7.6.6. Permissions

The Permissions feature allows administrators to configure which actions users can take on the recorder. Without the appropriate permission, a user cannot playback recordings, export calls, or run reports. With the correct permissions, a user can evaluate their agent group, create incidents, or even create new users with permissions of their own. The actions permitted are further filtered by permissions granted to individual resources and channel names on the recorder, and to the individual pages of Configuration Manager.

At install time, your NexLog DX-Series recorder is configured with a default set of User Groups and Permissions. Often, Recorder Administrators will simply assign users to the preexisting groups, and make minor modification to what permissions each group has.

The NexLog DX-Series permissions system is flexible and allows for the creation of new user groups and the assignment of customized sets of permission to each group, so the entire security system behavior can be configured based on your site’s needs. Permissions can be assigned directly to a user, or can be assigned to a user group; all users in a user group inherit the group’s currently set permissions.

Each permission is assigned as a noun-verb pair of Security Object and Security Operation. For example, User Groups is a Security Object and Add, Delete, Read, and Update are Security Operations, so a user or user group can be assigned permission to Read User Groups, which would allow them access to see what User Groups exist, but not add, edit, or delete them.

Access to each page of Configuration Manager is also restricted by permissions. This is because some permissions apply to more than one page and it is easier to know what a user or group can do when access to entire pages is explicitly granted rather than implicity arrived at based on individual Read permissions.

Permissions

Fig. 7.126 Permissions

The Users and Security: Permissions page shows a searchable and filterable list of users and user groups. Select any entry in this list and click Edit Permissions to see what Configuration Manager Pages and Security Operations are configured. The Permissions edit view can also be searched or filtered.

The filters available are:

  • Show All: Shows all permission options.

  • Show Permissions Granted: Shows only permissions selected for this user or group.

  • Show Permissions Not Granted: Shows only permissions not selected for this user or group.

  • Show Inherited: Shows only permissions this user has because of group membership. (Users Only)

  • Show Permissions Granted And Inherited: Shows permissions this user been assigned directly and those they have because of group membership. (Users only)

  • Show Changes Only: This last option only shows the changes being made to this user or user group during this editing session.

Permissions Edit with Filter Menu

Fig. 7.127 Permissions with Filter Set to Show Granted Directly And Inherited From Groups

Right-click on any permission to set or unset permission to an entire section, or if you want to see which users and groups have a given permission, select “View All With This Permission”

Permissions Edit Page Context Menu

Fig. 7.128 Permissions Edit Page Context Menu

A fast way to assign the appropriate permissions for a group or user is to select the pages they should have access to and click save. This will bring up the Additional Recommended Permissions Pop Up, listing the permissions relevant for each page.

Additional Permissions Recommended Pop Up Wizard

Fig. 7.129 Additional Permissions Recommended Pop Up Wizard

In the example above, the User was granted permission to load the Active Alerts, Archive Media History and Archives pages. The Additional Permissions Recommended wizard pop up appears to show the relevant Permissions relevant to actions performable on these pages. Without Update, the user cannot acknowledge an Active Alarm. Without Browse Archive, the user cannot put an archive into browse mode. The User already has Alert Read, so that permission is not suggested.