Assigning privileges to users - You must grant privileges to users for them to do anything in Security Center, including logging on using Security Desk, and so on. - Security Center 5.11 - Administrator guides

You must grant privileges to users for them to do anything in Security Center, including logging on using Security Desk, and so on.

1. From the Config Tool homepage, open the User management task.
2. Select the user to configure, and click the Privileges tab.
3. Use one of the predefined privilege configurations as your starting point.
   At the bottom of the page, click (), and select one of the following:

   Apply template

   Select one of the privilege templates to apply.

   Privilege templates can be combined. This means that when you apply a privilege template, you always add privileges. Existing privileges can never be removed as a result of applying a privilege template. To start with a clean slate, go to the top of the privilege hierarchy (All privileges) and click Undefined.

   Set configuration to read-only

   Set all entity configuration privileges found under the Administrative privileges group to View properties with Modify properties denied.

   Set configuration to read-write

   Set all entity configuration privileges found under the Administrative privileges group to View, Modify, Add, and Delete.

4. Fine-tune the user privileges by changing the individual privilege settings if necessary.
   Keep in mind that if your user has a parent user group, the privilege inheritance rules apply.

   Allow

   Grant the privilege to the user. You cannot select this option if the privilege is denied to the parent user group.

   Deny

   Deny the privilege to the user.

   Undefined

   Inherit this privilege from the parent user group. If there is no parent user group, this privilege is denied.

5. If necessary, configure the privilege exceptions for each partition the user has access to.
   When a user is given access to a partition, their basic privileges are applied by default to the partition. As a system administrator, you can overwrite the privileges a user has over a specific partition. For example, a user can be allowed to configure alarms in partition A, but not in partition B. This means that a user can have a different set of privileges for each partition they have access to. Only Administrative and Action privileges, plus the privileges over public tasks, can be overwritten at the partition level.
   1. At the bottom of the page, click Exceptions ().
      The Privilege exception dialog box opens.
   2. In the Create an exception for list, select a partition.
   3. Change the user's basic privileges as required.
      
   4. Click Create.
      The privilege exceptions are added at the bottom of the privilege list.
   
6. Click Apply.
7. (Optional) Allow the user to move entities from one partition to another to which they have access.
   To allow a user to move entities from one partition to another to which they have access, you must grant them the associated Add/Delete <entities> pair of privileges for each entity type you allow them to move between partitions.

   If you do not want to grant the full Add and Delete privileges to the user but still want to allow them to move entities between partitions, enable the Manage partition memberships option as follows.

   1. Click the Advanced tab.
   2. Enable the Manage partition memberships option.
      If necessary, switch Inherit from parent to Override to change this setting.
   3. Click Apply.
   NOTE: When you grant All privileges to a user, the Manage partition memberships option is also enabled. However, if you disable the Manage partition memberships option, it does not affect the other privileges the user has.