Available functionality depends on the system you are using. See Product comparison chart for more information.
On the Overall Security tab, you set up overall rights for roles. For every component available in your system, decide whether to Allow or Deny users with the role the rights to access and use different areas on the relevant component.
Note: The overall security settings only apply to the current site.
You can associate a user with more than one role. If you select Deny on a security setting for one role and Allow for another, the Deny right permission overrules the Allow right permission.
The Overall Security tab is available in all products except the free XProtect Essential+, but the tab gives you the possibility to change more functionality in XProtect Corporate than in XProtect Expert, XProtect Professional+, and XProtect Express+. This is because you can only set up differentiated administrator rights in XProtect Corporate, while you can set up overall rights for a role that uses XProtect Smart Client, XProtect Web Client, or Milestone Mobile client in all products.
In the following, the descriptions show what happens on each individual right for the different system components if you select Allow for the relevant role. If you use XProtect Corporate, you can see which settings are only available to you under each system component.
For every system component or functionality, the full system administrator can use the Allow or Deny check boxes to set up security permissions for the role. Any security permissions you set up here is set up for the whole system component or functionality. So if, for example, you select the Deny check box on Cameras, all cameras added to the system are unavailable for the role. In contrast, if you select the Allow check box instead, the role can see all added cameras to the system. The result of selecting Allow or Deny on your cameras is that the camera settings on the Device tab then inherit your selections on the Overall Security tab so that either all cameras are available or unavailable to the particular role.
If you want to set security permissions for individual cameras or similar, you can only set these individual permissions on the tab of the relevant system component or functionality if you have not set any overall permissions for the system component or functionality on the Overall Security tab.
The descriptions below also apply to the rights that you can configure through the MIP SDKs.
Important: If you switch your base license from XProtect Corporate to one of the other products, you can only do this if you have not set any security rights for the role for functionality that is not available in those products. Therefore, to complete such a switch, make sure that you remove all security rights that are available to XProtect Corporate only.
Management Server
Security right |
Description |
XProtect Corporate |
|---|---|---|
Full control |
Enables the right to manage all security entries on this part of the system. |
|
Read |
Enables the right to access a wide range of functionality, including:
It also enables access to the following features:
|
Only available |
Edit |
Enables the right to modify data in a wide range of functionality, including:
It also enables users to create, delete and edit the following features:
Note: Enables the right to configure local IP ranges when configuring the network on the recording server. |
Only available |
System Monitor |
Enables the right to view the data of the System Monitor. |
Only available |
Status API |
Enables the right to perform queries on the Status API located on the recording server. This means that the role with this right enabled, has access to read the status of the items located on the recording server. |
|
Manage Federated site hierarchy |
Enables the right to add and detach the current site to other sites in a federated site hierarchy. Note: If you set this permission to allowed on the child site only, the user can still detach the site from the parent site. |
Only available |
Backup Configuration |
Enables the right to create backups of the system configuration using the system's backup/restore functionality. |
Only available |
Authorize users |
Enables the right to authorize users when they are asked for a second login in XProtect Smart Client or Management Client. You define if a role requires login authorization on the Info tab. |
|
Manage security |
Enables the right to manage permissions for the Management Server. It also enables users to create, delete and edit the following features:
|
Only available |
Recording Servers
The following settings are only available in XProtect Corporate.
Security right |
Description |
Full control |
Enables the right to manage all security entries on this part of the system. |
Edit |
Enables the right to edit properties on the recording servers, except for network configuration settings that require edit right on the management server. |
Delete |
Enables the right to delete recording servers. To do this, you must also give the user delete permissions on:
Note: If any of the devices on the recording server contains evidence locks, you can only delete the recording server if it is offline. |
Manage hardware |
Enables the right to add hardware on recording servers. |
Manage storage |
Enables the right to administrate storage containers on recording server, that is to create, delete, move and empty storage containers. |
Authorize recording server |
Enables the right to authorize new recording servers. |
Manage security |
Enables the right to manage security permissions for recording servers. |
Failover Servers
The following settings are only available in XProtect Corporate.
Security right |
Description |
|---|---|
Full control |
Enables the right to manage all security entries on this part of the system. |
Read |
Enables the right to see and access failover servers in the Management Client. |
Edit |
Enables the right to create, update, delete, move, and enable/disable failover servers in the Management Client. |
Manage security |
Enables the right to manage security permissions for the failover servers. |
Mobile Servers
The following settings are only available in XProtect Corporate.
