User Accounts

Role-Based Access Control

Local users and access permissions are handled via Role-Based Access Control (RBAC). Userful’s RBAC revolves around creating predefined roles and then assigning users to those roles.

Roles are a collection of permissions that you can assign to a user group; this allows the privileges associated with that role to be performed on applications within UCC. Broadly speaking, these are broken down into Control Center, Command and Control, and User Management tasks.

Before implementing RBAC you should evaluate the needs of the users in your organization and, based on the level of access they require to perform their duties, group users into roles that satisfy those requirements. It is a best practice to limit users to the minimum required role necessary for them to complete their assigned tasks.

User Accounts and Groups described here do not integrate with Userful Manager users and groups. This functionality is planned for a future release.

Users and Groups

To get started with Role Based Access Control, click “Users” in the left side menu of the Userful Control Center. Initially the User Accounts table will be empty, while the list of groups will include three legacy group names: Admin, Operator and Restricted. These predefined roles belong to the operating system level and cannot be modified with granular permissions. It is recommended to start creating new groups from scratch.

Here is a breakdown of the existing groups:

Default Users and Groups view

ADMIN - Full control, same access as the first user or system administrator

STAFF - Must be created from Settings screen. Intended for legacy Public Computing deployments. Staff users can affect individual station logins and view interactive sessions (Cloud Desktop, Web Browser), but cannot edit sources, create video walls, or use Command & Control

OPERATOR - For use with Command & Control exclusively. Users with this group can start, close, and move sources, and also recall predefined Layouts, but cannot edit sources or Layouts

RESTRICTED - This Group has access to all functions of UCC and C&C except User Management/RBAC.

Add a Group

Though Users are listed first, it is recommended to create Groups first, as users must be assigned to and have their permissions defined by Groups.

  1. Click the Add Group button

  2. Enter Group Name & Description

  3. Enable the required permissions for the group under each system application and click OK

The animation below shows an example of adding a new group with view-only access to Command & Control.

Creating a Group. Click the animation to zoom

Add a User

Next we will add a User, and assign them to that same Group.

  1. Click Add User.

  2. Create a User Name and Password.

  3. Assign the user to one of the Groups.

  4. Click OK.

Creating a User, and assigning them to that Group

RBAC Permission Descriptions

Resource Group

Resource Groups are the source groupings created in Mapping. This is helpful when a user must be restricted in their access to certain sources and/or Zones. Users with access to a particular Resource Group will only be able to see those Sources and whatever Displays or Zones have been assigned to them by users with higher access rights.

Control Center

This allows granular control of the elements on the left-side menu of Control Center

Permission

Description

Event Scheduler

Create, update and delete items in Events

Event-Scheduler view

View-only access to Events

Network-Display management

Admin access to the Displays section

Network-Display view

View-only access to the Displays section

Operation-Support

Admin access to the Support section

Operation-Support view

View-only access to the Support section

Station-Mapping administration

Admin access to the Mapping section

Station-Mapping view

View-only access to the Mapping section

System settings

Admin access to the Settings section

System settings view

View-only access to the Settings section

Command & Control

The Command and Control Module provides you with a drag and drop GUI to resize and arrange sources in real time within the video wall canvas.

Permission

Description

Audio

Access to audio setting of sources

Layout management

Create, update, and delete layouts

Layout switching

Ability to switch between existing layouts

Source activation

Activating existing sources from the list

Source interactive viewer

Ability to interact with sources (where supported)

Source management

Create, update, and delete sources from the list

Source-instance arrangement

Minimize, maximize sources and move them within the canvas

View access

View-only access to the C&C module

User Management

The User Management module allows access to the tool we are reviewing now.

Permission

Description

Users Administration

Create, update, and delete user accounts

Users & Groups View

View-only access to the groups and users page

Groups Administration

Create, update, and delete groups

Other Applications

Permission

Description

Control room Layout Switcher

Mobile interface to switch between saved Command & Control layouts

Control Room Supervisor Dashboard

Interface to view Control Room walls generated from multiple Peer systems