Creating a New Access Role

Access roles are assigned to users to allow access to physical locations within a site through the use of areas, doors and floors. They generally do not have permissions to access Sonitrol CORE.

Before creating an access role, make sure that the doors, areas, floors and schedules that will be assigned to the role have been configured. Then assign access to the role for those that are appropriate.

1. Click Users on the left navigation pane.
2. Click the Roles tab.
3. Expand the Access Role option.

4. Click Add Access Role.

5. In the Add Access Role page, complete the details for the access role.

   Field	Description
   Role Name	Enter a name for the access role.
   Tags	Click Add Tag to include metadata for this access role.
   Organization	If the default Organization displayed is incorrect, click x at the end of the field to search for and select the correct organization from the list. The organization associated with a role cannot be changed after the role is created. You can have the same role associated with different organizations, as needed.
   Door Permissions
   	Click Assign a door, to find and select a door that users with this role can access. Click Assign to this role on the selected door tile. Click the Schedule tab to find and select a schedule to associate with the door for this role. Click Done.
   Area Permissions
   	Click Assign an area, to find and select an area that users with this role can access. Click Assign to this role on the selected area tile. Click the Schedule tab to find and select a schedule to associate with the area for this role. Click Done.
   Floor Permissions
   	Click Assign a floor, to find and select a floor that users with this role can access. Click Assign to this role on the selected floor tile. Click the Schedule tab to find and select a schedule to associate with the floor for this role. Click Done.

6. Select one of the configured Permissions for this access role, from the drop-down list. This permission defines the actions that a user with this access role is authorized to perform from an alarm keypad. These functions are further limited to the time schedule, doors, and alarm areas defined for the role.

   For information about keypad actions allowed for each permission type, see Keypad actions and permissions matrix.

   If Custom is selected, then Custom Permissions must be chosen.

7. Select the Role Type from the drop-down list.

   The available options are:

   Role Type	Description
   Normal	User can manage alarm keypad by permissions. The user has limited ability to configure users and change their own PIN.
   Custom 1 and Custom 2	User has access to specific areas. For example, external staff, carriers and cleaning staff.
   Engineering	User has full control of the S1000 Controller configuration but cannot login to system until it is in disarm state.
   Staff	User has programmable access and operational privileges used by general staff.
   Guard	User has limited access to programmed times and to points isolated for Guard type users.
   ATM	User has limited access to programmed times and to points isolated for ATM type users.
   Cleaner	User has limited access to programmed times and to points isolated for Cleaner type users.
   Duress	Used by staff when under threat, or other unusual circumstance, to discretely notify the system with a "duress alarm", without any obvious signs to an observer. Allows access to any alarm area controlled by the keypad and at any time.

8. Select the role Sub Type to further refine the type of this role. Access role sub-types can be used for counting user sub-type presence in an area and to manage access if a certain user count is reached.

9. Turn on the Supervisor toggle if the role is to have supervisor privileges for areas that require supervisor access.

   When a supervisor is required, non-supervisor users cannot enter an area unless a supervisor is already present in the area.

   For information about setting up access control modes and alarm modes, see Access Control Modes and Alarm Area Modes.

10. Turn on the Executive toggle if the user is to have executive privileges.

    A user with executive privileges is able to gain access through any card reader at any time, provided that they have site access. They have full control of the systems areas and door access. This role overrides the user’s antipassback state. Access schedule restrictions do not apply.

11. Turn on the Bluetooth User toggle if this user is to have privileges to log in to the S1000 Controller over Bluetooth using Sonitrol CORE Setup App or Sonitrol CORE Manager App.

    Tip: Typically, users with Engineering role require Bluetooth user privileges.

12. Turn on the Legacy All Area Logon toggle to allow users to Set/Unset all assigned areas when unsetting their first area.

    Tip: This configuration can be used for 99 alarm users in PACOM 8002 controllers connected through the S1000 communicator.

13. Turn on the Legacy Access Control toggle to enable users signing on to menu mode to have access control privileges.

    Tip: This configuration can be used for 99 alarm users in PACOM 8002 controllers connected through the S1000 communicator.

14. Turn on the Legacy Camera and Isolation toggle to allow users to access camera management functions from the keypad or to allow users to isolate points in alarm.

    Tip: This configuration can be used for 99 alarm users in PACOM 8002 controllers connected through the S1000 communicator.

15. Click Add New to include Steps that the user must complete so as to comply with the access role.

    1. On the Add Step dialog box, select the certification Type that must be obtained by the user.
    2. Select if the Pre-requisite is Required or Optional.
    3. Click Add Step.
    4. Continue to add more pre-requisites as needed.

    5. To make changes to a pre-requisite. click Edit for that pre-requisite. Select if the pre-requisite is Required or Optional. Click Update.

    6. To delete a pre-requisite, click Delete in the Steps section, then click x for the pre-requisite that is to be removed. Then click End Delete.

16. Click Create.