Manage Users Preferences

The Manage Users Preferences tab allows you to change your password, add or remove users, and edit users’ access levels.

Most user roles can change their own password by clicking on the Change Password button. Administrators can also use this button to change the passwords of other users in their tenant, while Super Administrators can change the passwords of any other user. This can be useful when a password reset is needed.

Administrators can change other users’ roles within their tenant by clicking on the Change Role button, while Super Administrators can change any user’s role.

Administrators and Super Administrators can click the + button to add new users. Similarly, Administrators can click the - button to delete a user in their tenant, while Super Administrators can click - to delete any user.

User Roles

Every user account has a user role assigned to it, which determines the access privileges granted to the user. The following user roles are defined:

Role Cumulative Role Privileges Description
Analyst Analyst READ_EVENT_PRIVILEGE Analysts can read event data stored in their tenants.
Monitor Analyst + WRITE_EVENT_PRIVILEGE, READ_PRIVILEGE READ_EVENT_PRIVILEGE, WRITE_EVENT_PRIVILEGE, READ_PRIVILEGE Monitors can read identity and event data stored in their tenants. They can also write event data.
User Proxy Monitor + WRITE_PRIVILEGE READ_EVENT_PRIVILEGE, WRITE_EVENT_PRIVILEGE, READ_PRIVILEGE, WRITE_PRIVILEGE User Proxies can read and write all person and event data stored in their tenants.
Editor Proxy User Proxy + DELETE_PRIVILEGE READ_EVENT_PRIVILEGE, WRITE_EVENT_PRIVILEGE, READ_PRIVILEGE, WRITE_PRIVILEGE, DELETE_PRIVILEGE Editor Proxies can read and write all identity and event data stored in their tenants. They can also delete person data in their tenants.
User User Proxy + ACCOUNT_PRIVILEGE READ_EVENT_PRIVILEGE, WRITE_EVENT_PRIVILEGE, READ_PRIVILEGE, WRITE_PRIVILEGE, ACCOUNT_PRIVILEGE Users are identical to User Proxies except they can also change their own passwords.
Editor Editor Proxy + ACCOUNT_PRIVILEGE READ_EVENT_PRIVILEGE, WRITE_EVENT_PRIVILEGE, READ_PRIVILEGE, WRITE_PRIVILEGE, DELETE_PRIVILEGE, ACCOUNT_PRIVILEGE Editors are identical to Editor Proxies except they can also change their own passwords.
Engineer Editor + CONFIG_PRIVILEGE READ_EVENT_PRIVILEGE, WRITE_EVENT_PRIVILEGE, READ_PRIVILEGE, WRITE_PRIVILEGE, DELETE_PRIVILEGE, CONFIG_PRIVILEGE, ACCOUNT_PRIVILEGE Engineers can manage all data stored in their tenants.
Administrator Engineer + ACCESS_PRIVILEGE READ_EVENT_PRIVILEGE, WRITE_EVENT_PRIVILEGE, READ_PRIVILEGE, WRITE_PRIVILEGE, DELETE_PRIVILEGE, CONFIG_PRIVILEGE, ACCESS_PRIVILEGE Administrators can manage all users and data within their tenants.
Super Administrator Administrator + SUPER_READ_PRIVILEGE, SUPER_WRITE_PRIVILEGE, SUPER_DELETE_PRIVILEGE, SUPER_CONFIG_PRIVILEGE, SUPER_ACCESS_PRIVILEGE, LICENSE_RETRIEVAL_PRIVILEGE READ_EVENT_PRIVILEGE, WRITE_EVENT_PRIVILEGE, READ_PRIVILEGE, WRITE_PRIVILEGE, DELETE_PRIVILEGE, CONFIG_PRIVILEGE, ACCOUNT_PRIVILEGE, ACCESS_PRIVILEGE, SUPER_READ_PRIVILEGE, SUPER_WRITE_PRIVILEGE, SUPER_DELETE_PRIVILEGE, SUPER_CONFIG_PRIVILEGE, SUPER_ACCESS_PRIVILEGE, LICENSE_RETRIEVAL_PRIVILEGE Super Administrators can manage all users and data across all tenants. This role is only available to on-premise deployments; in cloud deployments SAFR Administrators adopt the role of Super Administrators, by design, since the SAFR engineering team is responsible for managing the SAFR Servers for cloud deployments.
Founder Founder LICENSE_RETRIEVAL_PRIVILEGE, ACCOUNT_PRIVILEGE Internal use only.

Privilege Types

The following privilege types determine what access priveleges have been granted to users:

Privilege Scope Object Description
READ_EVENT_PRIVILEGE Tenant Events For monitoring events, allows access to CVEV GET /events and CVOS GET /stream and /object
WRITE_EVENT_PRIVILEGE Tenant Events For posting events and event data , allows CVEV POST /event and CVOS POST /stream and /object
READ_PRIVILEGE Tenant People Allows matching of faces against known people, reading people’s stored info, reading user info, etc.
WRITE_PRIVILEGE Tenant People Allows insertion of new faces into an identity database and modification of personal information of recognized people within the user’s tenant.
DELETE_PRIVILEGE Tenant People Allows deletion of recognized people and faces within the user’s tenant.
CONFIG_PRIVILEGE Tenant Config (Video, Settings) Allows changes to any of the configuration values on the Video Feeds Window within the user’s tenant.
ACCOUNT_PRIVILEGE Tenant Self Allows changes to a user’s own account properties, such as setting password, but doesn’t allow changing other users’ account properties.
ACCESS_PRIVILEGE Tenant Account Allows making changes to users within the same tenant, including addition and deletion of users. APIs that require ACCOUNT_PRIVILEGE accept ACCESS_PRIVILEGE as well.
SUPER_READ_PRIVILEGE Global Events, People, and Config Allows viewing recognized people and faces, reading VIRGO configurations, etc. across tenants.
SUPER_WRITE_PRIVILEGE Global Events, People, and Config Allows making changes to recognized people and faces properties, changes to virgo configurations, etc. across tenants.
SUPER_DELETE_PRIVILEGE Global People Allows deletion of recognized people and faces across across tenants.
SUPER_CONFIG_PRIVILEGE Global Events and Config Allows changes to any of the configuration values on the Video Feeds Window across tenants.
SUPER_ACCESS_PRIVILEGE Global Accounts Allows admin of users across tenants.
LICENSE_RETRIEVAL_PRIVILEGE Global Allows the user to retrieve and edit SAFR license information. See On-Premise Licensing or Cloud Licensing for information about SAFR licenses.

See Also