Member Discussion

Active Directory Integration In VMS Systems

I recently came into a discussion about integration of Active Directory (AD) in VMS systems, but I do not know in what degree different VMS systems actually integrate AD. Single sign on would theoretically be logical and easily achieved (by allowing AD users or groups to be added as users in the VMS system) , but how about full blown access control? Are there any VMS that actually use AD to configure what cameras users have access to in detail and what kind of access whey should have (View, Control, Playback...)

So you you talking about setting the permissions in AD? With Genetec you can pull in entire AD Security Groups and their included users, and then set the permissions for those groups (as far as what they can do) in Genetec itself. I've always assumed thats how other manufacturers work their LDAP integration.

For exacqVision the configuration of granular permissions (cameras, playback, etc.) is performed and stored in exacqVision. You can map those permissions to AD users or AD groups, so you don't need to manage the *users* in exacqVision, but the *permissions* are managed in exacqVision.

Single sign-on is supported as well.

Yes my assumption as to how this was probably handled by different VMS systems was: Bring AD Groups into the VMS system where each group is assigned access to the VMS and then use AD to assign specific AD users to the AD groups according to what access they need, and not the other was around (bring cameras and other items from the VMS into AD and assign cameras... to each AD-user/AD-group)

For example:

Make an AD-Group: Name=VMS_View_cameras_only
Assign this group to a operator usergroup on the VMS system that have only view for the cameras.

Make an AD-Group: Name=VMD_Full_camera_control
Assign this group to a operator usergroup on the VMS system that have full control for the cameras.

Make an AD-Group: Name=VMD_Administrators
Assign this group to a administrator usergroup on the VMS system.

Am I right in assuming this is the way that most VMS systems do AD/LDAP integration?