The Manage Users Preferences tab allows you to change your password, add or remove users, and edit users' access levels.
Most user roles can change their own password by clicking on the Change Password button. Administrators can also use this button to change the passwords of other users in their tenant, while Super Administrators can change the passwords of any other user. This can be useful when a password reset is needed.
Administrators can change other users' roles within their tenant by clicking on the Change Role button, while Super Administrators can change any user's role.
Administrators and Super Administrators can click the + button to add new users. Similarly, Administrators can click the - button to delete a user in their tenant, while Super Administrators can click - to delete any user.
Every user account has a user role assigned to it, which determines the access privileges granted to the user. The following user roles are defined:
Role | Cumulative Role | Privileges | Description |
---|---|---|---|
Analyst | Analyst | READ_EVENT_PRIVILEGE | Analysts can read event data stored in their tenants. |
Monitor | Analyst + WRITE_EVENT_PRIVILEGE, READ_PRIVILEGE | READ_EVENT_PRIVILEGE, WRITE_EVENT_PRIVILEGE, READ_PRIVILEGE | Monitors can read identity and event data stored in their tenants. They can also write event data. |
User Proxy | Monitor + WRITE_PRIVILEGE | READ_EVENT_PRIVILEGE, WRITE_EVENT_PRIVILEGE, READ_PRIVILEGE, WRITE_PRIVILEGE | User Proxies can read and write all person and event data stored in their tenants. |
Editor Proxy | User Proxy + DELETE_PRIVILEGE | READ_EVENT_PRIVILEGE, WRITE_EVENT_PRIVILEGE, READ_PRIVILEGE, WRITE_PRIVILEGE, DELETE_PRIVILEGE | Editor Proxies can read and write all identity and event data stored in their tenants. They can also delete person data in their tenants. |
User | User Proxy + ACCOUNT_PRIVILEGE | READ_EVENT_PRIVILEGE, WRITE_EVENT_PRIVILEGE, READ_PRIVILEGE, WRITE_PRIVILEGE, ACCOUNT_PRIVILEGE | Users are identical to User Proxies except they can also change their own passwords. |
Editor | Editor Proxy + ACCOUNT_PRIVILEGE | READ_EVENT_PRIVILEGE, WRITE_EVENT_PRIVILEGE, READ_PRIVILEGE, WRITE_PRIVILEGE, DELETE_PRIVILEGE, ACCOUNT_PRIVILEGE | Editors are identical to Editor Proxies except they can also change their own passwords. |
Operator | Editor + BASIC_CONFIG_PRIVILEGE | READ_EVENT_PRIVILEGE, WRITE_EVENT_PRIVILEGE, READ_PRIVILEGE, WRITE_PRIVILEGE, DELETE_PRIVILEGE, BASIC_CONFIG_PRIVILEGE, ACCOUNT_PRIVILEGE |
Operators are allowed limited configuration of the following:
|
Engineer | Editor + CONFIG_PRIVILEGE | READ_EVENT_PRIVILEGE, WRITE_EVENT_PRIVILEGE, READ_PRIVILEGE, WRITE_PRIVILEGE, DELETE_PRIVILEGE, CONFIG_PRIVILEGE, ACCOUNT_PRIVILEGE | Engineers can manage all data stored in their tenants. |
Administrator | Engineer + ACCESS_PRIVILEGE | READ_EVENT_PRIVILEGE, WRITE_EVENT_PRIVILEGE, READ_PRIVILEGE, WRITE_PRIVILEGE, DELETE_PRIVILEGE, CONFIG_PRIVILEGE, ACCESS_PRIVILEGE | Administrators can manage all users and data within their tenants. |
Super Administrator | Administrator + SUPER_READ_PRIVILEGE, SUPER_WRITE_PRIVILEGE, SUPER_DELETE_PRIVILEGE, SUPER_CONFIG_PRIVILEGE, SUPER_ACCESS_PRIVILEGE, LICENSE_RETRIEVAL_PRIVILEGE | READ_EVENT_PRIVILEGE, WRITE_EVENT_PRIVILEGE, READ_PRIVILEGE, WRITE_PRIVILEGE, DELETE_PRIVILEGE, CONFIG_PRIVILEGE, ACCOUNT_PRIVILEGE, ACCESS_PRIVILEGE, SUPER_READ_PRIVILEGE, SUPER_WRITE_PRIVILEGE, SUPER_DELETE_PRIVILEGE, SUPER_CONFIG_PRIVILEGE, SUPER_ACCESS_PRIVILEGE, LICENSE_RETRIEVAL_PRIVILEGE | Super Administrators can manage all users and data across all tenants. This role is only available to on-premises deployments; in cloud deployments SAFR Administrators adopt the role of Super Administrators, by design, since the SAFR engineering team is responsible for managing the SAFR Servers for cloud deployments. |
