Boring Toolbox has some very powerful configuration features but there are times when you would like to allow operations teams access to the dashboard and reporting but limit their abilities to make changes on the Milestone XProtect system.
Since Boring Toolbox is so tightly integrated with Milestone, you can limit users' ability to write to Milestone using XProtect roles. Note: This feature only works with XProtect Corporate.
Create a Role for Boring Toolbox Read-Only access in XProtect
- Log into XProtect Management Client
- Right-click on Security > Roles
- Click Add Role...
- Name your new role (ie: Boring Read-Only)
- Click OK
Configure the Role for Read-Only
- Click on the new role
- Click on the Overall Security tab
- Set the rights on each of the categories below based on the scree-grabs
Management Server
Recording Server
Failover Server
Hardware
Cameras
Microphones
Speakers
Metadata
Input
Output
Smart Wall
View Groups
User Defined Events
Analytic Events
Generic Events
Matrix
Rules
Sites
System Monitor
Alarms
Server Logs
Verify that read-only is working
Dashboard
The dashboard continues to work as expected.
Device Groups
- Adding a new device group, the application looks as if the new device group is added in the app but it is not saving to Milestone. If you click Reload Site in the Boring Toolbox, you will see that the device group disappears.
- For the below actions, the application will not throw an error, but no changes will actually be made to Milestone.
- Adding group members
- Deleting device groups
- Creating auto-groups
- Renaming groups, we get an access denied error.
- Known issue: When deleting group members from a restricted user, the application will crash.
Hardware
- Enabling or disabling HTTPS, an error, "Unable to access or set hardware settings. Unable to access or set hardware settings", will be presented.
- For the below actions, the application will not throw an error, but no changes will actually be made to Milestone.
- Enabling and disabling hardware and devices
- Renaming hardware and devices
- Changing settings
- Changing IP addresses
- Delete hardware will look as if the application is deleting the hardware, but it is not. Press Reload Site, and the hardware will re-appear in the tree.
Camera Video Access in Hardware Details
Access to video is restricted based on the security settings in Milestone.
- If the role is not permitted to Read the device, then No Video will be presented in the details pane.
Password manager
The password manager will not work in this restricted role.
- Toggle visibility and change password, will present an error that passwords can not be read.
Reporting
- Snapshots
- If the restricted role does not have Read & View Live for a device, a snapshot will not be shown, and the error Unable to connect to camera will be presented instead.
- Retention
- If the restricted role does not have access to the Playback of a device, then retention will show a Timeout of 5 seconds reached
Comments
0 comments
Please sign in to leave a comment.