Security right |
Description |
|---|---|
Full control |
Enables the right to manage all security entries on this part of the system. |
Read |
Enables the right to see and access mobile servers in the Management Client. |
Edit |
Enables the right to edit and delete mobile servers in the Management Client. |
Manage security |
Enables the right to manage security permissions for the mobile servers. |
Create |
Enables the right to add mobile servers to the system. |
Hardware
The following settings are only available in XProtect Corporate.
Security right |
Description |
|---|---|
Full control |
Enables the right to manage all security entries on this part of the system. |
Edit |
Enables the right to edit properties on hardware. |
Delete |
Enables the right to delete hardware. Note: If any of the hardware devices contains evidence locks, you can only delete the hardware if the recording server is offline. |
Manage security |
Enables the right to manage security permissions for the hardware. |
Driver commands |
Enables the right to send special commands to the drivers and thereby control features and configuration on the device itself. Note: The Driver commands right is for special developed MIP plug-ins in the clients only. It does not control standard configuration tasks. |
Cameras
Security right |
Description |
XProtect Corporate |
|---|---|---|
Full control |
Enables the right to manage all security entries on this part of the system. |
|
Read |
Enables the right to view camera devices in the clients and the Management Client. |
|
Edit |
Enables the right to edit properties for cameras in the Management Client. It also enables users to enable or disable a camera. |
Only available |
View Live |
Enables the right to view live video from cameras in the clients and the Management Client. |
|
Playback |
Enables the right to play back recorded video from cameras in all clients. |
|
Retrieve remote recordings |
Enables the right to retrieve recordings in the clients from cameras on remotes sites or from edge storages on cameras. |
|
Read sequences |
Enables the right to read the sequence information related to, for example, the Sequence explorer in the clients. |
|
Smart search |
Enables the right to use the Smart search function in the clients. |
|
Export |
Enables the right to export recordings from the clients. |
|
Create bookmarks |
Enables the right to create bookmarks in recorded and live video in the clients. |
|
Read bookmarks |
Enables the right to search for and read bookmark details in the clients. |
|
Edit bookmarks |
Enables the right to edit bookmarks in the clients. |
|
Delete bookmarks |
Enables the right to delete bookmarks in the clients. |
|
Create and extend evidence locks |
Enables the right to create and extend evidence locks in the clients. |
Only available |
Read evidence locks |
Enables the right to search and read evidence locks in the clients. |
Only available |
Delete and reduce evidence locks |
Enables the right to delete or reduce evidence locks in the clients. |
Only available |
Start manual recording |
Enables the right to start manual recording of video in the clients. |
|
Stop manual recording |
Enables the right to stop manual recording of video in the clients. |
|
AUX commands |
Enables the right to use auxiliary (AUX) commands on the camera from the clients. AUX commands offer users the control of for example, wipers on a camera connected via a video server. Camera-associated devices connected via auxiliary connections are controlled from the client. |
|
Manual PTZ |
Enables the right to use PTZ functions on PTZ cameras in the clients and the Management Client. |
|
Activate PTZ presets or patrolling profile |
Enables the right to move PTZ cameras to preset positions, start and stop patrolling profiles, and pause a patrolling in the clients and the Management Client. To allow this role to use other PTZ functions on the camera, enable the Manual PTZ right. |
|
Manage PTZ presets or patrolling profiles |
Enables the right to add, edit and delete PTZ presets and patrolling profiles on PTZ cameras in the clients and the Management Client. To allow this role to use other PTZ functions on the camera, enable the Manual PTZ right. |
|
Lock/unlock PTZ presets |
Enables the right to lock and unlock PTZ presets in the Management Client. This prevents or allows other users to change preset positions in the clients and in the Management Client. |
Only available |
Reserve PTZ sessions |
Enables the right to set PTZ cameras in reserved PTZ session mode in the clients and the Management Client. In a reserved PTZ session other users with higher PTZ priority are not able to take over the control. To allow this role to use other PTZ functions on the camera, enable the Manual PTZ right. |
Only available |
Release PTZ sessions |
Enables the right to release other users' PTZ sessions from the Management Client. You can always release your own PTZ sessions - without this permission. |
Only available |
Delete recordings |
Enables the right to delete stored video recordings from the system via the Management Client. |
Only available |
Lift privacy masks |
Enables the right to temporarily lift privacy masks in XProtect Smart Client. It also enables the right to authorize other XProtect Smart Client users to lift privacy masks. Note: Lifting privacy masks only applies to privacy masks configured as liftable privacy masks in the Management Client. |
