CONNECT ACR
Application | CONNECT |
Role | Access Control Representative (ACR) |
Description | Holds access control representative role |
Objective
The access control representative (ACR) is the base level access manager. They are positioned hierarchically below access control representative managers (ACRM) and can be assigned all or a subgroup of the access groups assigned to the ACRM.
They have full access to Current Audits and, if configured, they can also add new Identities to CONNECT and can add / amend Access Groups and Credentials for the Identities they manage.
They can also add / amend PIN and IDS Codes. If the system has been configured to only allow a specific role to handle PIN and IDS Codes (the field Manage Pin and IDS Codes via a separate User Role in Configuration > General has been set to ON) then they can only use this functionality if they are also assigned the role of PIN Code Manager and / or IDS Code Manager as appropriate.
Note
If ‘Manage Audits via a separate user role in Configuration > General has been set to ON, ACR will have no access to My Audits unless they have been granted the additional role of Auditor.
Access
Dashboard | My Audits | Identities | Uploads | My Groups | Reports | Configuration | ACRM | Requests |
|---|---|---|---|---|---|---|---|---|
Limited Access | LIMITED Access | LIMITED Access | NO Access | FULL Access | NO Access | NO Access | NO Access | LIMITED Access |
Access Modifiers
ACR can only add access if ACR/ACRM Permissions for Access Rights (in CONNECT > Configuration > General) set to Add, edit, and delete.
ACR can only add Access Groups that they have been assigned by their ACRM.
ACR can only remove Access Rights assigned by other ACR/ACRM if ‘ACR/ACRM Permissions' for Access Rights assigned by other ACR/ACRM (in CONNECT < Configuration > General) set to Delete Only.
ACR can only access My Audits if Configuration > Audit set to ON. Additionally, if Manage Audits via a separate user role in Configuration > General has been set to ON, ACR will have no access to My Audits unless they have been granted the additional role of Auditor.
ACR can add new Identities to CONNECT but only if ACR/ACRM Can Add New Identity (under Role Actions in CONNECT > Configuration > General) set to ON.
ACR can view credentials but they can only make amendments to credentials if ACR/ACRM Permissions for Credential Rights (in CONNECT > Configuration > General) set to Add, edit, and delete or Delete Only.
ACR is only able to view and add PIN Codes and IDS Codes if:
Configuration > General > Identity Credentials Pin > Enable credential pin management set to ON.
Configuration > General > IDS code > Enable IDS code set to ON.
Additionally, if Configuration > General > Manage Pin and IDS Codes via a separate User Role set to ON then ACR can only view / add PIN Codes and IDS Codes if they have been assigned the additional roles of PIN Code Manager and IDS Code Manager.
Screens
Screen | Functionality | Access Rights (Yes = ✓ or No) | Limitation |
|---|---|---|---|
Dashboard | Unknown Card Holders Widget | ✓ | Provided Widget has been added to a Dashboard that has been configured to be shared with ACR. |
Dashboard | Access and Credential Removal Widget | ✓ | Provided Widget has been added to a Dashboard that has been configured to be shared with ACR. |
Dashboard | Unmanaged Access Groups Widget | ✓ | Provided Widget has been added to a Dashboard that has been configured to be shared with ACR. |
Dashboard | Deleted ACR/ACRMs to Process | ✓ | Provided Widget has been added to a Dashboard that has been configured to be shared with ACR. |
Dashboard | Current Audits | ✓ | Provided Widget has been added to a Dashboard that has been configured to be shared with ACR. |
Dashboard | Access Management Mismatch | ✓ | Provided Widget has been added to a Dashboard that has been configured to be shared with ACR. Widget cannot be added until Restrict access groups by company in CONNECT > Configuration > General has been set to ON at least once. |
My Audits | Current Audits | ✓ | Provided Configuration > Audit set to ON. If Manage Audits via a separate user role in Configuration > General has been set to ON, ACR will have no access to My Audits unless they have been granted the additional role of Auditor. |
My Audits | Past Audits | No | |
Identities | Add New Identity | ✓ | Only if ACR/ACRM Can Add New Identity (under Role Actions in CONNECT > Configuration > General) set to ON. |
Identities | View Identity Information | ✓ | |
Identities | Add Credentials button | ✓ | |
Identities | Grant Access button | ✓ | Only if ACR/ACRM Permissions for Access Rights (in CONNECT > Configuration > General) set to Add, edit, and delete. |
Identities | Grant Access in Bulk button | ✓ | Only if ACR/ACRM Permissions for Access Rights (in CONNECT > Configuration > General) set to Add, edit, and delete. |
Identities | Add Pin | ✓ | Only if Configuration > General > Manage Pin and IDS Codes via a separate User Role set to OFF and Config > General > Identity Credentials Pin > Enable credential pin management set to ON. |
Identities | View Pin | ✓ | Only if Configuration > General > Manage Pin and IDS Codes via a separate User Role set to OFF and Config > General > Identity Credentials Pin > Enable credential pin management set to ON. |
Identity Information | Add IDS code | ✓ | Only if Configuration > General > Manage Pin and IDS Codes via a separate User Role set to OFF and Config > General > IDS Code > Enable IDS Code management set to ON. |
Identity Information | View IDS code | ✓ | Only if Configuration > General > Manage Pin and IDS Codes via a separate User Role set to OFF and Config > General > IDS Code > Enable IDS Code management set to ON. |
Identity Information | Sync to PACS | ✓ | |
Identity Information | View Credentials | ✓ | Default setting. |
Identity Information | Add Credential | ✓ | Only if ACR/ACRM Permissions for Credential Rights (in CONNECT > Configuration > General) set to Add, edit, and delete. |
Identity Information | Create Credential on the fly | ✓ | Only if ACR/ACRM Permissions for Credential Rights (in CONNECT > Configuration > General) set to Add, edit, and delete. |
Identity Information | Edit Credential | ✓ | Only if ACR/ACRM Permissions for Credential Rights (in CONNECT > Configuration > General) set to Add, edit, and delete. |
Identity Information | Remove Credential | ✓ | Only if ACR/ACRM Permissions for Credential Rights (in CONNECT > Configuration > General) set to Add, edit, and delete or Delete Only. |
Identity Information | Add Access | ✓ | Only if ACR/ACRM Permissions for Credential Rights (in CONNECT > Configuration > General) set to Add, edit, and delete. |
Identity Information | Remove Access | ✓ | Default setting. (Only Access assigned by themselves.) Can also remove Access Rights assigned by other ACR/ACRM if ACR/ACRM Permissions for Access Rights assigned by other ACR/ACRM (in CONNECT > Configuration > General) set to Delete Only. |
Badge Creation | New Badge | No | |
Badge Creation | Previous Badges | No | |
Badge Creation | Print Badges | No | |
Uploads | Credential Assignment Uploads | No | |
My Groups | View Identities | ✓ | Only access groups associated with them |
My Groups | View Managers | ✓ | Only access groups associated with them |
My Groups | View Readers | ✓ | Only access groups associated with them |
Reports | Run reports | No | |
Reports | Saved Reports | No | |
Configuration | Access Control | No | |
Configuration | Access Groups | No | |
Configuration | Access Requests | No | |
Configuration | Audit | No | |
Configuration | Badges | No | |
Configuration | Credential | No | |
Configuration | Credential Request | No | |
Configuration | Dashboard | No | |
Configuration | General | No | |
Configuration | Notifications | No | |
Configuration | Roles | No | |
Configuration | Rules | No | |
Configuration | Wallet | No | |
ACRM | Remove Access from ACRM | No | |
ACRM | Transfer Access from ACRM | No | |
ACRM | Add Access to ACR | No | |
ACRM | Remove Access from ACR | No | |
ACRM | Transfer Access from ACR | No | |
Requests | Access | ✓ | |
Requests | My Access Request History | ✓ |
|
Requests | Credentials | ✓ | |
Requests | Manage Access Requests | ✓ |
|
Requests | Manage Credential Requests | No |
Additional Access
Application | Screen | Functionality | Access Rights (Yes = ✓ or No) | Limitation |
|---|---|---|---|---|
IDM | My Profile | View Page | ✓ | |
IDM | My Profile | Edit User Preference | ✓ | Preferred Language and Page Size for List Views ONLY. |
IDM | No Access | No Access | No | ACR has no access to IDM tab. |
GUEST | No Access | No Access | No | If GUEST > Configuration > System > Default User Role = None then no access granted. (Not authorized to access GUEST displayed). |
GUEST | New Visit My Visits | Schedule New Visits View Scheduled Visits | ✓ | If GUEST > Configuration > System > Default User Role = Host or Host Delegate then access is the same as the configured Default User Role. |