BluSKY Permissions

Last updated
Save as PDF
Share
1. Share
2. Tweet
3. Share

BluSKY URL: https://blusky.blub0x.com/en-US/

Overview

You can take many different approaches to the granting of permissions. BluBØX recommends the "Deny by Default", commonly used in the Information Technology field: don't ever give someone a permission until you know it is needed. This provides the best security for the system. However, you may have reason to proceed differently - if so, consult your system integrator for a full understanding of each permission.

A Few Basics

1. You cannot see or assign a permission that you, yourself, do not have to a new Role. This prevents people from escalating their own permissions. As a result, when creating a new Role, you will probably not see all the permissions listed below.

2. A "Role" contains a list of Permissions. a Role defines "what" you can do when logged into BluSKY. Roles should be given a name that invokes the permissions they contain. For example, the Role that contains the permissions that security personnel need to check visitors in and out and to monitor the system in real-time might be called the "Security Officer" Role.

3. Roles are "Scoped" to a certain entity to indicate "where" its permissions are applicable. For example, suppose a Role contains the permission to run reports. If that Role is scoped to an Occupancy, the report will contain results for that Occupancy only. However, the exact same Role, if scoped to a System, will contain results for all the Occupancies in the System. Incidentally, if your Role is scoped to the System, you can still limit the results when you run the report by using the filter to set your criteria.

4. When you edit a Role, you will find Permissions bundled into several categories as shown below. Note that each permission is expressed in terms of View / Add / Edit / Delete. So, for example, you can give a person the permission to view or edit something, but not add it, or delete it.

Hardware Setup

These permissions are needed to make changes to the system's hardware descriptions in BluSKY. They are generally granted to system integrators, but some or all may be needed when administering other elements in BluSKY.

System Setup: System Setup permissions must be granted to anyone who will be configuring hardware such as Controllers, SIO Boards, and Portals in BluSKY. This permission is also granted to Building Administrators or people needing to select the "System" Scope in BluSKY.
Triggers: Trigger permissions serve to define a series of events based off an initial condition. This permission is typically only used by system integrators, but may also be granted to people who manage Building Administrators.

Personnel

This option will grant the user the permission to view, edit, delete or create personnel in BluSKY. Be very careful who has create and edit permissions for this area, they would have the ability to give anyone strategic access to the system.

Personnel Administration: These permissions grant the user the ability to create, edit, view and/or delete Person Records. These permissions also grant the user the ability to capture photos, assign previously registered Cards and adjust assigned access rights. Please, note that the ability to assign a Card does not require Card Administration and that the ability to assign an Access Level requires Access Level permissions to view them to assign it.
These permissions are typically assigned to any Person that will manage the access rights of their tenants or employees.
Role Administration: Role Administration permissions grants the Person the ability to control Roles and permissions. It is important to note that under no circumstances are you able to grant more permissions than YOU currently have. These permissions should be reserved for People managing a BluSKY Facility or BluSKY Occupancy.

Visitors

This option will grant people the permissions to create visitors in BluSKY.

Visitor Invitation: This set of permissions will allow you to create Visitor Invitation. However, this will limit the host person to only Person making the request. If you want the ability to make Visitor Requests for others, please see Manager Visitors on Behalf of Others.
Visitor Admissions: Visitor Admissions permission pertain to the Check In, Check Out and badging functionality that is associated with visitor reception. These permissions are typically assigned to a security officer or front desk reception person.
Visitors Invitations For Others: These permissions will allow you to create, edit, view and/or delete a Visitor Invitations with someone other than yourself as the Host. These permissions are typically used by Security Officers and administrative assistants that will regularly set appointments for others.

Access Control

The Access Control permissions are generally for controlling the flow of People in a BluSKY system.

Access Control Administration: Access Control Administration permissions grant the user the ability to manipulate the access rights of a user.
Real Time Events: This set of permissions will allow a Person to view the Events Control screen.
Elevator Control: This set of permission permits the person to access the Elevator Control menu.
Portal Control: These permissions grant the user the ability to access and use the Portal Control screen.
Control and Monitoring Collection: These permission grant access to the Control and Monitoring Points diagnostic tool. These permissions are typically reserved for system integrators but on occasion will be assign to a building manager with the proper training.
Delegate Point Administration: This set of permissions will allow a person to create, view, delete and/or edit Delegate Points. It should be noted that this permission is not required if you are the recipient of the delegated point.
Schedule Administration: This set of permission will allow the user to create, view, delete and/or edit Schedules.
Holiday Administration: This set of permission will grant the user the ability to create, edit, delete and/or view Holidays. This set of permissions only applies to creating and maintaining Holidays and not the Holiday portion of Schedules.
Access Level Administration: These permissions allow a Person to create, edit, delete and/or view Access Level. Please note, that the ability to see System security points or Delegated Points is critical to being able to use these permissions successfully.
Access Level Group: These permissions allow a Person to create, edit, delete and/or view Access Level Groups. Please note, that the ability to see System security points or Delegated Points is critical to being able to use these permissions successfully.
Control Points: These permissions allow a Person to monitor and control Control Points from the Control Point Control screen.
Monitoring Points: These permissions allow a Person to monitor Monitoring Points from the Monitoring Point Control screen.
Intrusion: These permissions allow a Person to monitor and control the Intrusion Prevention System (IPS) from the Intrusion Control screen.
Can Assign BluREMOTE: This permission allows a Person to assign BluREMOTE capability to People, an Access Level or an Access Level Group.

Video

Video Administration: This feature is currently being tested and will be available soon. Video permissions allow the user to view Video.

Alarms

Alarm Control: These permissions allow a Person to view and control the alarm system through the Alarm Control screen.

Reporting

Reporting permissions allow a person to access and run Reports. Please note that additional permissions may be necessary for certain reports. For example, reports pertaining to personnel records will also require personnel permissions.

Access Denied Report: This grants the user access to the Access Denied Report. These permissions are typically used by security officers and building administrators to assess and address access right issues.
Access Level Report: This grants the user access to the Access Level Report. These permissions are typically used by system administrators to audit access rights.
Access Report: This grants the user access to the Access Report. These permissions are typically used by tenant system administrators, security officers and building administrators to audit access rights.
Alarms Report: This grants the user access to the Alarm Report. These permissions are typically used by security officers and building administrators to monitor and address issues involving the Intrustion Prevention System(IPS).
Delegates Report: This grants the user access to the Delegates Report. These permissions are typically used by system and tenant administrators to audit delegated points for a system.
Expected Visitor Report: This grants the user access to the Expected Visitor Report. These permissions are typically used by tenant system administrators, security officers and building administrators to audit visitors expected to arrive.
Person Activity Report: This grants the user access to the Person Activity Report. These permissions are typically used by tenant system administrators, security officers and building administrators to audit different user's actions.
Person Status Report: This grants the user access to the Person Status Report. These permissions are typically used by tenant system administrators, security officers and building administrators to audit different users current configuration.
Role Report: This grants the user access to the Role Report. These permissions are typically used by tenant system administrators, security officers and building administrators to audit different user's Role and the Roles themselves.
Visitor Arrivals Report: This grants the user access to the Visitor Arrivals Report. These permissions are typically used by tenant system administrators, security officers and building administrators to audit visitors that have already arrived.
Who's In Report: This grants the user access to the Who's In Report. These permissions are typically used by tenant system administrators, security officers and building administrators to audit users that have used their card recently.
Audit Report: This grants the user access to the Audit Report. These permissions are typically used by tenant system administrators and building administrators to audit changes to one of more person's record.
All Events Report: This feature is currently being tested and will be available soon. Video permissions allow the user to view all events for the system.
Access Level Group Report: This grants the user access to the Access Group Level Report. These permissions are typically used by system administrators to audit access rights.

Companies and Buildings

This option will enable a person to Create, Edit, Delete, and View Customers, Occupants, Vendors, Facilities, and Group configuration.

Customer Setup: Enabling these permissions will enable a person to Create, Edit, Delete, and View Customers. Only system integrator will ever need these permissions.
Occupant Administration: Enabling these permissions will enable a person to Create, Edit, Delete, and View Occupants in a building. Only those people that will be setting up new occupants should have create access. Edit permissions should only be granted to those few people that might need to update an existing occupants setting, very rare once installed.
Vendor Administration: Vendor permissions allow the user to edit, delete, create and/or view Vendors.
Facility Setup: Facility permissions will allow a Person to create, edit, view and/or delete Facilities. These permissions are typically used by system integrators but in some circumstances these permissions may be granted to a person that manages a BluSKY Facility.
System Group Configuration: These permissions will allow a person to create and maintain System Groups. These permissions are intended for system integrators only and provides no benefit to the users of BluSKY.

Administration

Card Administration: These Permissions will allow a Person to create, edit, view or delete Cards. This will also grant access to the Card Upload feature allowing a person to quickly load large quantities of Cards to the system. Please note that the System Setup View permissions are necessary to reveal these menu items.
Maps & Locations: This feature is currently not implemented. In certain cases we allow you to input this field for future use. These permissions allow a person to control the maps and location features of BluSKY.
Watch List Administration: This set of permissions allow a Person to control the Watchlist feature of BluSKY. We recommend that if this feature is being used, to give the permission to add to anyone that will manage or guard a BluSKY Facility or Occupancy. However, the ability to remove a Person from the list should be limited to only those with the proper authority.
Notification Administration: These permissions allow a Person to create, edit, view and/or delete Notification. These permissions are likely granted to a Person managing a BluSKY Facility or a BluSKY Occupancy.
Rule Administration: The Rules permissions allow a Person to create, view, delete or edit Rules in BluSKY. The impact of these rules can be wide spread so it will be important to check that anyone with these permissions is trained to use them properly.