|
|
Operators Definition |
Use the Operator menu to define system operators and to determine their security level and privileges. An operator is responsible for issuing cards, carrying out manual operations on system components, requesting reports, arming the system, etc. For security reasons, each operator accessing the system database should have his/her profile defined to ensure that all the actions performed in the system will be traceable. You need to create at least one operator account or modify the pre-created accounts in order for the operator to use and operate EntraPass and to receive event messages.
There are three default operators created in the system. These are associated with three levels of access rights:
• Installer (login name and password are kantech): Full access to view, modify, delete, print components.
• Administrator (the login kantech1 and the password kantech): Medium access with limited access to system menus.
• Guard (login kantech2 and password are kantech): Limited access to system menus.
NOTE: You can define operators using the default operators or you can create new operators. For details about operators’ security levels, see Security Level Definition .
NOTE: When the Active directory application is active. A new default operator called LDAP Interface is created and available from the Operator drop-down list.
Creating or Editing an Operator
1 - From the System tab, select the Operator button to open the Operator window.
NOTE:
The
upper right-hand corner shows
2 - Enter the operator Name . The operator name is composed of a maximum of 40 alphanumeric characters (including spaces). This is the name that will be displayed in the desktop message lists and the reports.
3 - Enter the operator’s email (optional).
4 - Enter the operator Login name . This is a descriptive name composed of 6 to 20 alphanumeric characters (including spaces).
NOTE: On login, operators must enter their login name followed by their password in order for the system to validate their access. The login name is displayed in the events details when operator events are generated (i.e. manual operation, login, logout, etc.).
5 - In the Password field, enter the password that will be used to log in with the login name. The password is alphanumeric and consists of a maximum of twenty characters (minimum seven characters). The password is not displayed nor printed, the system displays the password as asterisks.
NOTE: The password is case-sensitive - make sure that all operators are aware of this.
6 - In the Password Confirmation field, enter the operator password again for confirmation using the proper case. If this password is not identical to the one entered in the password field, an error message will appear.
7 - In the Language section, check the appropriate option for the display language for this operator. If you change the display language, it will be effective only when the operator logs out and logs on again. When an operator logs out and exits an application, the next operator who logs on the application will see the startup window in the language of the last operator.
8 - In the Privileges section:
• Select the Auto acknowledge option. If this option is selected, the Manual button is added to the Alarms desktop (see Alarms Desktop). The operator can decide to manually or automatically acknowledge events. This is an operator privilege.
•
•
• Automatic video display : this option tells the system to automatically display video clips on an alarm event for the operator who is logged on. If the Alarm desktop is configured and open, the video is automatically displayed. If the alarm desktop is not open, the system checks the video display settings for this workstation ( Devices > Messages 2 of 2 , Disable autodisplay of video views , if this option is not checked, the system checks the video view settings for this operator: Operator > Automatic video display checkbox .
NOTE: The Override workstation workspace message option is a privilege granted to operators. It allows them to receive all events regardless of which workstation they are logged into at the time. If this option is selected and the Apply operator parameters for messages and Apply operator parameters for alarms options of the Workstation definition are also selected, then the basic configuration will be ignored and events will be filtered according to the security level of the operator who is currently logged into the workstation.
•
• Check Filter reports using workspace for all requested custom and In/Out reports to be issued according to the operator’s permissions as defined in his workspace.
NOTE: In order to work properly, a selected component in Workspace must have its “parent” component selected as well, otherwise it will not be displayed in the report even if the Filter reports using workspace option is selected.
9 - Click on the Security tab to set operator access parameters.
10 - From the Login Schedule pull-down menu, select the schedule during which the operator will be allowed to log in into the system. You may want to create a specific schedule for an operator ( Definition > Schedule ), and then assign the schedule to the operator.
NOTE: To allow an operator to log in to different EntraPass applications or to the EntraPass Server select the field Allow login on application and/or Allow login on server (System > Security Level > Miscellaneous tab).
11 - From the Security Level pull-down menu, select a security level that will determine which components an operator has access to. A security level consists of menus through which an operator can modify the database, create components, view system components and events, etc.
NOTE: It is possible to define up to 250 custom security levels; EntraPass offers 3 built-in security levels (Installer, Administrator and Guard) on configuration. The default configuration for Installer permits access to all system components. The Installer must program other security levels to limit operator access to menu commands and/or options.
12 - From the Workspace pull-down menu, select a workspace that will determine which physical components (desktop display, card fields, etc.) the operator will be able to access for day to day operations.
NOTE: EntraPass offers one built-in Installer workspace when you install EntraPass for the first time.
13 - The Active directory label on the lower-left section of the screen is only visible on activation of the Active directory application. When you enter the Profile for an operator this profile is used as a template for that category of user.
14 - After synchronization with Active directory the Domain name and the Active directory server that created the operator is displayed in the read-only fields underneath.
NOTE: Before synchronization, you must manually define the operator profile.The profile must exist in EntraPass and exactly match the sub-group underneath the LDAP base distinguishing name in Active directory. The Search icon in the toolbar permits Users to search by profile name, this search is case sensitive.
15 - If you select the Disable synchronization check box, Single Sign On is disabled and Active directory ceases to update any data. The operator still exists in EntraPass but will not be updated by the synchronization.
16 - Access the Security section to edit the security features of the currently displayed operator profile:
• Operator disabled : use this feature if you want to temporarily suspend or limit an operator access to the system without using an expiry date. If you select an operator and then check this option, the selected operator will not be able to run the application.
• Change password at next login : use this feature if you want an operator to change his/her password at next login.
• Disable operator on bad password : use this feature to limit the number of retries on bad password. For example, if you set this number to three (3), the operator will be disable after three errors when entering his/her password.
• Days before password is reset : this feature allows to manage operators’ passwords. At the end of the number of the days specified in this field, the operator will be prompted to change his/her password.
• Use expiration date : this feature allows you also to manage operators’ password. When this feature is checked, you have to select an expiration date (Operator expiration date).
• Operator expiration date : used with the Use expiration date feature , the Operator expiration date allows you to disable an operator’s access at a specified date.
•
○
○
NOTE:
Concurrent Logins
The EntraPass application allows simultaneous or concurrent EntraPass Web logins to the same EntraPass application. This should be planned in advance so when you are ready to install or update your application, you have all the option certificates that are required. Check Table 1 for details.
| Part Numbers | Description | Maximum concurrent Logins (Connections) |
|---|---|---|
| EntraPass Corporate Edition | ||
| E-COR-WEB-1 | 1 Web Connection | 50 |
| E-COR-WEB-3 | 3 Web Connections | |
| EntraPass Global Edition | ||
| E-GLO-WEB-1 | 1 Web Connection | 200 |
| E-GLO-WEB-3 | 3 Web Connections | |
NOTE: Changes to the currently displayed profile will take effect at the next login attempt.
1 - Click on the Default value tab to select a mandatory card type (optional).
2 - Check the Mandatory field option to enable it.
3 - Click on three-dot to select the card type.
Defining a Login Message for a Single Operator
1 - From the System menu, select Operator.
2 - Select an operator from the drop-down list.
3 - Click the Login message tab.
4 - Set the recurrence:
• None.
• Always: The message will always pop up after login.
• Only once: The message will be displayed only once for each operator.
• Until: The message will be displayed until the selected date is reached.
• Only once until: The message will be displayed once until the selected date is reached or until the operator receives the message.
5 - Select Disable all login messages to stop the reception of login messages for the selected operator.
6 - Type a message in the boxes on the right (primary and secondary languages).
7 - Click the Save button.