Difference between revisions of "Access Control"

From HSYCO
Jump to navigation Jump to search
 
(35 intermediate revisions by 3 users not shown)
Line 21: Line 21:
  
 
To create a new area, press the "+" button and provide a unique name.
 
To create a new area, press the "+" button and provide a unique name.
 +
 +
You can assign a camera to an area.
  
 
To edit, remove, disable or re-enable an area, click on the corresponding entry in the list. Disabling an area means temporarily blocking the access to all users to all the doors belonging to the area, until re-enabled. If an area is not enabled, the corresponding entry in the list will be grayed out.
 
To edit, remove, disable or re-enable an area, click on the corresponding entry in the list. Disabling an area means temporarily blocking the access to all users to all the doors belonging to the area, until re-enabled. If an area is not enabled, the corresponding entry in the list will be grayed out.
Line 32: Line 34:
 
* '''ID''': the ID assigned to the corresponding I/O Server. Cannot be modified.
 
* '''ID''': the ID assigned to the corresponding I/O Server. Cannot be modified.
 
* '''Enabled''': if unchecked the module is disabled.
 
* '''Enabled''': if unchecked the module is disabled.
* '''Stand-alone''': (only Iono Pi modules) check this option to save the access rules on the module itself so that it will continue working even if not connected to HSYCO.
+
* '''Stand-alone''': (only Iono Pi modules) check this option to save the access rules and the entire I/O configuration on the module itself so that it will continue working even if not connected to HSYCO.
  
 
* '''Type''':  
 
* '''Type''':  
Line 46: Line 48:
 
* '''Card and Pin''': users use cards in combination with pin codes to access from this reader.
 
* '''Card and Pin''': users use cards in combination with pin codes to access from this reader.
 
* '''Card or Pin''': users use cards or pin codes to access from this reader.
 
* '''Card or Pin''': users use cards or pin codes to access from this reader.
 +
 +
You can assign a camera to each door of the module.
 +
 +
==== Iono Pi I/O Configuration ====
 +
You can configure inputs (digital and analog) and open collectors on Iono Pi module as it follows:
 +
*'''in: grant access''': when the corresponding input is high (or low, if inverted) the door associated to that input will be granted
 +
*'''in: door contact''': used to associate a door contact sensor to an input. You can associate a door alarm timeout to the corresponding door (the alarm timeout use is explained in the section '''Iono Pi Alarms''')
 +
*'''out: led''' (only for open collectors): used to command a led with the corresponding open collector
 +
 +
You can set door open timeout (this will affect the opening time of the relays to which doors are associated).
 +
 +
If you configure an input (digital or analog) as '''in: door contact''' you can set a door alarm timeout, when this timeout expires Hsyco will generate the alarm '''Alarm door left open'''
 +
 +
If you flag the option '''Clock sync''' (available only in standalone mode) Iono Pi will synchronise its date/time with Hsyco
 +
 +
[[File:plugin_access_control_ionopi_config.png|border|600px]]
 +
 +
Example of Iono Pi module configuration
 +
 +
==== Iono Pi Alarms ====
 +
If you have configured an input (digital or analog) on Iono Pi module as '''in: door contact''' Hsyco can generate two types of alarm:
 +
*'''Alarm door forced''': generated when the corresponding door is opened without being granted
 +
*'''Alarm door left open''': generated when the door alarm timeout is set. If the corresponding door is opened (after being granted) then that door must be closed before the timeout expire or Hsyco will generate this alarm
 +
 +
Those alarms are written in the logs and generate USER events as reported down in section '''Events'''
  
 
=== System access ===
 
=== System access ===
Line 54: Line 81:
  
 
The '''Max delay between card and pin''' option allows to specify how much time can elapse between the reading of a card and the inputting of the pin code for readers with typology "Card and Pin".
 
The '''Max delay between card and pin''' option allows to specify how much time can elapse between the reading of a card and the inputting of the pin code for readers with typology "Card and Pin".
 +
 +
The '''Camera recording time''' option allows to specify the recording time (in seconds) of all cameras. This value can't be less than 5 seconds, by default it is 10 seconds.
  
 
=== Backup ===
 
=== Backup ===
Line 90: Line 119:
  
 
An open door will be of yellow color in the list, while doors with active alarms will be of red color.
 
An open door will be of yellow color in the list, while doors with active alarms will be of red color.
 +
 +
If a camera is set for the specified door the corresponding live view of that camera is shown. If a camera is not set for the specified door but a camera is set for the corresponding area of the specified door then a live view of that camera is shown.
 +
 +
== Camera recordings ==
 +
 +
In the configuration page you can assign cameras to areas and/or doors.
 +
 +
If a camera is assigned to a specified door a video will be recorded for every access attempt on that door. If there's no camera assigned to a specific door but a camera is assigned to an area then for every access attempt on each door associated with that area a video will be recorded.
  
