Authority levels is an advanced feature on our Mercury based hardware platform that empowers administrators with the ability to assign authority levels to specific rules, enabling precise control over access and actions within the system.
This feature ensures that only authorized personnel with the requisite authority level can trigger designated rules, thereby bolstering security measures and optimizing operational workflows.
For example, when a user possesses authority level 1 and a rule is assigned the same level, their actions will activate corresponding events, such as triggering an output via I/O rules by specific users only. Conversely, users lacking the requisite authority level will be unable to trigger the assigned rules, ensuring the system's integrity and effectiveness.
Understanding the Authority Levels
In Genea system, administrators have the flexibility to configure up to 8 different authority levels, each of which can be applied to various I/O rules or first-person in rules.
When it comes to authority levels to interact with I/O rules, they are triggered by specific card events like Access Granted, Access Denied, or first-person in events. Once an I/O rule is set to trigger on a card event such as Access Granted, it will activate for all occurrences of that event. However, administrators have the option to assign authority levels to these rules.
For instance, assigning authority level 3 to an 'Access Granted' trigger ensures that the I/O rule will only activate if two conditions are met: there is an Access Granted event, and the associated card possesses authority level 3.
Consider a scenario where a user with card number 15002 is assigned authority level 3. In this case, only card 15002 will be capable of triggering the I/O rule, provided it can produce Access Granted events. This granular control afforded by authority levels allows for precise management of I/O rules, enhancing security and operational efficiency within the system.
I/O Rule = Trigger when there is an Access Granted event AND authority level is 3
User | Card Number/ Event | Authority Level | Will be able to trigger the I/O rule with authority 3? |
John Doe | 15002 (Access Granted) | 3 | Yes ✔ |
Jack Hudson | 15003 (Access Granted) | 2 | No ✘ |
Dennis Eggen | 15004 (Access Granted) | None | No ✘ |
NOTE : Please be aware that while it is feasible to include more than 8 authority levels, we currently provide the option to add up to 8. Should you need additional authority levels, please reach out to the Genea support team for assistance.
How to configure the authority levels?
To set up authority levels, proceed as follows:
1. Go to Access Control > Access Policies > Authority Levels on your Genea location dashboard.
2. Click on the '+Add' button and begin creating a new authority level by giving it a suitable name and, if you want, a description. Click Save.
Allocate authority level to the first-person in rule
After creating the access rule, proceed to assign the level to either the I/O rule or the first person in rule. Let's illustrate this with an example: configure the first person in rule and assign the authority level to the server room door. By doing so, you ensure that the first person in rule can be activated by users with cards possessing the same authority levels.
1. Go to Hardware > Server Room Door.
2. Scroll down to the 'Door Schedule' section and click on the 'Edit' button.
3. Activate the Door Schedule option, followed by enabling the first-person in option. Subsequently, you will see a dropdown menu to choose an authority level.
4. Choose the suitable authority level, desired access mode, and schedule. Then, click on the 'Save' button. For further information on access modes and scheduling, refer this.
Now that you've configured the server room door to activate the first-person in rule exclusively for users with the authority level of 'Trigger first person in at the server room,' let's proceed to assign the same authority level to the users whom you wish to authorize to trigger the rule.
Assign the authority level to users
1. Access the user profile and navigate to the Location Access section. Then, edit the location access where you intend to assign the authority level.
2. Select the authority level and click Save.
By doing this, the chosen user will be granted the same authority level as the first-person in rule on the Server Room door, ensuring that they can only activate the rule on the server room door.
Allocate authority level to the I/O rules
To understand how authority levels can interact with I/O rules, let's see an example:
Example : Configuring I/O and Authority Levels for Arming and Disarming
Configuration Overview:
Relay Programming:
Two relays are to be programmed: one for the Arming function and one for the Disarm function.
Access Control:
Only certain members of the location should have access to activate the Arm and Disarm relays.
Card Read Configuration:
A single card read should disarm the system, while a double read should arm at designated doors.
Arming Schedule:
An Arming schedule is to be created for operation only from 8pm to 7am, Monday to Friday.
Disarming and Re-arming should only be possible during these hours, with relays inactive outside of this timeframe.
Let's configure this use case with I/O and authority level.
1. Define the relays
Before proceeding with the configuration, ensure that your location's control points already include two defined relays: one for arming and one for disarming. We'll utilize these relays in the setup.
2. Configure a schedule
Also, a schedule has been configured with the specified time intervals as mentioned above.
3. Define an authority level
Create an authority level to be assigned to the I/O rule, allowing specific users the ability to trigger the rule.
4. Create an I/O rule
a. Let's first create a variable, since the arm and disarm will happen on the same reader with a double and single swipe respectively and we need to maintain the state of the function. Initially all the variables added have a 'Clear' state.
b. Now we will create a trigger for the I/O rule to arm the system.
Let's understand the trigger:
This component of the trigger ensures that the rule will exclusively activate during the Office Hours schedule, operational from 8pm to 7am, Monday to Friday. Outside of this designated timeframe, the rule remains inactive, thus maintaining the relay's security.
This specifies the source reader where the swipe should occur.
This specifies that the action will be invoked only when a double swipe occurs on the reader.
This ensures that a successful double swipe must occur from users with the same authority level in order to trigger the rule.
To prevent the first among a double swipe from triggering the other rule for disarming the relay, this condition ensures that if the variable state is clear, a single swipe on the reader will not trigger any action.
c. The action will be to activate the arm relay and set the trigger variable to store the state of the arming rule being active.
d. Similarly, another rule must be created for disarming the relay, as outlined below:
e. The final step to achieve the use case will be to assign the users with the same authority level as the rule, ensuring that only designated users can trigger the rule.
If you have any questions about this feature or have any other requests, please reach out to acsupport@getgenea.com.