User Management

In this chapter:

Predefined Roles

FindFace Multi provides the following predefined roles:

• Administrator is granted full access to the FindFace Multi functionality, integrative and administrative tools.

  Important

  Whatever the role, the first administrator (Super Administrator) cannot be deprived of its rights.

• Operator is granted full access to the FindFace Multi functionality.

• User is granted rights to receive and acknowledge events and episodes, search for objects on the event list, modify their profile data. The other functions are available read-only.

You can change the predefined roles privileges, as well as create various custom roles.

Create Custom Role

To create a custom role, do the following:

1. Navigate to the Preferences tab. Click Roles.

2. Click +.

   

3. On the Information tab, specify the role name.

   

4. Click Save. You will see additional tabs appear next to the Information tab. You can use these tabs to assign the role privileges for specific watch lists (the Watch Lists tab) and camera groups (Camera Groups), as well as for entire system functions and entities (Permissions).

   Note

   For example, if you set None for a certain camera group on the Camera Groups tab, users with this role won’t be able to work with this very group of cameras. Setting None for cameragroup on the Permissions tab will prevent users from viewing and working with all camera groups.

   Note

   The right for an event consists of the rights for a corresponding camera and watch list. To see unmatched events, you only need the rights for a camera.

   The full list of the FindFace Multi entities is as follows:

   • area: area

   • faceevent: face recognition event

   • faceobject: face photo in a card

   • carevent: car recognition event

   • carobject: car photo in a card

   • bodyevent: body recognition event

   • bodyobject: full-length photo in a card

   • deviceblacklistrecord: blocklist

   • watchlist: watch list

   • cameragroup: camera group

   • camera: camera

   • uploadlist: list of photos in batch upload

   • upload: item (photo) in batch photo upload

   • user: user

   • webhook: webhook

   • videoarchive: object identification in offline video

   • counter: counters picking statistics on faces and bodies

   • report: report

   • all_own_sessions: all sessions of the current user on different devices

     Note

     If relevant permissions for this entity are set, users will be able to view (view) and close (delete) all their sessions on different devices. Otherwise, users will be only allowed to view and close their session on the current device. Working with sessions takes place on the Sessions tab (Preferences).

   • humancard: person card

   • carcard: car card

   • relation: card-to-card relation

   • humanepisode: person-related episode

   • carepisode: car-related episode

   • facecluster: cluster of faces

   • bodycluster: cluster of bodies

   • carcluster: cluster of cars

   You can also enable and disable rights for the following functionality:

   • configure_ntls: configuration of the findface-ntls license server

   • batchupload_cards: batch photo upload

   • view_runtimesetting: viewing the FindFace Multi general preferences

   • change_runtimesetting: changing the FindFace Multi general preferences

   • view_auditlog: viewing and working with the audit logs.

     

Primary and Additional User Privileges

You assign privileges to a user by using roles:

• Primary role: main user role, mandatory for assignment. You can assign only one primary role to a user.

• Role: additional user role, optional for assignment. You can assign several roles to one user. The rights associated with the additional roles will be added to the primary privileges.

All users belonging to a particular primary role automatically get access to camera groups (and cameras within the group) and watch lists (and cards in the watchlist) created by a user with the same primary role, subject to the privileges defined by their additional role(s).

See also

Create User

Create User

To create a user, do the following:

1. Navigate to the Preferences tab. Click Users.

2. Click +.

   

3. Specify such user data as name, login and password. If necessary, add a comment. Attach the user’s photo.

   

   Important

   A face in the photo must be of high quality, i.e. close to a frontal position. Distance between pupils: 60 px. Supported formats: WEBP, JPG, BMP, PNG. Photos that do not meet the requirements will be rejected with a detailed error description.

   Tip

   The photo can be used for biometric authentication.

4. From the Roles drop-down menu, select one or several user roles. Set one of them as the Primary role.

5. Check Active.

6. Click Create.

Deactivate or Delete User

In order to deactivate a user, uncheck Active on the user list (Preferences -> Users).

To delete a user from FindFace Multi, click on the user login on the list. Click Delete.

To filter the user list, use the following parameters:

• Active: user status

• Primary role: one or several primary roles

Enable Administrator Privileges for System Plugins

The FindFace Multi package incorporates an extensive set of system plugins that provide the following functionality:

• partner integrations

• log-in through a crypto certificate (contact your manager for details)

Note

You have to manually enable the system plugins via the /etc/findface-security/config.py configuration file.

By default, the Administrator role is granted no privileges for any of the plugins. To assign relevant privileges to Administrator, do the following:

1. Enable a system plugin in the /etc/findface-security/config.py configuration file, following the step-by-step instructions provided by our team.

2. Re-migrate the main database architecture from FindFace Multi to PostgreSQL.

   sudo findface-security migrate
   

3. Re-create user groups in the main database.

   sudo findface-security create_groups
   

4. Restart the findface-security service.

   sudo systemctl restart findface-security.service