 
== Logs  ==
 
== Logs  ==
 
[[File:plugin_access_control_hid_log.png|border|600px]]
 
[[File:plugin_access_control_hid_log.png|border|600px]]
  
In this page the last 1000 system events are reported.
+
In this page the last 1000 system events are reported. If an event was recorded by a camera a white symbol of a camera appears near the date and you can click on that event to open a popup showing the recorded video, as shown in the image below.
 +
 
 +
[[File:plugin_access_control_hid_log_camera.png|border|600px]]
  
 
It is possible to filter the entries clicking on the magnifier icon end setting the desired criteria.
 
It is possible to filter the entries clicking on the magnifier icon end setting the desired criteria.
Line 115: Line 154:
 
When a user is denied access the following USER events are triggered:
 
When a user is denied access the following USER events are triggered:
 
<pre>
 
<pre>
access.granted.door.<module_id> = <group_name_if_available_or_empty_string>
+
access.denied.door.<module_id> = <group_name_if_available_or_empty_string>
access.granted.area.<area_name> = <group_name_if_available_or_empty_string>
+
access.denied.area.<area_name> = <group_name_if_available_or_empty_string>
 +
</pre>
 +
 
 +
When Hsyco generates the alarm '''Alarm door forced''' the following USER events are triggered:
 +
<pre>
 +
access.alarm.<module_id>.<1,2> = <door forced>
 +
access.alarm.<area_name> = <door forced>
 +
</pre>
 +
 
 +
When Hsyco generates the alarm '''Alarm door left open''' the following USER events are triggered:
 +
<pre>
 +
access.alarm.<module_id>.<1,2> = <door left open>
 +
access.alarm.<area_name> = <door left open>
 +
</pre>
 +
 
 +
In correspondence of user start date/time Hsyco will generate the following USER event:
 +
<pre>
 +
access.user.startperiod = <user_name>
 +
</pre>
 +
 
 +
In correspondence of user end date/time Hsyco will generate the following USER event:
 +
<pre>
 +
access.user.endperiod = <user_name>
 +
</pre>
 +
 
 +
== USER commands ==
 +
You can generate custom logs to the Access Control with the following user command:
 +
<pre>
 +
USER "acsctrl.customlog" = "<door_name>;<area_name>;<message>"
 +
</pre>
 +
 
 +
You can send a grant command to a door with the following user command:
 +
<pre>
 +
USER "acsctrl.manualgrant" = "<module_name>.<door_number>"
 +
</pre>
 +
 
 +
You can simulate inputs status change with the following user command (not working in standalone mode):
 +
<pre>
 +
USER "acsctrl.iomock.<module_id>.<di4,di5,di6,ai1,ai2>" = <0,1,analog_value>
 
</pre>
 
</pre>
 +
 +
You can simulate Wiegand reader events with the following user commands (not working in standalone mode):
 +
<pre>
 +
USER "acsctrl.readermock.<module_id>.wiegand.<1,2>" = "<val>"    //if option "wiegandbits" of Iono Pi I/O Server is set to false
 +
USER "acsctrl.readermock.<module_id>.wiegand.<1,2>" = "<bits>/<val>"    //if option "wiegandbits" of Iono Pi I/O Server is set to true
 +
</pre>
 +
 +
You can use variables to programmatically disable/enable an user.
 +
 +
<pre>
 +
USER "acsctrl.user.<user_id>" = "<0,1>"
 +
</pre>
 +
 +
Where "1" enable an user, while "0" disable an user.
 +
 +
== Status variables  ==
 +
When Hsyco generates the alarm '''Alarm door forced''' the following variables are set:
 +
<pre>
 +
$access.alarm.forced.<module_id>.<doorNum> = <0,1>
 +
$access.alarm.forced.<area_name>.<doorNum> = <0,1>       
 +
</pre>
 +
 +
When Hsyco generates the alarm '''Alarm door held''' the following variables are set:
 +
<pre>
 +
$access.alarm.held.<module_id>.<doorNum> = <0,1>
 +
$access.alarm.held.<area_name>.<doorNum> = <0,1>
 +
</pre>
 +
 +
== Control variables  ==
 +
You can use variables to programmatically disable groups. To this end set the corresponding variable to '0':
 +
<pre>
 +
$access.group.<group_name>.enabled = 0
 +
</pre>
 +
In the above code <group_name> must be set to the name of the group (case insensitive) with spaces replaced by '_'.
 +
 +
For instance, to disable "My Group":
 +
<pre>
 +
$access.group.my_group.enabled = 0
 +
</pre>
 +
 +
Any value other than '0' assigned to the variable will be ignored.

