Delegation
Officers and capacities
The people involved with the administration of a system are referred to as officers. An officer can have one or more of the following capacities:
- System owner
- Create and edit organizations
- Create and edit new officers
- Assign officers to be system owners, organization owners, and administrators
- Organization owner (for one or more organizations)
- Edit organization
- Create and edit new officers
- Assign officers to be organization owners, and administrators
- Administrator (for one or more organizations)
- Monitor events
- Manage access rights, i.e. doors, users, devices, schedules...
- Configure door groups and hardware
Administrator views
The administrator GUI is separated into three different views that mirror the capacities system owner, organization owner, and administrator. For a large installation, these may be used by different people. For a smaller installation, it is likely that the same person(s) will use all three views, but for different things.
System owner
This view is accessible to officers with the system owner capacity, and is available at:
https://access.telcred.com/sys
When creating a new organization, the system owner specifies the default time zone (can be changed for individual door controllers). In the same screen, the system owner can assign officers to be organization owners and / or administrators.
The system owner can also appoint other officers to be system owners. This is done when creating or editing an officer. In the same screen it is also possible to assign the officer to be organization owner for one or more organizations:
Telcred Access Manager supports two-factor authentication for officer login and we highly recommend to use it. The only method currently supported is Yubikey OTP (One Time Password). More information about two-factor authentication can be found here.
An officer can be temporarily blocked, in which case he or she will not be allowed to login.
Organization owner
This view is accessible to officers with the organization owner capacity, and is available at:
https://access.telcred.com/org
An organization owner can edit the organization name and default time zone, and assign officers to be organization owners and / or administrators (for the current organization). Assigning officers can be done when updating the organization information OR when creating or editing officers:
Administrator
This is the normal administrator view, where an officer with the administrator capacity can add new users, assign access rights to users, etc. This view is available at:
Switching between organizations
One officer can be administrator or organization owner in several organizations. In this case, the officer can switch between organizations using the selector at the top of the screen:
Sharing between organizations
Privilege sharing
With delegation, each organization can manage their own users, doors, and access rights. However, it is common that users belonging to one organization need access rights to doors belonging to another organization. For example, in an office building with tenants, all tenants need access to the entrance doors to the building, as well as garages, and elevators.
Telcred solves this problem through privilege sharing. The administrator of a door can create a privilege which provides access to that door, and then share it with one or more of the other organizations. The administrator(s) of those organization can then assign this privilege to their own users.
Privilege sharing enables fine-grained control of when, how, and by whom doors can be accessed. For example, the building owner may want to share the door to a common storage room with all the tenants, but only during office hours, while the same door should be available for the security company at all times.
User sharing
User sharing solves another use case, namely when a user belonging to one organization often needs access to doors belonging to another organization. For example, the building owner can create a user for service staff and then share this user with all the tenants. This allows the tenants to maintain control of when service staff can access their premises.