Best practices – Avigilon ACC Enterprise Version 5.2.2 User Manual
Page 34
To help you manage groups across the system, here are some features to help you maintain secure group
access:
l
Group Ranks: rank groups in order to give them control over certain groups and not others. Each
rank is a number and is generally categorized into Global (100), National (200), Regional (300)),
State (400) and Local (500). Unranked groups have access over all ranks. Ranks are applied when
you add or edit a group.
The higher the number, the lower the rank. For example, as a regional administrator you may be in
an Administrator group ranked 300, but the head of security is in an Administrator group ranked
100. Given these ranks, you would not be able to change the permissions for the head of security,
but the head of security would be able to change yours.
You can also set a custom rank by entering a specific number. As an extension of the rank
categories, a specific rank of 150 would be able to control groups 151 and up, but would not be
able to see or control group 149.
l
Copy Groups to Other Sites: copy configured groups to other Sites so that the same groups exist
at each Site location. For more information, see
Best Practices
Listed here are some recommendations for maintaining an efficient and secure system:
l
Change the default administrator password. The default administrator user has control over all aspects of
the system, so adding a password to the account is highly recommended. By default, there is no
password for the administrator account.
l
Create a secondary user for the Administrator group. It is recommended that you do not use the default
administrator user account, instead create a secondary user account with the same privileges so that the
default administrator user can still be used in the rare event that the system becomes compromised.
Tip: If you forget your administrator user password, the alternate administrator user can be used to reset the
password. This will avoid the need for a system-wide reset to restore the default administrator user password.
l
Assign a rank to all groups. Unranked groups have access over all other groups, so it is recommended that
any groups with users be assigned a rank to further define their access privileges. The default
Administrators group is Unranked by default, but you can create a new group with same permissions and
assign a rank to the new group.
l
Limit the number of users in the default Administrator group. The Administrator group is the oversight
group that should only be used for system maintenance. For example, users in the default Administrator
group are the only ones who can see or remove private bookmarks made by all users.
l
Always check that the device access permissions are correct after a group has been copied to a new
Site. Copied groups have the same feature permissions as the original group but automatically gain
access to all cameras, maps, saved Views, and web pages in the new Site.
l
Always check group access permissions after a new server has been merged into the Site.
l
If groups have the same name, the Site settings are used and the users from both the Site and the
server are added to the group.
l
Groups that are new to the Site automatically get access to all the devices in the Site.
34
Best Practices