Latest revision as of 14:01, 11 July 2023

This plugin lets you manage an access control installation with Iono Pi (with any Wiegand keypad/card-reader) and/or HID modules.

Before using the plugin, configure all the needed I/O Servers and make sure they all communicate correctly with HSYCO. No user configuration will be needed on HID devices since the access rules are stored and managed by HSYCO.

To view the access control interface go to the URL of the "access" project on your server; for instance https://192.168.0.50/hsycoserver/access.

From the main page you can access the different sections:

Plugin access control hid menu.png


Configuration

To configure the installation go to the configuration page by clicking on the icon in the bottom-right corner.

Plugin access control hid config.png

This page lists all the defined areas and the detected modules.

Areas

An area represents a set of modules (doors) which share the same access rules.

To create a new area, press the "+" button and provide a unique name.

You can assign a camera to an area.

To edit, remove, disable or re-enable an area, click on the corresponding entry in the list. Disabling an area means temporarily blocking the access to all users to all the doors belonging to the area, until re-enabled. If an area is not enabled, the corresponding entry in the list will be grayed out.

Modules

All the detected modules are shown in this list. If an entry appears of red color, it means that HSYCO cannot connect to the module.

Clicking on an entry in the list it is possible to access and edit its configuration:

  • ID: the ID assigned to the corresponding I/O Server. Cannot be modified.
  • Enabled: if unchecked the module is disabled.
  • Stand-alone: (only Iono Pi modules) check this option to save the access rules and the entire I/O configuration on the module itself so that it will continue working even if not connected to HSYCO.
  • Type:
    • Single: This module controls a single door with a single keypad.
    • Entrance/Exit: This module controls a single door with 2 keypads, one for entrance and one for exit.
    • Two doors: This module has two keypads controlling two different doors.
    • Programmer: This module will not be used to control an entrance; instead, it will be used by the application as card reader to assign cards to users.
    • Two Programmers: This module is connected to 2 readers used as programmers

Depending on the type, for each door assign a descriptive name and an area the door belongs to and for each reader specify its mode:

  • Card: users only use cards to access from this reader.
  • Pin: users only use pin codes to access from this reader.
  • Card and Pin: users use cards in combination with pin codes to access from this reader.
  • Card or Pin: users use cards or pin codes to access from this reader.

You can assign a camera to each door of the module.

Iono Pi I/O Configuration

You can configure inputs (digital and analog) and open collectors on Iono Pi module as it follows:

  • in: grant access: when the corresponding input is high (or low, if inverted) the door associated to that input will be granted
  • in: door contact: used to associate a door contact sensor to an input. You can associate a door alarm timeout to the corresponding door (the alarm timeout use is explained in the section Iono Pi Alarms)
  • out: led (only for open collectors): used to command a led with the corresponding open collector

You can set door open timeout (this will affect the opening time of the relays to which doors are associated).

If you configure an input (digital or analog) as in: door contact you can set a door alarm timeout, when this timeout expires Hsyco will generate the alarm Alarm door left open

If you flag the option Clock sync (available only in standalone mode) Iono Pi will synchronise its date/time with Hsyco

Plugin access control ionopi config.png

Example of Iono Pi module configuration

Iono Pi Alarms

If you have configured an input (digital or analog) on Iono Pi module as in: door contact Hsyco can generate two types of alarm:

  • Alarm door forced: generated when the corresponding door is opened without being granted
  • Alarm door left open: generated when the door alarm timeout is set. If the corresponding door is opened (after being granted) then that door must be closed before the timeout expire or Hsyco will generate this alarm

Those alarms are written in the logs and generate USER events as reported down in section Events

System access

The System Users and Permissions buttons allow to manage the system users who will use the access control application and specify which functionalities to allow/deny to each user.

Installation settings

The Facility code can be set to the facility code of the used cards or to 0 to disable facility code checking; useful in case cards with different facility codes are used in the same installation.

The Max delay between card and pin option allows to specify how much time can elapse between the reading of a card and the inputting of the pin code for readers with typology "Card and Pin".

The Camera recording time option allows to specify the recording time (in seconds) of all cameras. This value can't be less than 5 seconds, by default it is 10 seconds.

Backup

The Backup button gives access to the list of previously saved backups and allows to create a backup of the current configuration.

User Groups

Plugin access control hid groups.png

This page lists all defined user groups and their access rules.

To create a new group click on the "+" button at the bottom of the list. Set a descriptive name, select the areas accessible by this group and specify the daily schedules.

The "Enabled" option, if unchecked, disables the access for all the users belonging to this group.

