This section lists the settings found in User group configuration tabs, in the User management task.
User group - Properties tab
In the Properties tab, you can view and configure the members of the user group.
- External unique identifier
- Only used for third-party authentication. This field is used to match groups coming from an external identity provider to user groups in Security Center. This identifier defaults to the group name. If your identity provider uses a separate ID to identify groups, that ID must be added here.
- Email address
- Email address that is used by all members of the group. This information can be imported from your company’s directory service. The email address can be used to send emails, reports, or messages to the users.
- User level
- Set the user level. A user level is a numeric value assigned to users to restrict their ability to perform certain operations, such as controlling a camera PTZ, viewing the video feed from a camera, or staying logged on when a threat level is set. Level 1 is the highest user level, with the most privileges.
- Inherit from parent
- The user level can be inherited from a parent group. If the user has multiple parents, the highest user level is inherited. If the user group has no parent group, the lowest user level (254) is inherited. You must set Inherit from parent option to Override in order to change this setting.
- Configure user-level overrides
- Set a different user level for the selected areas or cameras. These override
values take precedence over the general user level for the cameras you
specify.NOTE: If you override the user level for an area, it applies to all cameras in that area.
- Members
- List of user group members. By default, the members inherit the privileges and partition rights of the user group.
User group - Access rights tab
In the Access rights tab, you can view and configure the access rights shared by the
members of the user group. This tab only appears when user-created partitions exist in the system.
- List of partitions
- Select a partition to grant access rights for that partition to the user group. Access rights over parent and child partitions can be configured independently. Access rights inherited from parent user groups cannot be revoked.
- Administrator
- Select this option to grant full administrative rights over all entities contained in that partition to the user group, including the rights to create and delete users, user groups, and child partitions.
- Display checked items ()
- Click to toggle the display between showing only selected partitions and all partitions.
User group - Privileges tab
In the Privileges tab, you can view and configure the user group’s privileges. The
privileges of a user group can be inherited by the members of the group, or can be inherited
from other user groups.
- Allow
- The privilege is granted to the user group.
- Deny
- The privilege is denied to the user group.
- Undefined
- This privilege must be inherited from a parent user group. If the user group is not a member of any other group, or if the privilege is also undefined to the parent user group, then the privilege is denied.
- Exceptions
- Basic privileges can be superseded at the partition level if the user group is authorized to access multiple partitions. Only Administrative and Action privileges, plus the privileges over public tasks, can be overwritten at the partition level.
- Additional settings ()
- Click to view additional commands for privilege templates.
- Apply template
- Select one of the privilege templates to apply.
- Set configuration to read-only
- Set all entity configuration privileges found under the Administrative privileges group to View properties.
- Set configuration to read-write
- Allow the modification of all entity configurations, including Add and Delete.
User group - Advanced tab
In the Advanced tab, you can configure common advanced settings for the group members.
- Logon settings
- Configure the common logon settings for the group members.
- Logon supervisor of
- Lists the users whose logons are supervised by the members of this user group. When users from this list need to log on to the system, any member of this user group can help them complete their logon.
- Auto-lock
- Set this option to ON to lock members of the user group
out of their Security Desk session
after a period of inactivity. To resume their current session, the user must
re-enter their password. This requirement can be inherited from a parent user
group. You must set Inherit from parent to
Override in order to change this setting.NOTE: If the user is authenticated through ADFS with passive authentication, the user will be logged off and their current session closed instead of being locked.
- Security Desk settings
- Configure the common Security Desk
settings for the group members.
- Allow remote control over
- Lists the Security Desk workstations the members of this user group are allowed to control remotely using the Remote task in Security Desk, or a CCTV keyboard. You can specify which workstations can be controlled by user, user group, or by specific workstation.
- Limit archive viewing
- Turn this option on to restrict the user group's ability to view archived video to the last n days. This limitation can be inherited from a parent user group. If the user group has multiple parents, the most restrictive limitation is inherited. If the user group has no parent group, no restriction will be imposed. You must set Inherit from parent to Override to change this setting.
- Enable video watermarking
- Turn this option on to overlay an identifying text on all video requested by this user group through Config Tool, Security Desk, Web Client, or the Genetec™ Web App. Click Configure to set the overlaid text. The video watermark can be inherited from a parent user group. If the user group has multiple parents, only the video watermark from the first parent group is inherited. You must set Inherit from parent to Override to change this setting.
- Manage partition memberships
- Turn this option on to grant the Manage partition memberships privilege to the user group. With this option enabled, the user group can copy and move any type of entity from one partition to another to which they have access. If the user group has multiple parents, the most restrictive limitation is inherited. You must set Inherit from parent to Override to change this setting.
- Default map
- The map loaded by default when a user belonging to this user group opens the Maps task. The default map can be inherited from a parent user group. In a multiple-parent hierarchy, where the user group has more than one parent, only the default map from the direct parent group is inherited. To select a personalized default map for the group, you must change the Default map setting from Inherit from parent to Override