Founder | Founder | LICENSE_RETRIEVAL_PRIVILEGE, ACCOUNT_PRIVILEGE | Internal use only. |
The following privilege types determine what access privileges have been granted to users:
Privilege | Scope | Object | Description |
---|---|---|---|
READ_EVENT_PRIVILEGE | Tenant | Events | For monitoring events, allows access to CVEV GET /events and CVOS GET /stream and /object |
WRITE_EVENT_PRIVILEGE | Tenant | Events | For posting events and event data , allows CVEV POST /event and CVOS POST /stream and /object |
READ_PRIVILEGE | Tenant | People | Allows matching of faces against known people, reading people's stored info, reading user info, etc. |
WRITE_PRIVILEGE | Tenant | People | Allows insertion of new faces into an identity database and modification of personal information of recognized people within the user's tenant. |
DELETE_PRIVILEGE | Tenant | People | Allows deletion of recognized people and faces within the user's tenant. |
BASIC_CONFIG_PRIVILEGE | Tenant | Limited Config (Video, Settings) | Allows limited changes to configuration values (e.g. event archiving ON/OFF) within the user's tenant. |
CONFIG_PRIVILEGE | Tenant | Config (Video, Settings) | Allows changes to any of the configuration values on the Video Feeds Window within the user's tenant. |
ACCOUNT_PRIVILEGE | Tenant | Self | Allows changes to a user's own account properties, such as setting password, but doesn't allow changing other users' account properties. |
ACCESS_PRIVILEGE | Tenant | Account | Allows making changes to users within the same tenant, including addition and deletion of users. APIs that require ACCOUNT_PRIVILEGE accept ACCESS_PRIVILEGE as well. |
SUPER_READ_PRIVILEGE | Global | Events, People, and Config | Allows viewing recognized people and faces, reading VIRGO configurations, etc. across tenants. |
SUPER_WRITE_PRIVILEGE | Global | Events, People, and Config | Allows making changes to recognized people and faces properties, changes to virgo configurations, etc. across tenants. |
SUPER_DELETE_PRIVILEGE | Global | People | Allows deletion of recognized people and faces across across tenants. |
SUPER_CONFIG_PRIVILEGE | Global | Events and Config | Allows changes to any of the configuration values on the Video Feeds Window across tenants. |
SUPER_ACCESS_PRIVILEGE | Global | Accounts | Allows admin of users across tenants. |
LICENSE_RETRIEVAL_PRIVILEGE | Global | Allows the user to retrieve and edit SAFR license information. See On-Premises Licensing or Cloud Licensing for information about SAFR licenses. |
The privileges available to each user role are summarized in the table below.
Name | Privileges | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
Event | People | Account | Video | ||||||||
Read | Write/Edit | Delete | Read | Write/Edit | Config | Read | Write/Edit | Delete | Self | Edit | |
Analyst | X | ||||||||||
Monitor | X | X | X | ||||||||
User Proxy | X | X | X | X | |||||||
Editor Proxy | X | X | X | X | X | ||||||
User | X | X | X | X | X | ||||||
Editor | X | X | X | X | X | X | |||||
Operator | X | X | X | X | X | X | |||||
Engineer | X | X | X | X | X | X | X | ||||
Administrator | X | X | X | X | X | X | X | X | X | X | X |
Super Administrator | X | X | X | X | X | X | X | X | X | X | X |