Alarms vs Access Control events permissions

Hello.

We have implemented an integration between Salto and Milestone, using MIP-AC SDK. We are already currently receiving doors and events on Milestone clients.

We are now on a process of looking into further developing the functionalities of the access control integration plugin.

One thing that we noticed is that it seems to not exist on the management client a base connection between the access control plugin and alarms, in what concerns roles and permissions management. As an example, a Milestone user belonging to some role that doesn’t have permission on the access control plugin (attached figure role_config_1.jpg), still receives alarms generated by events of that same access control plugin to which the user’s role doesn’t have permission (attached figure role_config_2.jpg).

role_config_1.jpg

role_config_1720×405 47.2 KB

role_config_2.jpg

role_config_2720×405 47 KB

According to the images, we are not giving the role “CS Supervisor” permission to Access Control plugin, but we are giving this role permission to view alarms. We then configured an alarm generated by access control plugin category (attached figure alarm_config.jpg). So, users in this role, in spite of not having permission on the access control plugin, are receiving the alarms generated by it, probably because this role has general permission to view alarms. Is this by design? I mean, even if the role has permission to view alarms, there are all sorts of alarms, so, if it is configured to not have permission on access control plugin, it should view all alarms, except those generated by the plugin events.

alarm_config.jpg

alarm_config720×405 74.5 KB

Is it possible to configure the permissions so that a Milestone user on some role configured to not have permission on the access control plugin, doesn’t “see” alarms generated by events received from that access control plugin?

Or is it possible to create this access control plugin / alarms permissions dependency using features of the MIP-AC SDK?

Also, we couldn’t find a way to configure permissions by Milestone user’s role on individual doors imported by the access control plugin on the management client. Is this possible? We know that it is possible to manage the access permission of the user’s roles on the access control plugin globally. But we wanted to do it also by door. For example, RoleA to have permission to “see” events from Door1 and Door2, and RoleB to have permission to “see” events from Door3. Is this something already possible on the Milestone management clients?

Thank you.

You can setup whether a user (Role) can use Access Control i.e. see the Access workspace in the Smart Client.

You can setup whether a user (Role) can use Alarms i.e. see the Alarms workspace in the Smart Client.

If you setup the user role so that the user is allowed to see alarms but not access control, the user cannot see the Access workspace but in the Alarms workspace he will see alarms including alarms raised by the Access Control.

This is how the system works by design.

We will based on this question send a feature request to Milestone Product Management that you in this scenario should have the ability to disallow a user to see alarms originating from access control.

Hi.

Thank you for your enlightening answer. And also for taking this matter to Milestone Product Management. We think it would be a valuable “upgrade” in what concerns access control integrations with Milestone.

We placed a second question on our original post, regarding permissions on the access control plugin. We know it is possible to give or take global permissions on the access control plugin to or from any user (role). However, we needed a somewhat more refined control over permissions to the plugin. The plugin gets a list of doors from the access control and we needed to manage permissions of the roles that have access permission on the plugin by door, defining for instance that some role might have permission to “see” the events from a set of doors, and some other role might have permission to “see” the events from another set of doors.

We think that currently this kind of permission management isn’t possible on the management client, or is it? If not, it would also be a great “upgrade” to access control integration on Milestone.

Thank you.

I am sorry that you did not receive feedback on your last post, the request is with Milestone Product Management but I have no feedback.

However on the first request; the ability to disallow a user to see alarms originating from access control, I have good news. This has been developed for XProtect 2019R1 which is planned to release in the first quarter of 2019.