The "Special dates" link takes you to a page where you can define exceptional dates on which the access rules are different from the daily schedules set in the user groups page. Each rule will be applied only to the groups selected in the corresponding field, for the groups not selected the normal daily schedule will apply.

Plugin access control hid spec dates.png

Users

Plugin access control hid users.png

This page lists the users of the facility divided by groups. Select a user group to see the users belonging to it.

To add a user, select the user group to add it to and click on the "+" button. Then, enter the user name, optionally add a start and/or end date for the user to be active and specify the corresponding card number and/or pin code. If programmer modules are available it will be possible to use them to read the card numbers.

Unchecking the "Enabled" option will deny the access of the user to all areas until re-enabled.

To permanently remove a user, select the corresponding entry in the list, click on the "-" button and confirm the operation.

Doors status

Plugin access control hid doors.png

This section lists all the detected doors connected to the system. Select an entry to check its status or to send commands.

An open door will be of yellow color in the list, while doors with active alarms will be of red color.

If a camera is set for the specified door the corresponding live view of that camera is shown. If a camera is not set for the specified door but a camera is set for the corresponding area of the specified door then a live view of that camera is shown.

Camera recordings

In the configuration page you can assign cameras to areas and/or doors.

If a camera is assigned to a specified door a video will be recorded for every access attempt on that door. If there's no camera assigned to a specific door but a camera is assigned to an area then for every access attempt on each door associated with that area a video will be recorded.

Logs

Plugin access control hid log.png

In this page the last 1000 system events are reported. If an event was recorded by a camera a white symbol of a camera appears near the date and you can click on that event to open a popup showing the recorded video, as shown in the image below.

Plugin access control hid log camera.png

It is possible to filter the entries clicking on the magnifier icon end setting the desired criteria.

Plugin access control hid log search.png

The result entries can be exported via e-mail.

Log entries are also permanently saved in CSV format in files contained in the directory "access_ctrl/logs" in the HSYCO root on the server.

Events

The application generates USER events that can be used to add custom logic to access events.

When a user is granted access the following USER events are triggered:

access.granted.door.<module_id> = <group_name>
access.granted.area.<area_name> = <group_name>

When a user is denied access the following USER events are triggered:

access.denied.door.<module_id> = <group_name_if_available_or_empty_string>
access.denied.area.<area_name> = <group_name_if_available_or_empty_string>

When Hsyco generates the alarm Alarm door forced the following USER events are triggered:

access.alarm.<module_id>.<1,2> = <door forced>
access.alarm.<area_name> = <door forced>

When Hsyco generates the alarm Alarm door left open the following USER events are triggered:

access.alarm.<module_id>.<1,2> = <door left open>
access.alarm.<area_name> = <door left open>

In correspondence of user start date/time Hsyco will generate the following USER event:

access.user.startperiod = <user_name>

In correspondence of user end date/time Hsyco will generate the following USER event:

access.user.endperiod = <user_name>

USER commands

You can generate custom logs to the Access Control with the following user command:

USER "acsctrl.customlog" = "<door_name>;<area_name>;<message>"

You can send a grant command to a door with the following user command:

USER "acsctrl.manualgrant" = "<module_name>.<door_number>"

You can simulate inputs status change with the following user command (not working in standalone mode):

USER "acsctrl.iomock.<module_id>.<di4,di5,di6,ai1,ai2>" = <0,1,analog_value>

You can simulate Wiegand reader events with the following user commands (not working in standalone mode):

USER "acsctrl.readermock.<module_id>.wiegand.<1,2>" = "<val>"    //if option "wiegandbits" of Iono Pi I/O Server is set to false
USER "acsctrl.readermock.<module_id>.wiegand.<1,2>" = "<bits>/<val>"    //if option "wiegandbits" of Iono Pi I/O Server is set to true

You can use variables to programmatically disable/enable an user.

USER "acsctrl.user.<user_id>" = "<0,1>"

Where "1" enable an user, while "0" disable an user.

Status variables

When Hsyco generates the alarm Alarm door forced the following variables are set:

$access.alarm.forced.<module_id>.<doorNum> = <0,1>
$access.alarm.forced.<area_name>.<doorNum> = <0,1>        

When Hsyco generates the alarm Alarm door held the following variables are set:

$access.alarm.held.<module_id>.<doorNum> = <0,1>
$access.alarm.held.<area_name>.<doorNum> = <0,1>

Control variables

You can use variables to programmatically disable groups. To this end set the corresponding variable to '0':

$access.group.<group_name>.enabled = 0

In the above code <group_name> must be set to the name of the group (case insensitive) with spaces replaced by '_'.

For instance, to disable "My Group":

$access.group.my_group.enabled = 0

Any value other than '0' assigned to the variable will be ignored.