Access Levels and Schedules
Overview
Access Levels (or Permissions) define the specific rules governing what users can do within the system and when they can do it. They dictate which doors a user can unlock, which areas they can arm or disarm, and which outputs they can control, often tied to schedules to restrict access outside of designated working hours.
How It Works
The system uses a “What and When” structure to govern access:
- Users: Individuals authorized to interact with the system, identified by their Credential Types (such as cards or PINs).
- Access Levels (Permission Groups): Sets of rules assigned to Users. Instead of applying individual rules to every user, administrators assign users to groups (e.g., “Warehouse Staff”).
- Doors: The physical entryways controlled by electronic locks. The “What” in the permission structure defines which Doors a user’s Access Level can unlock.
- Schedules (Time Periods): The “When” in the permission structure. They dictate the specific times and days an Access Level is considered valid.
Schedule Types
Schedules automate system behaviors based on time and are built using the following components:
- Time Periods (Weekly Recurring): Time blocks configured for each day of the week when a rule should be active (e.g., Monday to Friday, 9am to 5pm).
- Calendars / Day Exceptions: Exceptions to the weekly rules. They can represent specific dates (like extended trading hours) or dates when the standard Time Period should not activate. Inception categorizes these as Single Dates, Date Ranges, or Calculated Dates.
- Holidays: Specific dates or periods that can be utilized within a Time Period to specify whether the period will be valid or invalid on those dates (e.g., ignoring standard access rules on public holidays).
Multi-level Access
As a system grows, assigning individual permissions becomes difficult to manage. Systems utilize Permission Groups to simplify this. Users can be assigned multiple groups, offering flexible configuration:
- Role-Based: Groups created based on user roles (e.g., IT Staff, Admin Staff).
- Hierarchy-Based: A base group grants access to common areas, while additional groups grant management-level access.
- Allow and Deny: Users can be assigned a broad Permission Group, and administrators can apply an explicit “Deny” permission to filter out specific access (e.g., granting access to an entire building, but denying access to a specific server room).
Platform Notes
Inception
Inception scheduling is managed directly via the Inception User Interface. It distinctly separates weekly recurring times (“Time Periods”) and exception dates (“Calendars”). A dedicated Scheduler page allows administrators to easily change when doors automatically unlock or areas arm without altering core configuration settings.
Integriti
Integriti uses a highly granular matrix of permissions managed through the System Designer or GateKeeper. Permissions use columns for “What” (the door/area), “Options” (the type of control), “When” (the time period), and “Is” (Valid or Invalid). Integriti relies heavily on hierarchical Permission Groups and Menu Groups to manage enterprise-scale access control. See Integriti for more details on system architecture.