|
Manage security |
Enables the right to manage security permissions in the Management Client for the camera. |
Only available |
Microphones
Security right |
Description |
XProtect Corporate |
|---|---|---|
Full control |
Enables the right to manage all security entries on this part of the system. |
|
Read |
Enables the right to view microphone devices in the clients and the Management Client. |
|
Edit |
Enables the right to edit microphone properties in the Management Client. It also allows users to enable or disable microphones. |
Only available |
Listen |
Enables the right to listen to live audio from microphones in the clients and the Management Client. |
|
Playback |
Enables the right to play back recorded audio from microphones in the clients. |
|
Retrieve remote recordings |
Enables the right to retrieve recordings in the clients from microphones on remotes sites or from edge storages on cameras. |
|
Read sequences |
Enables the right to read the sequence information related to, for example, the Sequence explorer in the clients. |
|
Export |
Enables the right to export recordings from the clients. |
|
Create bookmarks |
Enables the right to create bookmarks in the clients. |
|
Read bookmarks |
Enables the right to search for and read bookmark details in the clients. |
|
Edit bookmarks |
Enables the right to edit bookmarks in the clients. |
|
Delete bookmarks |
Enables the right to delete bookmarks in the clients. |
|
Create and extend evidence locks |
Enables the right to create or extend evidence locks in the clients. |
Only available |
Read evidence locks |
Enables the right to search and read evidence lock details in the clients. |
Only available |
Delete and reduce evidence locks |
Enables the right to delete or reduce evidence locks in the clients. |
Only available |
Start manual recording |
Enables the right to start manual recording of audio in the clients. |
|
Stop manual recording |
Enables the right to stop manual recording of audio in the clients. |
|
Delete recordings |
Enables the right to delete stored recordings from the system. |
Only available |
Manage security |
Enables the right to manage security permissions in the Management Client for microphones. |
Only available |
Speakers
Security right |
Description |
XProtect Corporate |
|---|---|---|
Full control |
Enables the right to manage all security entries on this part of the system. |
|
Read |
Enables the right to view speaker devices in the clients and the Management Client. |
|
Edit |
Enables the right to edit properties for speakers in the Management Client. It also allows users to enable or disable speakers. |
Only available |
Listen |
Enables the right to listen to live audio from speakers in the clients and the Management Client. |
|
Speak |
Enables the right to speak through the speakers in the clients. |
|
Playback |
Enables the right to play back recorded audio from speakers in the clients. |
|
Retrieve remote recordings |
Enables the right to retrieve recordings in the clients from speakers on remotes sites or from edge storages on cameras. |
|
Read sequences |
Enables the right to use the Sequences feature while browsing recorded audio from speakers in the clients. |
|
Export |
Enables the right to export recorded audio from speakers in the clients. |
|
Create bookmarks |
Enables the right to create bookmarks in the clients. |
|
Read bookmarks |
Enables the right to search for and read bookmark details in the clients. |
|
Edit bookmarks |
Enables the right to edit bookmarks in the clients. |
|
Delete bookmarks |
Enables the right to delete bookmarks in the clients. |
|
Create and extend evidence locks |
Enables the right to create or extend evidence locks on recorded audio in the clients. |
Only available |
Read evidence locks |
Enables the right to view evidence locks on recorded audio in the clients. |
Only available |
Delete and reduce evidence locks |
Enables the right to delete or reduce evidence locks on recorded audio in the clients. |
Only available |
Start manual recording |
Enables the right to start manual recording of audio in the clients. |
|
Stop manual recording |
Enables the right to stop manual recording of audio in the clients. |
|
Delete recordings |
Enables the right to delete stored recordings from the system. |
Only available |
Manage security |
Enables the right to manage security permissions in the Management Client for speakers. |
Only available |
Metadata
Security right |
Description |
XProtect Corporate |
|---|---|---|
Full control |
Enables the right to manage all security entries on this part of the system. |
|
Read |
Enables the right to receive metadata in the clients. |
|
Edit |
Enables the right to edit metadata properties in the Management Client. It also allows users to enable or disable metadata devices. |
Only available |
Live |
Enables the right to receive live metadata from cameras in the clients. |
|
Playback |
Enables the right to play back recorded data from metadata devices in the clients. |
|
Retrieve remote recordings |
Enables the right to retrieve recordings in the clients from metadata devices on remotes sites or from edge storages on cameras. |
|
Read sequences |
Enables the right to read the sequence information related to, for example, the Sequence explorer in the clients. |
|
Export |
Enables the right to export recordings in the clients. |
|
