Skip to content

Getting those pesky permissions correct on the User Groups

March 6, 2014

Another way to say that is today, my customer said to me “James, the ocsheriff user is seeing too much stuff”.  I logged into the account and saw immediately that the user or account was seeing too much stuff.  Not sure why or how this happened, but, I had to figure out why and set things straights.

Ok, its what I do, solve problems, sometimes they are simple problems, sometimes very complex.  This problem was in the middle.  It took me about an hr to figure out what was going on.  In hindsight, its more obvious that I had forgotten one of the golden rules of the Genetec software.  Before I describe that, let me say this, again.

Software has rules or policies, users, permissions, user groups and partitions.  These *entities work together to create users who can log into this web based software that allows the user to view video cameras, security cameras.  I guess you could think of this as a standard model for this type of business software.

I have a more feature rich client that I use to administer these rules.  A quick snapshot of the interface looks like this.

Image

There you can see the User groups, as well as tabs for the Users and Partitions.  I was reminded today, that privileges, like the ones that were showing up for my ocsheriff User, are or should be defined in the User group, not on the user.  Let me say that again.  Since I forgot that.  The permissions or privileges are defined on the User group, not on the user.

I spend about 45 minutes messing with the User account ocsheriff, trying to get it to behave, behave = show the correct stuff in the web browser when logged in.  Initially, I clicked the User account and then the Privileges tab and messed around by changing, saving and logging out of and back into the web interface, hoping to see what I wanted.

Image

Eventually, I tried copying one of the other user accounts  that was showing the behavior I wanted for ocsheriff.  That did not work either. Errr.  Then I deleted the user account, created it over again and based in on the user account that was behaving.  No dice, same thing.  Double Errrr.

Then I noticed ,when I expanded the Privileges of the User account that was working, that it said Inherited from User group name… Aha!

Image

So, I went back to the User account, turned all the Permissions back to Undefined, and Used the  Copy configuration tool option to copy the permissions on the New York State police group to the Ontario Sheriff group.  That did it.

In a nutshell, the solution was to mirror the privileges of the User group that was behaving correctly and not the user account.  Once I removed the permission definitions from the user account, and said, use the permissions from that group, it worked like a charm, or at least it was predictable.

Moral of the story?  Permissions, privileges, users, groups, partitions – is not trivial stuff, but it is logical and can be tamed with patience and good problem solving.

Advertisements
Leave a Comment

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: