Advanced steps – Management Client

Use Management Client profiles to limit what administrators can view

Milestone recommends that you use Management Client profiles to limit what administrators can view in the Management Client.

Management Client profiles allow system administrators to modify the Management Client user interface. Associate Management Client profiles with roles to limit the user interface to represent the functionality available for each administrator role.

Display only the parts of the VMS that administrators need to perform their duties.

Learn more

The following control(s) provide additional guidance:

  • NIST 800-53 AC-4 Least Privilege
  • NIST 800-53 CM-1 Configuration Management Policy and Procedures
  • NIST 800-53 CM-2 Baseline Configuration
  • NIST 800-53 CM-6 Configuration Settings
  • NIST 800-53 CM-7 Least Functionality

Allow administrators to access relevant parts of the VMS

If you have a setup that requires multiple administrators, Milestone recommends that you configure different administrator permissions for administrators who use the Management Client.

To define administrator permissions, follow these steps:

  1. In Management Client, expand the Security node, select Roles, and then select the relevant administrator role.

    You cannot modify the built-in administrator role, so you must create additional administrator roles.

  2. On the Overall Security tab, specify the actions that the administrator can take for each security group.
  3. On the other tabs, specify the security settings for the role in the VMS.

    For more information, see the administrator manual for XProtect VMS.

  4. On the Info tab, associate the role with a Management Client profile.

You can turn on or turn off features by using the Management Client profile. Before you assign a user to a Management Client profile, ensure that the permissions for the user’s role are appropriate for the profile. For example, if you want a user to be able to manage cameras, make sure that the role allows the user to do this, and that cameras are enabled on the Management Client profile.

Learn more

The following control(s) provide additional guidance:

  • NIST 800-53 AC-4 Least Privilege
  • NIST 800-53 CM-1 Configuration Management Policy and Procedures
  • NIST 800-53 CM-2 Baseline Configuration
  • NIST 800-53 CM-6 Configuration Settings
  • NIST 800-53 CM-7 Least Functionality

Run the Management Client on trusted and secure networks

If you access the Management Server with Management Client over HTTP, the plain text communication can contain unencrypted system details.Milestone recommends that you run the Management Client only on trusted and known networks. Use a VPN to provide remote access.

Learn more

The following control(s) provide additional guidance:

  • NIST SP 800-53 AC-2 Account Management
  • NIST SP 800-53 CM-6 Configuration Settings
  • NIST SP 800-53 IA-2 Identification and Authentication