Assigning privileges to users

2025-05-26

If a pre-configured role doesn't meet a user's needs, you can adjust their privileges in Genetec™ Configuration desktop.

What you should know

Partition configuration is only available to users with the Operator role.

Users are assigned a basic set of privileges that are defined by the role assigned to them when their profile is created. They also inherit privileges from their parent user groups.
Users also have a set of privileges for every partition in which they are an authorized user. Privileges granted or denied at the partition level replace the basic privileges.

Administrator and Operator role privileges can be modified, but the original templates are periodically restored. To create custom privileges, configure a group under either role. These nested groups can have unique or different privileges from the default templates.

Best Practice:

Individual users should only have the minimum required privileges.

To help you better understand what your users can do, Genetec Configuration desktop includes a Privilege troubleshooter. The Privilege troubleshooter is a tool that helps you investigate the allocation of user privileges in your Security Center SaaS system. With this tool, you can discover:

Who has permission to work with a selected entity
What privileges are granted to selected users or groups
Who has been granted a privilege, has access to a specific entity, or both

Use the troubleshooter to verify access rights and help you fix issues.

Procedure

From the homepage in Genetec Configuration desktop, click User management > Advanced .
Select the user or group to configure, and click the Privileges tab.
(Optional) Fine-tune the user privileges by changing the individual privilege settings.
Keep in mind that if your user has a parent user group, the privilege inheritance rules apply.

Allow

Grant the privilege to the user. You can’t select this option if the privilege is denied to the parent user group.

Deny

Deny the privilege to the user.

Undefined

Inherit this privilege from the parent user group. If there isn’t a parent user group, this privilege is denied.
(Optional) Configure the privilege exceptions for each partition that the user has access to.
When a user is given access to a partition, their basic privileges are applied by default to the partition. As a system administrator, you can overwrite the privileges a user has over a specific partition. For example, a user can be allowed to configure alarms in partition A, but not in partition B. This means that a user can have a different set of privileges for each partition they have access to. Only Administrative and Action privileges, plus the privileges over public tasks, can be overwritten at the partition level.
1. At the bottom of the page, click Exceptions ().
  The Privilege exception dialog box opens.
2. In the Create an exception for list, select a partition.
3. Change the user's basic privileges as required.
4. Click Create.
  The privilege exceptions are added at the bottom of the privilege list.
Click Apply.
(Optional) Allow the user to move entities between partitions they can access.
To allow a user to move entities from one partition to another, you must grant them the associated Add/Delete <entities> pair of privileges for each entity type you allow them to move between partitions.
If you don’t want to grant the full Add and Delete privileges to the user but still want to allow them to move entities between partitions, enable the Manage partition memberships option as follows.
1. Click the Advanced tab.
2. In the Security section, enable the Manage partition memberships option.
  If necessary, switch Inherit from parent to Override to change this setting.
3. Click Apply.
Note:
When you grant All privileges to a user, the Manage partition memberships option is also enabled. However, if you disable the Manage partition memberships option, it doesn’t affect the other privileges the user has.