Skip to main content
BluINFO

BluSKY Permissions

BluSKY URL: https://blusky.blub0x.com/en-US/

Overview

Permissions are used to define what sort of access to BluSKY will be granted to a user. Our system is flexible in nature and provides many different options to determine exactly which permissions a person should have.  The permissions are subsequently organized into Roles that can be easily assigned and scoped to each person. In this article we will discuss each one of the permissions and provide details into the appropriate use.

There are many different approaches to permissions that you may want to take. BluBØX recommends the "Deny by Default", commonly used in the information technology field. This policy is fairly straight forward, don't ever give someone a set of permissions until you know they absolutely need it. This protects the system the best but we recognize that you will have different needs and different levels of trust. Consult your system integrator if you wish to know more about what permissions should be given. 

A Few Basics 

First and foremost, you will never under any circumstances be able to assign permissions to a Role, that you do not currently have. This is a critical security feature that prevents people from being able to escalate their own permissions and give themselves permissions they should not have. It is very unlikely that you will ever be able to see all of the permissions listed in this guide so do not worry if each permission listed here does not appear for you. 

Also, permissions are organized into bundles called Roles. Roles make it easier to understand the permissions that are being granted. For example, a common Role is the Security Officer Role. Typically this Role will be used to grant the security personnel the ability to check visitor in and out, and monitor the system in real-time. The Role allows us to be able to bundle these common permissions and assign them easily. 

Lastly, if Roles define "what" I can do in BluSKY, Role Scope determines "where" the permissions are applicable. Combined together Roles and Role Scope can be used to give specific permission for almost any possible situation. For example, suppose we create a Role that has the permissions to run reports. If we take the Role and scope it to a single Occupancy, when the person runs the report they will see only results for that Occupancy. Now if we were to take the exact same Role and scope it the System, we should see results from all of the Occupancies of the System. Keep in mind, even if you have System scope you can still limit the Report's criteria through each of the Reports interface.

Hardware Setup

This option is to grant a BluSKY person the needed permissions to change the hardware. These permissions are generally used by a system integrator but in some cases the ability to see the System configuration will be important for selecting certain criteria in BluSKY.

System Setup
System Setup permissions are necessary for anyone that is going to be building and configuring the hardware of a BluSKY system. This set of permissions will grant the user the ability to create, edit, view or delete, Contollers, SIO Boards, Portals and other core system entries. Typically these permissions as assigned to system integrator and on some occasion to a person that manages an entire BluSKY building. In some cases, it may be necessary to assign the System View permission to allow a Person to access the System in selection criteria.
Triggers
Trigger permissions allow the user to define a series of event based off an initial condition. This type of permission is typically only used by system integrators but in some cases may also be used by people who manage an entire BluSKY Facility.

Personnel

This option will grant the user the permission to view, edit, delete or create personnel in BluSKY.  Be very careful who has create and edit permissions for this area, they would have the ability to give anyone strategic access to the system.

Personnel Administration
These permissions grant the user the ability to create, edit, view and/or delete Person Records. These permissions also grant the user the ability to capture photos, assign previously registered Cards and adjust assigned access rights. Please, note that the ability to assign a Card does not require Card Administration and that the ability to assign an Access Level requires Access Level permissions to view them to assign it.
These permissions are typically assigned to any Person that will manage the access rights of their tenants or employees.
Role Administration
Role Administration permissions grants the Person the ability to control Roles and permissions. It is important to note that under no circumstances are you able to grant more permissions than YOU currently have. These permissions should be reserved for People managing a BluSKY Facility or BluSKY Occupancy.

Visitors

This option will grant people the permissions to create visitors in BluSKY. 

Visitor Invitation
This set of permissions will allow you to create Visitor Invitation. However, this will limit the host person to only Person making the request. If you want the ability to make Visitor Requests for others, please see Manager Visitors on Behalf of Others.
Visitor Admissions
Visitor Admissions permission pertain to the Check In, Check Out and badging functionality that is associated with visitor reception. These permissions are typically assigned to a security officer or front desk reception person.
Visitors Invitations For Others
These permissions will allow you to create, edit, view and/or delete a Visitor Invitations with someone other than yourself as the Host. These permissions are typically used by Security Officers and administrative assistants that will regularly set appointments for others.

Access Control

The Access Control permissions are generally for controlling the flow of People in a BluSKY system.

Access Control Administration
Access Control Administration permissions grant the user the ability to manipulate the access rights of a user. 
Real Time Events
This set of permissions will allow a Person to view the Events Control screen. 
Elevator Control
This set of permission permits the person to access the Elevator Control menu.
Portal Control
These permissions grant the user the ability to access and use the Portal Control screen.
Control and Monitoring Collection
These permission grant access to the Control and Monitoring Points diagnostic tool. These permissions are typically reserved for system integrators but on occasion will be assign to a building manager with the proper training.
Delegate Point Administration
This set of permissions will allow a person to create, view, delete and/or edit Delegate Points. It should be noted that this permission is not required if you are the recipient of the delegated point.
Schedule Administration
This set of permission will allow the user to create, view, delete and/or edit Schedules.
Holiday Administration
This set of permission will grant the user the ability to create, edit, delete and/or view Holidays. This set of permissions only applies to creating and maintaining Holidays and not the Holiday portion of Schedules.
Access Level Administration
These permissions allow a Person to create, edit, delete and/or view Access Level. Please note, that the ability to see System security points or Delegated Points is critical to being able to use these permissions successfully.
Access Level Group
These permissions allow a Person to create, edit, delete and/or view Access Level Groups. Please note, that the ability to see System security points or Delegated Points is critical to being able to use these permissions successfully.
Control Points
These permissions allow a Person to monitor and control Control Points from the Control Point Control screen. 
Monitoring Points
These permissions allow a Person to monitor Monitoring Points from the Monitoring Point Control  screen. 
Intrusion
These permissions allow a Person to monitor and control the Intrusion Prevention System (IPS) from the Intrusion Control  screen. 
Can Assign BluREMOTE
This permission allows a Person to assign BluREMOTE capability to People, an Access Level or an Access Level Group. 

Video

Video Administration
This feature is currently being tested and will be available soon. Video permissions allow the user to view Video. 

Alarms

Alarm Control
These permissions allow a Person to view and control the alarm system through the Alarm Control screen.

Reporting

Reporting permissions allow a person to access and run Reports. Please note that additional permissions may be necessary for certain reports. For example, reports pertaining to personnel records will also require personnel permissions.

Access Denied Report
This grants the user access to the Access Denied Report. These permissions are typically used by security officers and building administrators to assess and address access right issues.
Access Level Report
This grants the user access to the Access Level Report. These permissions are typically used by system administrators to audit access rights. 
Access Report
This grants the user access to the Access Report. These permissions are typically used by tenant system administrators, security officers and building administrators to audit access rights. 
Alarms Report
This grants the user access to the Alarm Report. These permissions are typically used by security officers and building administrators to monitor and address issues involving the Intrustion Prevention System(IPS). 
Delegates Report
This grants the user access to the Delegates Report. These permissions are typically used by system and tenant administrators to audit delegated points for a system. 
Expected Visitor Report
This grants the user access to the Expected Visitor Report. These permissions are typically used by tenant system administrators, security officers and building administrators to audit visitors expected to arrive.
Person Activity Report
This grants the user access to the Person Activity Report. These permissions are typically used by tenant system administrators, security officers and building administrators to audit different user's actions.
Person Status Report
This grants the user access to the Person Status Report. These permissions are typically used by tenant system administrators, security officers and building administrators to audit different users current configuration.
Role Report
This grants the user access to the Role Report. These permissions are typically used by tenant system administrators, security officers and building administrators to audit different user's Role and the Roles themselves.
Visitor Arrivals Report
This grants the user access to the Visitor Arrivals Report. These permissions are typically used by tenant system administrators, security officers and building administrators to audit visitors that have already arrived.
Who's In Report
This grants the user access to the Who's In Report. These permissions are typically used by tenant system administrators, security officers and building administrators to audit users that have used their card recently.
Audit Report
This grants the user access to the Audit Report. These permissions are typically used by tenant system administrators and building administrators to audit changes to one of more person's record.
All Events Report
This feature is currently being tested and will be available soon. Video permissions allow the user to view all events for the system. 
Access Level Group Report
This grants the user access to the Access Group Level Report. These permissions are typically used by system administrators to audit access rights. 
 

 

Companies and Buildings

This option will enable a person to Create, Edit, Delete, and View Customers, Occupants, Vendors, Facilities, and Group configuration.

Customer Setup
Enabling these permissions will enable a person to Create, Edit, Delete, and View Customers. Only system integrator will ever need these permissions.
Occupant Administration
Enabling these permissions will enable a person to Create, Edit, Delete, and View Occupants in a building. Only those people that will be setting up new occupants should have create access.  Edit permissions should only be granted to those few people that might need to update an existing occupants setting, very rare once installed.
Vendor Administration
Vendor permissions allow the user to edit, delete, create and/or view Vendors. 
Facility Setup
Facility permissions will allow a Person to create, edit, view and/or delete Facilities. These permissions are typically used by system integrators but in some circumstances these permissions may be granted to a person that manages a BluSKY Facility. 
System Group Configuration
These permissions will allow a person to create and maintain System Groups. These permissions are intended for system integrators only and provides no benefit to the users of BluSKY.

Administration

Card Administration
These Permissions will allow a Person to create, edit, view or delete Cards. This will also grant access to the Card Upload feature allowing a person to quickly load large quantities of Cards to the system. Please note that the System Setup View permissions are necessary to reveal these menu items. 
Maps & Locations
This feature is currently not implemented. In certain cases we allow you to input this field for future use. These permissions allow a person to control the maps and location features of BluSKY.
Watch List Administration
This set of permissions allow a Person to control the Watchlist feature of BluSKY. We recommend that if this feature is being used, to give the permission to add to anyone that will manage or guard a BluSKY Facility or Occupancy. However, the ability to remove a Person from the list should be limited to only those with the proper authority. 
Notification Administration
These permissions allow a Person to create, edit, view and/or delete Notification. These permissions are likely granted to a Person managing a BluSKY Facility or a BluSKY Occupancy.
Rule Administration
The Rules permissions allow a Person to create, view, delete or edit Rules in BluSKY. The impact of these rules can be wide spread so it will be important to check that anyone with these permissions is trained to use them properly.
  • Was this article helpful?