allows editing any video clip titles and notes.
      • Delete Any Video Clip - Allows permanently deleting any video clips.
    • View and Download Video Clips Added by User - Allows access to view and download video clips added to the account by the user.
      • Edit Your Video Clips - Allows editing your video clip titles and notes.
      • Delete Your Video Clips - Allows permanently deleting your video clips.
    • View Clips Shared with User - Allows access to video clips shared directly with the user. Ability to Download clips is controlled at the share level.
    • Limit Access to Locations in this User Group - Access to video clips is only granted if the location is listed in this User Group.
  • Sharing
    • Share Video Clips - Allows sharing of video clips to users who have a full Web Services accounts.
      • Share with New Guest Accounts - Video clips can be shared with users who do not have Web Services accounts. Users without accounts will be given guest accounts.
General Info

Use this section to edit the Name or Descriptions of the User Group, or to delete the group entirely. Deleting a group cannot be undone and will remove all users from the group.

CP User Group Permissions General Information.png

Clone User Group
  1. Click Clone Clone Button.png.

CP User Group Permissions Clone User Group.png

  1. Enter Name and Description.

NOTE: The cloned User Group must be given a unique name.

  1. Check which options from the original User Group you want to copy to the clone.
  2. Click Create.
  • Was this article helpful?