Assign Access Levels to Cardholders
advertisement
McGill University WORKING WITH YOU FOR A SAFE COMMUNITY lenel.security@mcgill.ca September 10, 2006 1 Table of Contents Area Access Manager Overview ..................................................................... 3 McGill Security Services ................................................................................. 3 Cardholders ...................................................................................................... 3 Access Levels .................................................................................................. 3 Batch Loading .................................................................................................. 4 Card Readers .................................................................................................... 4 PINs.................................................................................................................. 4 Blank Proximity Cards .................................................................................... 4 Reports ............................................................................................................. 4 Questions and Assistance ................................................................................ 4 Getting Started ................................................................................................. 5 Logging On ...................................................................................................... 5 Log On to Windows Server 2003 .................................................................... 5 Area Access Manager Password Change ........................................................ 6 Area Access Manager Main Window ............................................................. 7 Procedures ........................................................................................................ 8 View Access Level Assignments .................................................................... 8 Remove Access Levels from Cardholders ...................................................... 9 Assign Access Levels to Cardholders ............................................................. 8 Personal Information Window ...................................................................... 11 Logging Off ................................................................................................... 12 Appendix – Batch Loading of Access Levels ............................................... 14 Batch Loading - Access Levels Form ........................................................... 15 This Area Access Manager User Guide was revised by McGill University, ISR/Banner Training and Documentation Services. This user guide is based on the LENEL OnGuard® 2005 Area Access Manager User Guide, product version 5.11.214. This guide is part 2 of a 2-document suite, item number DOC-800, revision 15, September 2002 Copyright © 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002 & 2005 LENEL Systems International, Inc. 2 Area Access Manager Overview The LENEL OnGuard® 2005 Area Access Manager Application allows for the performance of the following two functions: 1. Assigning access levels to cardholders. 2. Removing access level assignments from cardholders. Note: Area Access Managers alone are responsible for this; with the exception of batch loading, do not contact Security Services to assign or remove access. Also note that at least two Area Access Managers are required for each card reader, in case the primary Area Access Manager is unavailable. McGill Security Services McGill Security Services is responsible for the set up of cardholders and access levels available for selection with the Area Access Manager application. An exchange of data is made between Banner and LENEL on a daily basis to ensure that both systems are up to date. The data exchanged includes information on staff and students including the picture taken when the ID badge was created. Area Access Managers should report any missing records or problems accessing their system account to McGill Security Services (398-4562). Cardholders Cardholders are students or staff who have badges (McGill ID cards or blank proximity cards) that are active in the LENEL database. Access Levels Area Access Managers are assigned appropriate Access Levels for the card readers under their responsibility. There can be more than one Access Level per card reader based on different time periods. For example, Wilson Hall has the following levels: Wilson Hall Access Always Wilson Hall Access 06h00-23h00 Access levels are assigned and/or removed nightly via batch uploads from Banner. See Appendix – Batch Loading of Access Levels for information. 3 Batch Loading Batch loading of access levels for students is done by Security Services according to rules specified by the Area Access Manager. The access levels are assigned for a specified period of time and then they are removed. Since the information is supplied nightly to LENEL by Banner it is not necessary to repeat the procedure in order to detect newly registered students or recently activated badges. Card Readers Network and Communications Services is responsible for the installation and maintenance of card readers. Any problems you may have with the reader hardware should be reported to the NCS help desk at 398-3398. PINs The latest version of LENEL still does not allow Area Access Managers to enter PIN numbers for readers. To have the PIN number of a cardholder added, a request must be sent to lenel.security@mcgill.ca at least 48 hours in advance. Blank Proximity Cards Blank proximity cards may be used for persons who do not possess McGill ID cards or as a temporary replacement if a card is missing. To purchase blank access cards, send an email request to lenel.security@mcgill.ca. Be sure to include the number of cards desired and the FOAPAL the cards should be charged to. Since your Area Access Manager profile does not allow you to modify cardholder names, the blank access cards you purchase will be entered into the LENEL database by Security Services. All prox cards are assigned to the unit under the responsibility of the purchaser. The cards will remain unidentified until you have advised Security who was assigned the blank card. It is the responsibility of the Area Access Manager to advise Security of all changes to the card holders. All additions or changes to blank proximity cards must be sent by email to lenel.security@mcgill.ca. 4 Reports To obtain event reports from your card reader you must send an email request to lenel.security@mcgill.ca. Area Access Manager Rights do not allow you to make reports. Questions & Assistance You may send an email to lenel.security@mcgill.ca or call local 4562 for any question or assistance regarding the Area Access Manager software. Getting Started Logging On Follow the steps below to connect to the Windows Terminal server to access the Area Access Manager application: 1. Point your Internet browser to: http://lenelaam.campus.mcgill.ca/tsweb. (The required browser is Internet Explorer 6). The following screen appears: 2. Click on the [Connect] button – you do not need to fill in the other fields. At the “Important notice” screen, click the [OK] button. 5 Log on to Windows Server 2003 User name: Enter your e-mail address. Must be first.last@mcgill.ca Password: Enter you DAS password You should now see your Area Access Manger icon on the desktop. Double-click on the Area Access Manager icon. Double-click this desktop icon ONLY. Log on to the Area Access Manager (below) with your User name and password and click the [OK] button. 6 Area Access Manager Password Change It is recommended that you change your Area Access Manager password at the same time you change your Windows Server password (Window Server passwords expire every 40 days). From the Application menu select Change Password – the following window appears: 1. Enter your old password and new password in the appropriate fields. Password standards are: Passwords cannot be blank Passwords cannot be the same as the user name Passwords cannot be LENEL keywords Passwords should contain numbers and letters Passwords are not case-sensitive 2. A message confirms that you have successfully changed your password. Click the [OK] button. Area Access Manager Main Window Once you log in you will see the Area Access Manager main window. Here you can: Display cardholders in a selected access level. Display personal information about a selected cardholder. Select cardholders to be assigned to access levels. Select cardholders to be removed from access levels. 7 5 1 2 3 4 6. Listing Window – click on the icon to select a cardholder. Form Element Description 1. Access Level dropdown list 2. Assign button Lists the access levels that can be assigned and removed from a cardholder’s active badges. Opens the Access Level Assignment Wizard, which allows you to assign access levels to cardholders. Removes the assignment of the selected cardholder(s) from the access level that displayed in the Access Panel dropdown list. This tab is grayed out until at least one cardholder checkmark is placed next to the name of the cardholder in the listing window Displays cardholder, badge, and access level information for the selected cardholder record. This button is grayed out until at least one cardholder is selected. See page 11 for details. Click on the field names to change the order of the cardholders. Click on the same field a second time to reverse the order. Display the current list of cardholders assigned to the selected Access Level. 3. Remove button 4. Personal Information button 5. Field Names 6. Listing window Procedures View Access Level Assignments 1. On the Area Access Manager main window in the Access Level dropdown list box, select an access level to display. This box lists all access levels that you have permission to manage. Note: The access levels are set up for you by McGill Security Services. See page 3 for details. 2. Cardholders in the currently selected access level will automatically be displayed. Only cardholders with active badges will be shown. 8 Remove Access Levels from Cardholders You can remove one or many cardholders from an access level using Area Access Manager. 1. In the Access Level dropdown list on the Area Access Manager main window, select the access level from which you want to remove a cardholder. The current cardholders with that access level are displayed. 2. Select the cardholder(s) from the listing window by clicking on the icon to the left of the last name. 3. Click the [Remove] button, and a warning that says the following will be displayed: “The people selected will have the current access level removed (from all badges). Are you sure you want to continue?” 4. Click the [Yes] button. The currently viewed access level will be removed from the selected cardholders. Assign Access Levels to Cardholders You can assign one or many cardholders to one or many access levels easily using the Access Level Assignment Wizard in Area Access Manager. 1. On the Area Access Manager main window, click the [Assign] button. The Access Level Assignment Wizard will begin, and the Find People window will be displayed, as shown below: Select appropriate tab to display different search criteria fields. Do not use the drop down lists, as they contain no information 9 2. Specify the search criteria by typing a full or partial entry in the field(s) on which you wish to search. For example: Type “Smith” in the Last Name field to find all records that have the last name that begins with “Smith”. Searches are case sensitive. The dropdown lists in the Cardholder view contain no information, so use the “Student” or “Staff” tabs to search by other fields that help to refine your search. a. The Student view displays Faculty and Degree fields, and the Staff view displays Primary Org field. You have the ability to choose students from a particular Faculty or staff from one department. Note that the entire Faculty name must be entered under the Faculty tab (i.e. “Faculty of Science”, not just “Science”), and the entire degree in the Degree tab (i.e. “Bachelor of Arts”, not just “Bachelor”). Use these fields to help refine your search; make sure to write the full name of the faculty or degree. 3. Also note that for each view (cardholder, student, and staff) all cardholders are searched. So if you have typed something under Faculty in the Student tab, and then click back on the Cardholder tab, the Faculty entry in the student tab will remain and will be used in your search. Therefore, it is important to remove unnecessary or unsuccessful search terms before searching again. Always enter at least one search criteria before clicking the [Next] button. If you leave the fields blank all cardholders will be displayed. As there are more than 40,000 cardholders, this search will take a long time. To cancel a search, click the [Cancel] button. 10 4. Click the [Next] button. 5. If only one cardholder matches your search criteria, continue with Step 6. Otherwise, depending on what you entered as your search criteria, one of the following will occur: a. If more than one cardholder matches the search criteria, the Select People window will be displayed, as shown below: From this list, select the cardholder(s) that you want to assign access levels to by placing a checkmark next to their last name(s). Then click the [Next] button. b. If no cardholder matches the search criteria you entered, a message will be displayed that says “No people with active badges were found that match your search criteria. Please try entering less specific criteria.” If this happens, enter new search criteria and click the [Next] button. c. If you entered no search criteria, all cardholders will be displayed in the Select People window. This is not recommended; click the [Cancel] button and refine your search. 6. If you are only managing one access level, continue with Step 7. If you are managing more than one access level, the Select Access Levels window will be displayed, as shown below. Select the access levels you want to assign to the cardholder(s) you selected in the previous step. You must choose one or more access levels to assign. The currently viewed access level (on the Area Access Manager main window) is selected by default. 11 Use this button to set the access level activation and deactivation dates. Place a checkmark next to each access level you wish to assign. 7. Click the [Set Activation Dates…] button to add an activation or deactivation date to the access level. 8. Select an activation and deactivation date. Once the dates are chosen, click the [Set] button and the [OK] button in that order, and then click [Next]. 9. The Summary window will be displayed. If you agree with the summary of the access level that is going to be assigned, click the [Finish] button. Upon finishing, the access levels will be assigned to the selected cardholders. 12 The Personal Information Window Use the [Personal Information] button to display details about a selected cardholder, including the picture that appears on their McGill ID card. This button is found on the Area Access Manager main window and on the Select People window. Alternatively, you can double-click on a person’s name to see the Personal Information window. Logging Off 1. Select Log Off from the Application menu. All open data entry forms will be closed. The main window will open again as it did before you logged in and most of the toolbar and menu options will be dimmed. 2. Select the Exit choice from the Application menu. 3. Next, you must log off the Windows Terminal server. From the Start menu, select Log off. 13 Appendix – Batch Loading of Access Levels Bulk updating of student access levels onto the LENEL OnGuard system is now possible. Depending on specified criteria (see below for details), access levels will be generated and removed from LENEL records according to certain dates (again see below for details). This process will be run each business day. Manually assigned access levels will not be affected by the batch loading; it is important to note that levels that are manually assigned will still have to be managed carefully by the Area Access Managers. Manually assigned levels will stay on a cardholder’s card until the card is no longer valid (e.g. the cardholder receives a replacement ID card – access levels are not automatically passed from one ID card to another – or the cardholder leaves the University). Manually assigned access levels that would have been eventually generated onto records will be removed when the automatically generated levels are scheduled to be removed, assuming the cardholder meets the criteria set out in the rules defined. In order to not affect the manually assigned levels, different access levels should be used for the batch loading. Please note that should the Area Access Manager want to revoke the access of a student to his/her building or lab, the access may be removed manually. However, the system will reinstate the access when there is any LENEL-related change made to the student’s Banner record. In order to begin the process, the Batch Loading – Access Levels Form must be completed by the Area Access Manager and submitted by fax to 398-5186. Once the rules are set, the AAM will receive an e-mail confirmation. Security Services will enter the rules into Banner and the following night the access levels will be automatically assigned to the selected group. Currently the types of rules are: Student’s campus Student’s faculty Student’s department and graduate/undergraduate status Student’s courses Examples of entries that could be in this table are: RULE TYPE Student’s campus Student’s faculty Student’s department SELECTION Macdonald Faculty of Arts Physics Student’s course ECSE210 ACCESS LEVEL Macdonald Campus Staff/Students EMF Labs, Staff Access Always Meakins, Main entrance/ LAB219, Access Always McConnell Eng Rm 502 Access Always 14 It is possible to have several entries for the same rule type and parameters. The date the rules are set and the term that the student is registered will affect which access levels are generated. FALL Sep 1, 2006 to Dec 22, 2006 WINTER Jan 2, 2007 to Apr 30, 2007 SUMMER May 1, 2007 to Aug 31, 2007 This grid gives the default dates. It is possible for an access level for a particular reader to use dates other than the defaults by advising Security Services at the time of the request. It is also possible to alter the dates selected up to the end date for each term. The rules must be updated yearly. Fall dates must be between August and December inclusive, winter dates must be between January and June inclusive, and summer dates must be between May and September inclusive. Each pair of set must also be in the same year. Batch Loading - Access Levels Form This form is to be completed by the Area Access Manager when requesting the setting of rules by Security Services. Please complete all information and submit by fax to 3985186. When the rules are set, you will receive an e-mail confirmation. All shaded areas must be completed. The form follows on the next page, and is the only part that needs to be faxed. 15 Batch Loading - Access Levels Form Access Levels: Card Reader Time Period Dates: Default: Default: Yes [ ] No [ ] (if no complete below) Fall: Winter: Summer: Start date End date 01-SEP-2006 02-JAN-2007 01-MAY-2007 22-DEC-2006 30-APR-2007 31-AUG-2007 Start date End date FALL: WINTER: SUMMER: Rules: (All spaces need not be completed, but at least one rule is required.) Student’s Campus Downtown [ ] MAC [ ] Student’s Dept. & Grad. Student’s Course Student’s Faculty Area Access Manager Details: Name: Title: Phone: Email: Date: yy/mm/dd Signature: To be completed by Security Request approved by: Banner rules set: Confirmation returned: 16
