Skip to content

Correct permissions in the software…

May 20, 2016

I support a few systems that implement similar granular permissions logic.  When content managers want to use the system, they must have permissions to do so.

Yesterday, a “content manager” of our security cameras software system called me and said

“James, I am trying to export a piece of video from one of the cameras, but cannot. “

There was an incident on our campus, someone wanted to export a 90 second clip from the previous week.  Good.  That is why the keep 30 days of video from most of the cameras in our system.  I was able to access the camera find the video and export for him.  Great.

But, remember a good rule is to empower your users, give them the ability to do what they need in the system.  They should not have to rely on you.  Let them do their jobs.  Great.  Except, here comes the conundrum.  With systems and permissions, the more liberal you are with them,the more holes you open in your system.  In theory, its much better to have fewer accounts with lots of permissions.  Its like opening a hole in your firewall.  You prefer not to do it.  The default position is no.  Permissions are granted on a need basis.  When we do grant permission, it is only to the area of need, to the chagrin of simple and easy.

That is the balance you try to strike

1 – empower your users, give them permission to do their job – you do not do for them – you are not a bottle neck

2- A granular minimalist approach.  No super admin for you.

I solved this issue by adding a very granular permission to a group where the user was a member.  And then asked him to login and try to export the video piece again.    This solution was a little bit of 1 and 2, perhaps that is the blend to strive for.

  1. Steps in Genetec Config tool to grant permissions to export video
  2. login to desktop config client
  3. Find and select the user group, where the accounts lived
  4. Drill into Privileges | Actions | Cameras | View live video | Export video
    1. select allow.

The end.

One Comment
  1. I like my own posts, dork.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: