NOTE: The upper right‐hand corner shows the last time the operator logged on. 2 Enter the operator Name. The operator name is composed of a maximum of 40 alphanumeric characters (including spaces). This is the name that will be displayed in the desktop message lists and the reports. 3 Enter the operator’s email (optional). 4 Enter the operator Login name. This is a descriptive name composed of 6 to 20 alphanumeric characters (including spaces).
NOTE: On login, operators must enter their login name followed by their password in order for the system to validate their access. The login name is displayed in the events’ details when operator events are generated (i.e. manual operation, login, logout, etc.).
5 In the Password field, enter the password that will be used to login with the login name. The password is alphanumeric and consists of a maximum of twenty characters (minimum seven characters). The password is not displayed nor printed, the system displays the password as asterisks.
NOTE: The password is case‐sensitive ‐ make sure that all operators are aware of this.
6 In the Password Confirmation field, enter the operator password again for confirmation using the proper case. If this password is not identical to the one entered in the password field, an error message will appear. 7 In the Language section, check the appropriate option for the display language for this operator. If you change the display language, it will be effective only when the operator logs out and logs in again. When an operator logs out and exits an application, the next operator who logs on the application will see the startup window in the language of the last operator. 8 In the Privileges section:
• Select the Auto acknowledge option. If this option is selected, the Manual button is added to the Alarms desktop (See Chapter 12 ‘EntraPass Desktops’ on page 179). The operator can decide to manually or automatically acknowledge events. This is an operator privilege.
• Automatic video display: this option tells the system to automatically display video clips on an alarm event for the operator who is logged on. If the Alarm desktop is configured and open, the video is automatically displayed. If the alarm desktop is not open, the system checks the video display settings for this workstation (Devices > Messages 2 of 2, Disable autodisplay of video views, if this option is not checked, the system checks the video view settings for this operator: Operator > Automatic video display checkbox.
• Check Use workspace as report filter for all requested custom and In/Out reports to be issued according to the operator’s permissions as defined in his workspace.
9 Click on the Security tab to set operator access parameters.
10 From the Login Schedule pull‐down menu, select the schedule during which the operator will be allowed to login into the system. You may want to create a specific schedule for an operator (Definition > Schedule), and then assign the schedule to the operator.
11 From the Security Level pull‐down menu, select a security level that will determine which components an operator has access to. A security level consists of menus through which an operator can modify the database, create components, view system components and events, etc.
NOTE: It is possible to define up to 250 custom security levels; EntraPass offers 3 built‐in security levels (Installer, Administrator and Guard) on configuration. The default configuration for Installer permits access to all system components. The Installer must program other security levels to limit operator access to menu commands and/or options.
12 From the Workspace pull‐down menu, select a workspace that will determine which physical components (desktop display, card fields, etc.) the operator will be able to access for day to day operations. NOTE: EntraPass offers 1 built‐in Installer workspace when you install EntraPass for the first time. 13 Access the Security section to edit the security features of the currently displayed operator profile: • Operator disabled: use this feature if you want to temporarily suspend or limit an operator access to the system without using an expiry date. If you select an operator and then check this option, the selected operator will not be able to run the application. • Change password at next login: use this feature if you want an operator to change his/her password at next login. • Disable operator on bad password: use this feature to limit the number of retries on bad password. For example, if you set this number to three (3), the operator will be disable after three errors when entering his/her password. • Days before password is reset: this feature allows to manage operators’ passwords. At the end of the number of the days specified in this field, the operator will be prompted to change his/her password. • Use expiration date: this feature allows you also to manage operators’ password. When this feature is checked, you have to select an expiration date (Operator expiration date).
• Operator expiration date: used with the Use expiration date feature, the Operator expiration date allows you to disable an operator’s access at a specified date. • NOTE: Changes to the currently displayed profile will take effect at the next login attempt. 14 Click on the Default value tab to select a mandatory card type (optional). 15 Check the Mandatory field option to enable it. 16 Click on three‐dot to select the card type.
Security Level Definition
Security level refers to the permissions granted to an operator to access EntraPass logical components (desktops, card information, etc.), as well as to perform some actions on those components.
