Documente Academic
Documente Profesional
Documente Cultură
ACCESS RIGHTS
The three Ws of access rights
Access rights restrict a card user’s ability to enter and travel through an access–
controlled facility. When a card user presents his or her credential to a reader,
the access control system evaluates the access rights assigned to that card user.
If the evaluation results in access granted the door is unlocked otherwise access
is denied and the door remains locked.
Access rights control what happens when a credential is presented at a locked
door; they don’t control when a door is locked and when it is unlocked.
Access rights are specified in terms of the three Ws of access control: when,
where, who.
Where
When Who
Access
Rights
When
When specifies the days and times of day that access will
access be granted. When a credential is presented outside of the time specified
by the card user’s access rights, access is denied.
The Schedule object specifies a schedule that can be applied to one or more card
users. For a credential presented when a schedule is in its active state, the when
component of the access rights for granting access is satisfied.
A typical access control system uses multiple schedules to allow different access
rights to be specified for different types of employees or roles or for different
zones in the facility. For example, work hours, 24 by 7 and so on.
It is important to understand that access rights schedules are not the same as the
schedules such as the Unlock schedule used as inputs to the Door Controller
object. Access rights schedules specify when access may be granted at a locked
door; Door Controller object input schedules specify when the door is actually
locked.
The Schedule object also specifies days that are exceptions to the weekly
schedules such as holiday days where you want to deny access.
Where
Who
Where
When
Access
Group
The Access Group object’s name is chosen to reflect the role or duties of the
card users that are assigned the access group. Typically, the Access Group
object name describes or identifies the role that the group performs in the
organization, for example, custodians, employees, managers and so on.
Where
When Who
Access
Group
Access
Rights
The Card User object also defines access rights when access groups are added.
The Access Groups tab of the Card User dialog unites the when, where and who
by adding one or more access groups.
The power of this approach is evident in that any change to either the when or
where for an access group propagates to card users to which it is assigned,
immediately changing their access rights.
credential
presented
at locked door Credential includes card
presentation and optional
PIN keypad entry
CU object
No
found in ASM CU object corresponding to
? presented credential must be
in the ASM database
Yes
No CU object
status = Valid
? When card user status is
Valid then this result is yes
Yes
No card
status = Valid
? When presented card’s status is
Valid then this result is yes
Yes
No access group
This test is performed for each
schedule =
access group the card user is a
grant access
member of. When one access
?
group allows access then this
result is yes.
Yes
Yes antipassback
violation
? Antipassback is optional
No
credential
presented Credential includes card
presentation and optional
PIN keypad entry
CU object
No
found in ASM CU object corresponding to
? presented credential must be
in the ASM database
Yes
No CU object
status = Valid
? When card user status is
Valid then this result is yes
Yes
No card
status = Valid
? When presented card’s status is
Valid then this result is yes
Yes
No access group
This test is performed for each
schedule =
access group the card user is a
enable buttons
member of to determine which
?
buttons can be enabled for card
Yes user for this elevator.
No Yes
elevator controller
button schedule = Individual floor schedule for
enable each button determines
? whether or not to enable button
Yes
buttons enabled
access denied Yes
access granted