startrceuid=33(www-data) gid=33(www-data) groups=33(www-data) endrce
Loading...
 

Access management on users and groups

In some cases, where there are a lot of users and readers, it might be more convenient to manage access control on both users and groups. While this mode allows for more advanced configurations, it also adds some complexity. It is for example possible to grant a user access on a reader while its group has no access on that reader. In such a case of conflicting access rights there is one rule that defines what the result will be:
If a user presents his/her card to a reader, the system will first check if an access rule is defined for that user reader combination. If so that rule will be executed. If not, the system will check if an access rule for the users group exists. If so, it will execute this.

REMARK: An access rule for the user can be ‘User has no access’ as well as ‘User has access’. So it is possible to grant a group access on a set of readers, but to deny one or more users from the group access on a subset of those readers.
REMARK: The default ‘access setting’ (No Access) is not seen as a valid access rule on the user in this case. In that case the group action will be executed (if it exists).
REMARK: It is impossible to execute both the ‘user specific’ and the ‘group specific’ function as the group action will never be executed if an access rule for the user exists (independent on whether this rule grants the user access or not).

When working in this mode, CARDSOFT will give an overview of both the users and the groups. When a user is selected (from the list on the left), the users group will be highlighted in yellow in the list of groups. Similarly, when a group is selected the users belonging to that group will be highlighted.
CARDSOFT will also indicate if ‘Group’, ‘User’ or ‘User and Group’ rights are defined for each user.
Image280

Switch Language

Technical Handbook:

Internal documentation

TT School