Skip to content

Opps – I blew it up

November 24, 2015

And did not know it.  That is not good.  I was messing around with setting permissions on a new user group in our web security software – since i am admin, and I somehow removed the people and privileges of the group.

In the software, Genetec, there are users and user groups and permissions within.  I arrived at work today with priority 1 email and a visit from my colleague, whom the helpdesk was contacting about a resolution.  Yesterday, I was in the software creating a new group and adding a new account to it.  I did not want to give the account admin. privilege, but needed the account to see all the cameras in the 3 areas, buildings.  I used the copy configuration tool, or I tried to, I copied from an existing user group its settings to the, a, new group that I created.  Like this, create the new group, copy the privileges from that group to this new one.  That is what I was doing with the copy configuration tool option.  Only SOMEHOW, I reset the privilege and membership of the RSC Entrances group.  The group had nothing but a name, no member accounts, no areas defined or privileges granted.

It took us about 15 minutes to *restore accounts and permissions to the user group, which corrected the problem being reported by all 3 of our employees who monitor the building entrance ways.

The software reported to them, when they authenticated, that they did not have permission to see anything.  The reason was because their account had been removed from the user group.  We added that back first.

people_in_group

There they are, the 3 people and their sub accounts, added back into as Children of the RSC Entrances group.  that gave them some privileges back.

Next we added the group as an accepted user of…

groups_in_groups

And finally, we added permissions back for the members of the group, to operate the doors – allowing them to interact with the software and open the doors.

permissions

At the end of the day, good lessons learned for me?

  1. be more careful when creating new groups and trying to limit privileges
  2. Security model is group focused.  Members (accounts) are added to groups and permissions are added to the group.  The group has the permissions to see this an that, not the individual account.

Then end

Advertisements
2 Comments
  1. I just had to correct another person, who had not logged in for awhile. they reported logging in but not able to see anything. I looked and found that I needed to add the account again to the FLTCC area (partition) Accepted users. His account was not included there.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: