CONNECT ACRM
Application | CONNECT |
Role | Access Control Representative Manager (ACRM) |
Description | Grants the ability to manage ACRs |
Objective
The Access Control Representative Manager (ACRM) is responsible for managing one or more Access Control Representatives (ACRs) and one or more Access Groups. Assigning a user the ACRM role will display a new page where ACRs, and Access Groups can be assigned to the ACRM and managed. From this page, the user is able to search for Access Groups and assign them to their ACRs.
They can also add / amend PIN and IDS Codes. If the system has been configured to only allow a specific role to handle PIN and IDS Codes (the field Manage Pin and IDS Codes via a separate User Role in Configuration > General has been set to ON) then they can only use this functionality if they are also assigned the role of PIN Code Manager and / or IDS Code Manager as appropriate.
Note
If Manage Audits via a separate user role in Configuration > General has been set to ON, ACRM will have no access to My Audits unless they have been granted the additional role of Auditor.
Access
Dashboard | My Audits | Identities | Uploads | My Groups | Reports | Configuration | ACRM | Requests |
|---|---|---|---|---|---|---|---|---|
Limited Access | LIMITED Access | LIMITED Access | NO Access | FULL Access | NO Access | NO Access | Full Access | LIMITED Access |
Access Modifiers
ACRM can only add access if ACR/ACRM Permissions for Access Rights (in CONNECT > Configuration > General) set to Add, edit, and delete.
ACRM can only add Access Groups that they have been assigned by the ACR Administrator.
ACRM can only remove Access Rights assigned by other ACR/ACRM if ACR/ACRM Permissions for Access Rights assigned by other ACR/ACRM (in CONNECT > Configuration > General) set to Delete Only.
ACRM can only access My Audits if Configuration > Audit set to ON. Additionally, if Manage Audits via a separate user role in Configuration > General has been set to ON, ACRM will have no access to ‘My Audits’ unless they have been granted the additional role of Auditor.
ACRM can add new Identities to CONNECT but only if ACR/ACRM Can Add New Identity (under Role Actions in CONNECT > Configuration > General) set to ON.
ACRM can view credentials but they can only make amendments to credentials if ACR/ACRM Permissions for Credential Rights (in CONNECT > Configuration > General) set to Add, edit, and delete or Delete only.
ACRM is only able to view and add PIN Codes and IDS Codes if:
Configuration > General > Identity Credentials Pin > Enable credential pin management set to ON.
Configuration > General > IDS code > Enable IDS code set to ON.
Additionally, if Configuration > General > Manage Pin and IDS Codes via a separate User Role set to ON then ACRM can only view / add PIN Codes and IDS Codes if they have been assigned the additional roles of PIN Code Manager and IDS Code Manager.
Screens
Screen | Functionality | Access Rights (Yes = ✓ or No) | Limitation |
|---|---|---|---|
Dashboard | Unknown Card Holders Widget | ✓ | Provided Widget has been added to a Dashboard that has been configured to be shared with ACRM. |
Dashboard | Access and Credential Removal Widget | ✓ | Provided Widget has been added to a Dashboard that has been configured to be shared with ACRM. |
Dashboard | Unmanaged Access Groups Widget | ✓ | Provided Widget has been added to a Dashboard that has been configured to be shared with ACRM. |
Dashboard | Deleted ACR/ACRMs to Process | ✓ | Provided Widget has been added to a Dashboard that has been configured to be shared with ACRM. |
Dashboard | Current Audits | ✓ | Provided Widget has been added to a Dashboard that has been configured to be shared with ACRM. |
Dashboard | Access Management Mismatch | ✓ | Provided Widget has been added to a Dashboard that has been configured to be shared with ACRM. Widget cannot be added until Restrict access groups by company in CONNECT > Configuration > General has been set to ON at least once. |
My Audits | Current Audits | ✓ | Provided Configuration > Audit set to ON. If Manage Audits via a separate user role in Configuration > General has been set to ON, ACRM will have no access to My Audits unless they have been granted the additional role of Auditor. |
My Audits | Past Audits | No | |
Identities | Add New Identity | ✓ | Only if ACR/ACRM Can Add New Identity (under Role Actions in CONNECT > Configuration > General) set to ON. |
Identities | View Identity Information | ✓ | |
Identities | Add Credentials button | ✓ | |
Identities | Grant Access button | ✓ | Only if ACR/ACRM Permissions for Access Rights (in CONNECT > Configuration > General) set to Add, edit, and delete. |
Identities | Grant Access in Bulk button | ✓ | Only if ACR/ACRM Permissions for Access Rights (in CONNECT > Configuration > General) set to Add, edit, and delete. |
Identities | Add Pin | ✓ | Only if Configuration > General > Manage Pin and IDS Codes via a separate User Role set to OFF and Config > General > Identity Credentials Pin > Enable credential pin management set to ON. |
Identities | View Pin | ✓ | Only if Configuration > General > Manage Pin and IDS Codes via a separate User Role set to OFF and Config > General > Identity Credentials Pin > Enable credential pin management set to ON. |
Identity Information | Add IDS code | ✓ | Only if Configuration > General > Manage Pin and IDS Codes via a separate User Role set to OFF and Config > General > IDS code > Enable IDS code set to ON. |
Identity Information | View IDS code | ✓ | Only if Configuration > General > Manage Pin and IDS Codes via a separate User Role set to OFF and Config > General > IDS code > Enable IDS code set to ON. |
Identity Information | Sync to PACS | ✓ | |
Identity Information | View Credentials | ✓ | Default setting. |
Identity Information | Add Credential | ✓ | Only if ACR/ACRM Permissions for Credential Rights (in CONNECT > Configuration > General) set to Add, edit, and delete |
Identity Information | Create Credential on the fly | ✓ | Only if ACR/ACRM Permissions for Credential Rights (in CONNECT > Configuration > General) set to Add, edit, and delete |
Identity Information | Edit Credential | ✓ | Only if ACR/ACRM Permissions for Credential Rights (in CONNECT > Configuration > General) set to Add, edit, and delete |
Identity Information | Remove Credential | ✓ | Only if ACR/ACRM Permissions for Credential Rights (in CONNECT > Configuration > General) set to Add, edit, and delete or Delete only. |
Identity Information | Add Access | ✓ | Only if ACR/ACRM Permissions for Access Rights’(in CONNECT > Configuration > General) set to Add, edit, and delete. |
Identity Information | Remove Access | ✓ | Default setting. (Only Access assigned by themselves). Can also remove Access Rights assigned by other ACR/ACRM if ACR/ACRM Permissions for Access Rights assigned by other ACR/ACRM (in CONNECT > Configuration > General) set to Delete Only. |
Badge Creation | New Badge | No | |
Badge Creation | Previous Badges | No | |
Badge Creation | Print Badges | No | |
Uploads | Credential Assignment Uploads | No | |
My Groups | View Identities | ✓ | Only access groups associated with them |
My Groups | View Managers | ✓ | Only access groups associated with them |
My Groups | View Readers | ✓ | Only access groups associated with them |
Reports | Run Reports | No | |
Reports | Saved Reports | No | |
Configuration | Access Control | No | |
Configuration | Access Groups | No | |
Configuration | Access Requests | No | |
Configuration | Audit | No | |
Configuration | Badges | No | |
Configuration | Credential | No | |
Configuration | Credential Request | No | |
Configuration | Dashboard | No | |
Configuration | General | No | |
Configuration | Notifications | No | |
Configuration | Roles | No | |
Configuration | Rules | No | |
Configuration | Wallet | No | |
ACRM | Remove Access from ACRM | ✓ | |
ACRM | Transfer Access from ACRM | ✓ | |
ACRM | Add Access to ACR | ✓ | Limited to Groups currently managed by ACRM |
ACRM | Remove Access from ACR | ✓ | Limited to Groups currently managed by ACRM |
ACRM | Transfer Access from ACR | ✓ | Limited to Groups currently managed by ACRM |
Requests | Access | ✓ | |
Requests | My Access Request History | ✓ |
|
Requests | Credentials | ✓ | |
Requests | Manage Access Requests | ✓ |
|
Requests | Manage Credential Requests | No |
Additional Access
Application | Screen | Functionality | Access Rights (Yes = ✓ or No) | Limitation |
|---|---|---|---|---|
IDM | My Profile | View Page | ✓ | |
IDM | My Profile | Edit User Preference | ✓ | Preferred Language and Page Size for List Views ONLY. |
IDM | No Access | No Access | No | ACRM has no access to IDM tab. |
GUEST | No Access | No Access | No | If GUEST > Configuration > System > Default User Role = None then no access granted. (Not authorized to access GUEST displayed). |
GUEST | New Visit My Visits | Schedule New Visits View Scheduled Visits | ✓ | If GUEST > Configuration > System > Default User Role = Host or Host Delegate then access is the same as the configured Default User Role. |