Managing Users and Groups Across Multiple Sites

When you have a large organization, you need detailed user access permissions to manage how the system is used each day.

The Avigilon Control Center system offers several features to help you manage large organizations:

  • Active Directory Support: The system can synchronize with Windows Active Directory to quickly import large number of users. For more information, see Importing Active Directory Groups.
  • Group Privileges: Users must be added to at least one group that defines what they can access within the system. This includes system features and specific devices. Only users with Setup user and group settings permission are able to edit other users and groups at all. For more information, see Adding Groups.

    To help you manage groups across the system, here are some features to help you maintain secure group access:

    • Corporate Hierarchy: Create a Corporate Hierarchy to determine which groups have control over other groups. For more information, see Corporate Hierarchy.

    • Site Families: You can connect multiple child sites to an Enterprise parent site. You can then control group settings for all of the sites from the parent site. For more information, see Connecting Site Families.

Best Practices

Listed here are some recommendations for maintaining an efficient and secure system:

  • Use a strong administrator password. The default administrator user has control over all aspects of the system, so adding a strong password to the account is highly recommended.
  • Create a secondary user for the Administrator group. It is recommended that you do not use the default administrator user account, instead create a secondary user account with the same privileges so that the default administrator user can still be used in the rare event that the system becomes compromised.

Tip: If you forget your administrator user password, the alternate administrator user can be used to reset the password.  This will avoid the need for a system-wide reset to restore the default administrator user password.

  • Assign a rank to all groups. Unranked groups have access over all other groups, so it is recommended that any groups with users be assigned a rank to further define their access privileges. The default Administrators group is Unranked by default, but you can create a new group with same permissions and assign a rank to the new group. For more information, see Corporate Hierarchy.
  • Limit the number of users in the default Administrator group. The Administrator group is the oversight group that should only be used for system maintenance. For example, users in the default Administrator group are the only ones who can see or remove private bookmarks made by all users.
  • Always check that the device access permissions are correct after a child site has been connected to a parent site. Ranked groups from the parent site whose rank is above or equal to the child site retain their permissions on the child site. These groups automatically gain access to all devices, maps, saved Views, and web pages on the child site.
  • Always check group access permissions after a new server has been merged into the site.

    • If groups have the same name, the site settings are used and the users from both the site and the server are added to the group.

    • Groups that are new to the site automatically get access to all the devices in the site.

    • Groups that are new to the server automatically get access to all the devices that are connected to the server.

  • Always check group access permissions after new users and groups settings are imported into the site.
    • If groups have the same name, the import settings are used and the users from both the import file and the current site are added to the group.

    • Groups added from the import file automatically gain access to all the new devices that were added since the settings were exported.

 

 

Avigilon Control Center 6.6 | 20170922