The User Group tab is used for user management. New users can be added, modified or removed and each user can be added to a specific user group. A user group is a group of users who share the same access rights and privileges. Example: each usergroup can have it’s own set of layouts it can access, or it’s own set of cameras (see devicegroup).
To add a user-group use the ’+’-button, give it an appropriate and unique name in the dialog. To remove an user-group use the ’-’-button.
The following privileges can be assigned:
Assigning privileges is done with drag and drop. For example to assign a device group, simply drag the devicegroup to the explorer and drop it on the user-group. To delete de device-group (or any other privilege) from the user-group use the ’delete’-key on your keyboard. Multiple items can be dragged and dropped at once. To select multiple items use CTRL-click (non-consecutive items) or shift-click (consecutive items).
Adding/modifying users To add a new user first select the ’Users’-tab and use the ’+’-button below the user list. In the dialog give the user a name, password and language. To remove a user use the ’-’-button. Double click on an existing user to change name or password.
When adding multi-layouts to an user-group the layouts contained in the multi-layout are automatically added. When a multi-layout is removed the contained layouts in the multi-layout are not removed from the user-group. Layouts have to be removed manually with the ’delete’-key on your keyboard.
When an user logs in, the ’user-server’ checks name and password, does a lookup of all privileges and returns all assigned device-groups, (multi-)layouts and settings back to the Sense. The user only has access to these privileges. When the ’administrator’ logs in all privileges are send back to the Sense and thus the ’administrator’ has always full control.
It is recommended to change the default administrator password.
The default administrator password is ’!DVadmin’ (without the quotes).
The following user functions can be assigned as an user privilege:
Live access The user can view live and playback video, switch layouts, etc. A usergroup with Live access will have all Livemenu options available unless one or more of the Livemenu functions have been added.
Server management The user is allowed to view servers, devices, profiles, etc. with read-only rights. The following setup tabs are available: ’Servers’, ’Devices’, ’Profiles’, ’Calendar’, ’Server macros’, ’POS’ and ’Statistics’.
Viewer management The user is allowed to change layouts, add layouts and multi-layouts, etc. The following setup tabs are available: ’Layouts’, ’Monitors’ and ’Viewer macros’.
PTZ control The user is allowed to operate PTZ devices. A dialog to set the PTZ priority will appear when dragging this setting in an user group. This determines the priotity of PTZ control for users in this usergroup. A higher number means a higher priority. If a user with a higher priority tries to use a dome which is currently used by a user with lower priority, it will be able to use the dome instantly and it will block PTZ command for the low priotiy user for 60 seconds. PTZ Control also allows the user to start and stop Tours and traces
PTZ Store Preset Control The user is allowed to store or overwrite presets
PTZ Tours Control The user is allowed to edit tours
PTZ Trace Control The user is allowed to edit trace
Event list Control The user is allowed to control the behavior of the event list.
Audio Control The user is allowed to hear audio from live and playback audio streams.
Export Control The user is allowed to export video.
Export Image Control The user is allowed to export an image to a PDF file.
Keep Layout Changes Hold layout changes while switching between layouts.
Live menu Multi Layouts Enable the Multi Layouts-item in the Livemenu.
Livemenu Layouts Enable the Layouts-item in the Livemenu.
Livemenu FixedLayouts Enable the Fixed Layouts-item in the Livemenu.
Livemenu Cameras Enable the Cameras-item in the Livemenu.
Livemenu Monitors Enable the Monitors-item in the Livemenu.
Livemenu Camera Sequence Enable the Camera Sequence-item in the Livemenu.
Livemenu Events Enable the Systems Events-item in the Livemenu.
API Access Add this option if users are allowed to view cameras via the HTTP API, IOS app, Android app or Sense Webpage. Without this privilige you are able to login to VDG Sense, but no devices will be displayed.
*Note: If a usergroup has “Live Access”, it will have access to all of the Livemenu features. If one or more of the Livemenu functions has been added to the usergroup, the usergroup will only have access to the given functions.
The Identity Provider button opens the dialog to configure an Identity Provider using Keycloak integration. This is used to import users from Active Directory or other identidy provider configured in Keycloak.
The following dialog is opened:
Token URI: It is recommended to run Keycloak on the management server do the host is 127.0.0.1 by default using port 8080 (default for keycloak). This URI is to get an access token for the 'realm' (bold) configured in keycloak. This can be different depending on keycloak configuration:
Query URI: It is recommended to run Keycloak on the management server do the host is 127.0.0.1 by default using port 8080 (default for keycloak). This URI is to retrieve the users in the 'realm' (bold) configured in keycloak. This can be different depending on keycloak configuration:
Client Secret: Client Secret configured in keycloak for the Client ID
If these settings are configured correctly the '+' button to add user will have an extra option to add users from the identity provider:
Selecting ‘Identity Provider' will open the following dialog:
These are the users available in Keycloak which could be added to the VDG Sense userlist. Double-click on a user will add the user to the userlist:
It is in bold to highlight that this user is from an external identity provider. These users can also be added to user groups just like normal VDG Sense users. Password cannot be changed because that is defined within the Identity Provider. It can be given administrator rights if required.