Manage System
35
Vision
2
Instruction Manual
User Access Control
The User Access Control screen determines the type of User Access Control used to log in to Vision
2
and determines the source of
the User Groups shown in the V2 Service permissions and Archive Permissions screens (FIG. 50).
There are two types of user access:
NT User Groups - NT User Groups on the Vision
2
master server
LDAP - Active Directory
The user access control options are as follows
Click on a folder or item in the Group Name column to set the LDAP Base DN to the Path value for the currently selected
item. Expand the folders if necessary to view the contents.
Click
Validate
to check the new Base DN is an OU and to navigate down the LDAP hierarchy until you find a level to view the
user groups in your organization to give access to specific archive folders or Vision
2
services. The list of groups shown in
the User Access screen will now be available in the
Archives > Permissions
screen and
Manage System > V2 Services
Permissions
. Changing the LDAP Base DN will not remove any permissions that have been set already.
V2 Services Permission
The V2 Services Permissions screen (
Manage System > V2 Services Permissions
) is used to configure what operations different
users can carry out on the different services in the Vision
2
system. By default all users are allowed to do any operation on any
service. If User Access Control is enabled, then access to Vision
2
Services will be restricted based on the group that the user
belongs to. This is either NT User Groups on the Vision
2
master server, or LDAP groups depending on what option was selected in
the User Access screen, The administrator user account still has full access to all Vision
2
services. When user access is enabled
then a user with no permissions configured can only browse archives and play live channels. Access to archives is controlled by a
separate screen
Archives > Archive Permissions
.
The V2 Services Permissions contains two columns:
The left hand column contains a list of User Groups. If you have selected LDAP this is a list of user groups under the LDAP
Base DN path selected in the
Manage System > User Access
screen.
The right hand column contains a list of servers in your Vision
2
system, expand a server to see the services allocated to that
server. Expand a service to see the operations available for that service.
Carry out the following actions to allow members of a user group to access a service:
1.
Select the server to allow access to using the Select V2 Server drop down. There are two columns\:
The left hand column shows the available User Groups
The right hand column shows the services on this server.
2.
Expand the server and service to give access to in the right hand columns. This shows the different permissions available on
this service.
3.
Drag the user group to give access to from the left hand column and drop it under the correct permissions.
4.
Repeat steps 2 and 3 for all permissions, services, and user groups.
5.
Click
Apply
.
NOTE:
The new permissions will take effect as soon as you click Apply. However the menus shown to the affected users will not
change until they login again.
FIG. 50
User Access Control screen
User Access Control Options
Access Control Type
Select the appropriate option to indicate whether user access control is controlled
by Windows NT User Groups or LDAP.
Note if you change Access Control Type then you must either reboot your V2
Master Server or restart IIS.
LDAP Base DN
This is the path of the currently select Group.
Example value:
OU=Europe,DC=amx,DC=internal
Validate
Click this button to apply the LDAP settings
Root
Click to go back to the Root of the LDAP tree
Save
Click this button to save the selected LDAP path