Create and extend evidence locks |
Enables the right to create evidence locks in the clients. |
Only available |
Read evidence locks |
Enables the right to view evidence locks in the clients. |
Only available |
Delete and reduce evidence locks |
Enables the right to delete or reduce evidence locks in the clients. |
Only available |
Start manual recording |
Enables the right to start manual recording of metadata in the clients. |
|
Stop manual recording |
Enables the right to stop manual recording of metadata in the clients. |
|
Delete recordings |
Enables the right to delete stored recordings from the system. |
Only available |
Manage security |
Enables the right to manage security permissions in the Management Client for metadata. |
Only available |
Input
Security right |
Description |
XProtect Corporate |
|---|---|---|
Full control |
Enables the right to manage all security entries on this part of the system. |
Only available |
Read |
Enables the right to view input devices in the clients and the Management Client. |
|
Edit |
Enables the right to edit properties for input devices in the Management Client. It also enables users to enable or disable an input device. |
Only available |
Manage security |
Enables the right to manage security permissions in the Management Client for input devices. |
Only available |
Output
Security right |
Description |
XProtect Corporate |
|---|---|---|
Full control |
Enables the right to manage all security entries on this part of the system. |
|
Read |
Enables the right to view output devices in the clients. |
|
Edit |
Enables the right to edit properties for output devices in the Management Client. It also enables users to enable or disable an output device. |
Only available |
Activate |
Enables the right to activate outputs in the clients. |
|
Manage security |
Enables the right to manage security permissions in the Management Client for output devices. |
Only available |
Smart Wall
The following settings are only available in XProtect Expert and XProtect Corporate.
Security right |
Description |
XProtect Corporate |
|---|---|---|
Full control |
Enables the right to manage all security entries on this part of the system. |
|
Read |
Enables the right to view Smart Walls in the clients. |
|
Edit |
Enables the right to edit properties for the Smart Wall in the Management Client. |
Only available |
Delete |
Enables the right to delete existing Smart Walls in the Management Client. |
Only available |
Operate |
Enables the right to activate and modify Smart Walls, for example to change and activate presets or apply cameras on views in the clients and in the Management Client. |
|
Create Smart Wall |
Enables the right to create new Smart Walls in the Management Client. |
Only available |
Manage security |
Enables the right to manage security permissions in the Management Client for the Smart Wall. |
Only available |
Playback |
Enables the right to play back recorded data from within Smart Walls in the clients. |
|
View Groups
Security right |
Description |
XProtect Corporate |
|---|---|---|
Full control |
Enables the right to manage all security entries on this part of the system. |
|
Read |
Enables the right to view View Groups in the clients and in the Management Client. View groups are created in the Management Client. |
|
Edit |
Enables the right to edit properties on the View Groups in the Management Client. |
Only available |
Delete |
Enables the right to delete View Groups in the Management Client. |
|
Operate |
Enables the right to use View Groups in XProtect Smart Client, that is to create and delete subgroups and views. |
|
Create view group |
Enables the right to create View Groups in the Management Client. |
Only available |
Manage security |
Enables the right to manage security permissions in the Management Client for View Groups. |
Only available |
User-defined Events
Security right |
Description |
XProtect Corporate |
|---|---|---|
Full control |
Enables the right to manage all security entries on this part of the system. |
|
Read |
Enables the right to view user-defined events in the clients. |
|
Edit |
Enables the right to edit properties on user-defined events in the Management Client. |
Only available |
Delete |
Enables the right to delete user-defined events in the Management Client. |
Only available |
Trigger |
Enables the right to trigger user-defined events in the clients. |
|
Manage security |
Enables the right to manage security permissions in the Management Client for user-defined events. |
Only available |
Create user-defined event |
Enables the right to create new user-defined events in the Management Client. |
Only available |
Generic Events
The following settings are only available in XProtect Corporate.
Security right |
Description |
|---|---|
Full control |
Enables the right to manage all security entries on this part of the system. |
Read |
Enables the right to view generic events in the clients and the Management Client. |
Edit |
Enables the right to edit properties on generic events in the Management Client. |
Delete |
Enables the right to delete generic events in the Management Client. |
Manage security |
Enables the right to manage security permissions in the Management Client for generic events. |
Create |
Enables the right to create new generic events in the Management Client. |
Analytics Events
The following settings are only available in XProtect Corporate.
