Additional security functionality

In addition to the Management Client profiles, Role options and Dual Authorization previously covered, XProtect Corporate offers a few additional security functions.

Client login

In addition to the previously covered profile and permission functions, roles can be configured to control if the XProtect Smart Client, XProtect Mobile client or XProtect Web Client can be used to log in to the VMS.

Controlling what clients users can use enables the VMS administrator to lock down access to the VMS for certain clients so only the client fitting the user’s tasks are allowed. This could for instance be:

Roaming security guards that only may use the XProtect Mobile client
Control room users that only may use the XProtect Smart Client
Administrators that only may use the XProtect Management Client

Role – XProtect Smart Client login allowed. Mobile Client and Web Client login not allowed.

Regardless of which client(s) the users have login permissions for, the functions and devices they can access are the same per the permissions otherwise configured in the role.

Multiple roles

In case users are members of multiple roles with different client permissions, the permissions experienced by the users will be the sum of the permissions from their roles. For example, if just one of the two roles that a user is a member of has the ‘Allow Mobile Client login’ enabled, the user can log in with the XProtect Mobile client.

Time-controlled login

In addition to controlling which clients the users and administrators can use to access the VMS, it is possible to limit the time period where they can log in and access the VMS.

Role – time-controlled login in XProtect Management Client

Time-controlled login is configured by creating a time profile wherein the time to be used for controlling login and access has been configured, and then selecting the time profile in the role.

Users in this role are now restricted to only log in and access the VMS during the time periods specified in the selected time profile. This is also enforced for users already logged in when the time exceeds the time selected in the time profile. In this case, any user in this role still logged in will be logged out and cannot log in again until the time reaches the time period again that is specified in the selected time profile.

Multiple roles

In case the users are a members of multiple roles where login is restricted by different time profiles, the users can log in and access the VMS during the sum of the selected time in the time profiles used in the roles. For example, if uses are members of two roles and role one’s time profile allows login on Mondays, and role two’s time profile allows login on Tuesdays, the user can log in and access the VMS on both Mondays and Tuesdays.

Time-controlled device permissions

In addition to controlling login and access to the entire VMS per selected time profile, it is also possible to control access to various functions and devices per time profile. In this case, access to the functions and devices is allowed while the time is within the time periods specified in the selected time profile for the device or function in question.

For example, it is possible to allow access to viewing live and playing back recordings for a group of cameras while the current time is within the time in the selected time profile, as shown in the screenshot below.

Role – time-controlled permissions in XProtect Management Client

Examples of other devices and functions that can be configured with time-based permissions include:

Listening to live and recorded audio
Speaking to speakers
Controlling PTZ cameras
Activating outputs and events
Controlling Smart Walls

Default time profile

In case the same time profile should be applied across all devices and functions that support time-based permissions, a time profile can be applied across all devices. This is done by leaving the time profile setting on the devices and functions set to ‘<default>’, and then simply selecting the desired time profile in the ‘Default time profile:’ dropdown on the role’s ‘info’ tab, as shown in the screenshot below.

Role – Selecting default time profile in XProtect Management Client

Limiting playback

Access to playback of recordings a can further be limited so only last n- minutes, hours or days from the current time can be played back. The options range from the last 5 minutes to the last 180 days.

Role – Limit playback to last n-minutes, hours, days in XProtect Management Client

Multiple roles

In case the users are members of multiple roles where access to playback is limited to last n- time, the users can play back recordings according to the role with the longest time allowed. For example, if a user is a member of two roles and the two roles limit playback to the last one hour and last 8 hours for the same device, the user can play back recordings from the last 8 hours for this device.