Eyrus provides a range of configurable access control. The system uses a specific rule set to ensure reliability, security, and ease project setup.
Individually-set rights always take precedence.
If zone access is changed for a single worker in their profile this will always take precedence over any other contract or global access setting on the affected zone(s).
Contract exemptions are prioritized over global settings.
If a specific contract has an exemption set on a specific zone, the system will apply this first prior to any global access settings. Ex. If Zone A is set to Global Deny except for Smith Electrical Co. - everyone except those working for that company would be denied from Zone A.
Access rights on child zones are accounted for first before parent-level zones.
In the event an access right set on a child zone differs from that set on the parent, the system will prioritize the child settings first. Ex. If Zone A is set to Global Deny inside another zone with different access, when scanned, the system will apply the child zone’s Global Deny setting.
Below are three scenarios that outline how Eyrus applies access control rights when given specific conditions. The image below represents a sample project with three zones in the project's hierarchy. Building 2 is a parent zone with includes the Electrical Room as a child and the Server Room as a child of the Electrical Room.
Scenario 1
Stephanie Myers is an electrician with individual access to the Electrical Room.
Building 2 is Global Allow.
Electrical Room is Global Deny.
Server Room is Global Deny.
When scanning her Eyrus badge in all three zones the results would be as follows:
Building 2: ALLOW
Building 2 is set to Global Allow so Stephanie can access this zone.
Electrical Room: ALLOW
Even though Electrical Room is set to Global Deny, Stephanie can access it because she has an individual exception for this zone.
Server Room: DENY
Server Room is set to Global Deny. Even though Stephanie has individual access to Electrical Room she cannot access a child zone with separate access rights.
Scenario 2
Jordan Anderson is a carpenter with Bedford Contracting. Bedford has a contract-level exception to work in the server room.
Building 2 is Global Allow.
Electrical Room is Global Deny except Bedford Contracting.
Server Room is set to inherit rights from the parent.
When scanning his Eyrus badge in all three zones the results would be as follows:
Building 2: ALLOW
Building 2 is set to Global Allow so Jordan can access this zone.
Electrical Room: ALLOW
Even though Electrical Room is set to Global Deny, Jordan can access it because he works for Bedford Contracting.
Server Room: ALLOW
Server Room is set to “Inherit from Parent” so any access rights from the Electrical would pass to this child zone. So Jordan can access it because he works for Bedford Contracting.
Scenario 3
Mary Smith is a foreman with individual access to Building 2.
Building 2 is Global Deny.
Electrical Room is set to inherit rights from the parent.
Server Room is set to inherit rights from the parent.
When scanning her Eyrus badge in all three zones the results would be as follows:
Building 2: ALLOW
Even though Building 2 is Global Deny, Mary can access it because she has an individual exception.
Electrical Room: ALLOW
Mary can access Electrical Room because it’s rights are inherited from Building 2, including individual exceptions.
Server Room: ALLOW
Mary can access Server Room because it’s rights are inherited from Server Room, including individual exceptions.