NOTE: You have to program the appropriate security levels if you want to limit operator access to commands and/or options of the system menu.
It is possible to customize an operator security level; the system allows you to create up to 250 security levels. Each operator has a separate login name, password and a corresponding security level. The
password is case‐sensitive. There are three operators and security levels already configured in EntraPass. These are: Installer, Administrator and Guard. • Installer: • Login name and password: kantech • Security level: By default, a user defined as Installer has full access to all the system menus. He/she can read and edit system components and has unrestricted access to the system. • Administrator: • Login name: kantech1; password: kantech
• Security level: Administrator. By default, a user defined as Administrator has limited access to a number of the system menus. • Guard: • Login name: kantech2; password: kantech • Security level: Guard. By default, a user defined as Guard has limited access to the system menu.
Creating/Modifying an Operator Security Level
Assigning security levels is critical to the system. In fact, if a security level is given full access to a system menu, operators who are assigned this security level will be able to modify system parameters. Make sure that each operator is given the security level corresponding to his/her tasks.Items in the Security Level window are presented in a root tree with all components available for selection. This structure makes it possible to target specific components when granting security level for manual operations. Each security level is identified by a color: full access (green), read‐only (yellow) and no access (red). The security manager or an operator with appropriate permissions can easily change or assign a component to a lower level security level by double clicking an item until it changes to the desired color code.
NOTE: Operators will not be able to see items for which they have not been given access.
1 Under the System tab, select the Security level icon. The Security level window appears with the Menu tab enabled.
2 From the drop‐down list, select the Security level you want to modify.
• To create a new security level, click the New button and enter the necessary information in the language section.
3 Under the Menu tab, double‐click an item until it reaches the desired status: No access (red), Read‐only (yellow) or Full access (green). You can also check the appropriate items on the left to be more specific about the allowed rights.
NOTE: A user with Read‐only rights will not be able to print components in EntraPass.
Defining Login Options for an Operator
The Miscellaneous tab allows you to define operator login and system display options:
• Operator login options: you can allow or restrict an operator to login an EntraPass workstation.
• Active windows that can be kept on the desktop: EntraPass allows operators to keep two active windows on the desktop.
• Component display options: components can be displayed with our without their physical address. The physical address can appear on the left or right of the component name. 1 Select the Miscellaneous tab to define parameters for the security level being defined. 2 In the Login restrictions section, select the appropriate login options: • Select Allow login on workstation to allow the operator to login to the system. 3 The Keep on application desktop section allows users to increase the number of active windows on the desktop. In fact, operators can open two windows at the same time. EntraPass windows are classified in two categories:
• Configuration screen: this group includes all the menus that allow an operator to program the system. This group includes such menu items as: User menu (card, Badging, card access group, access level, Definition menu; Group menu; Devices menu; System menu; Custom and In/Out reports.
• Operation screen: this group includes all the Operation menu items and the Video playback option. NOTE: These options allow operators to keep more than one window active on the desktop. They can bring to front or send to back the window they want to display, simply by pressing [ALT‐F6].
4 In the Components physical address section, specify how the component's physical address will be displayed. This will also affect how components will be sorted.
• Display on left—If selected, components will be sorted by their address (i.e. 01.01.01 Controller xyz). • Display on right—If selected, components will be sorted by their component name (i.e. Controller
xyz 01.01.01). • No display—If selected, the address will not be displayed (i.e. Controller xyz) and components will be sorted by name. 5 In the Miscellaneous section: • Hide card holder pin content: If selected, it offers you the ability to hide the card holder pin content from the view.
• Hide Camera from video view: If you are using the Video feature, EntraPass enables you to deny viewing permission to a specified security level.
NOTE: Checking the Hide camera from video view option tells the system to verify access permission to cameras before loading a video view. For example, if the selected operator’s security level has access to a video server but not to all cameras defined in the video server and has access to the selected video view, the system will hide the camera that has been un‐selected when assigning permission to the video server. For details, see "Limiting Access to a Specific Camera" on page 453.