Security right |
Description |
|---|---|
Full control |
Enables the right to manage all security entries on this part of the system. |
Read |
Enables the right to view analytics events in the Management Client. |
Edit |
Enables the right to edit properties on analytics events in the Management Client. |
Delete |
Enables the right to delete analytics events in the Management Client. |
Create |
Enables the right to create new analytics events in the Management Client. |
Manage security |
Enables the right to manage security permissions in the Management Client for analytics events. |
Matrix
Security right |
Description |
XProtect Corporate |
|---|---|---|
Full control |
Enables the right to manage all security entries on this part of the system. |
Only available |
Read |
Enables the right to select and send video to the Matrix recipient from the clients. |
|
Edit |
Enables the right to edit properties for the Matrix's in the Management Client. |
Only available |
Delete |
Enables the right to delete Matrix's in the Management Client. |
Only available |
Create Matrix |
Enables the right to create new Matrix's in the Management Client. |
Only available |
Manage security |
Enables the right to manage security permissions in the Management Client for all Matrix's. |
Only available |
Rules
The following settings are only available in XProtect Corporate.
Security right |
Description |
|---|---|
Full control |
Enables the right to manage all security entries on this part of the system. |
Read |
Enables the right to view existing rules in the Management Client. |
Edit |
Enables the right to edit properties for rules and to define rule behavior in the Management Client. It also requires that the user has read permissions on all the devices that are impacted by the rule. |
Delete |
Enables the right to delete rules from the Management Client. It also requires that the user has read permissions on all devices that are impacted by the rule. |
Create rule |
Enables the right to create new rules in the Management Client. It also requires that the user has read permissions on all devices that are impacted by the rule. |
Manage security |
Enables the right to manage security permissions in the Management Client for all rules. |
Sites
The following settings are only available in XProtect Corporate.
Security right |
Description |
|---|---|
Full control |
Enables the right to manage all security entries on this part of the system. |
Read |
Enables the right to view other sites in the Management Client. Connected sites are connected via Milestone Federated Architecture. To edit properties, you need Edit permissions on the Management Server on each site. |
Manage security |
Enables the right to manage security permissions on all sites. |
Alarms
The following settings are only available in XProtect Corporate.
Security right |
Description |
|---|---|
Full control |
Enables the right to manage all security entries on this part of the system. |
Read |
Enables the right to view alarm definitions, alarm sounds, and alarm data settings in the Management Client. Note: Only when you set this to allowed, the Alarms and Events tab in the Options dialog appears. |
Edit |
Enables the right to edit properties for alarm definitions, alarm sounds, and alarm data settings in the Management Client. |
Delete |
Enables the right to delete alarm definitions in the Management Client. |
Manage security |
Enables the right to manage security permissions for alarms. |
Create |
Enables the right to create new alarm definitions in the Management Client. |
Access Control
The following settings are only available in XProtect Corporate.
Security right |
Description |
|---|---|
Full control |
Enables the right to manage all security entries on this part of the system. |
Read |
Enables the right to view properties for the Access Control systems in the Management Client. |
Edit |
Enables the right to edit properties for the Access Control systems in the Management Client. |
Delete |
Enables the right to delete Access Control systems in the Management Client. |
Create |
Enables the right to create new Access Control systems in the Management Client. |
Manage security |
Enables the right to manage security permissions for all Access Control systems. |
System Monitors
The following settings are only available in XProtect Expert and XProtect Corporate.
Security right |
Description |
|---|---|
Full control |
Enables the right to manage all security entries on this part of the system. |
Read |
Enables the right to view System Monitors in XProtect Smart Client. |
Edit |
Enables the right to edit properties for System Monitors in the Management Client. |
Manage security |
Enables the right to manage security permissions in the Management Client for all System Monitors. |
Transaction sources
Security right |
Description |
|---|---|
Full control |
Enables the right to manage all security entries on this part of the system. |
Read |
Enables the right to view properties for the Transaction sources in the Management Client. |
Edit |
Enables the right to edit properties for the Transaction sources in the Management Client. |
Delete |
Enables the right to delete Transaction sources in the Management Client. |
Create |
Enables the right to create new Transaction sources in the Management Client. |
Manage security |
Enables the right to manage security permissions in the Management Client for all Transaction sources. |
Transaction definitions
Security right |
Description |
|---|---|
Full control |
Enables the right to manage all security entries on this part of the system. |
Read |
Enables the right to view properties for the Transaction definitions in the Management Client. |
Edit |
Enables the right to edit properties for the Transaction definitions in the Management Client. |
Delete |
Enables the right to delete Transaction definitions in the Management Client. |
Create |
Enables the right to create new Transaction definitions in the Management Client. |
Manage security |
Enables the right to manage security permissions in the Management Client for all Transaction definitions. |
© 2018 Milestone Systems A/S