Have a building with 4 stakeholders who need to get though the same front door. Multiple cards or readers are not an option and each stakeholder wants to control their own access to this door.
Suggestions?
Subscriber Discussion
One Door, 4 Stakeholder Systems
Brian Rhodes
Feb 12, 2019Can you assign each group their own facility code and then let all 4 facility codes be read on the door's reader?
U
Undisclosed #1
Feb 12, 2019Possibly, but you would need a separate system to control the door, which would mean separate programming (maybe a file transfer). Moreover, the stake holders need access to reports on their own system and would be the first to cancel a cardholder privilege. .
Brian Rhodes
Feb 12, 2019So are there currently separate access systems being used for all 4 stakeholders?
Is this particular door the main locked opening into each of the 4 areas? Is there a common lobby/foyer/breezeway connecting them?
U
Undisclosed #1
Feb 12, 2019Its a part of a large multistory facility with four international tenants. There is a common lobby for all tenants and eventually, this lobby will also feature a common optical turnstiles into the elevator lobby.
CD
Chris DeMeo
Feb 13, 2019
Michael Silva
Feb 13, 2019We have had this type of request many times and it can be a lot more difficult to implement than it first appears.
The cleanest solution is to install an access control system that has a "segmentation" feature, sometimes called a "tenant" feature. Each segment acts as its own virtual access control system and the individual tenants would each be assigned their own segment. Shared doors (such as the front door) would be assigned to all segments. Doors on individual floors occupied by stakeholders would be assigned only to their own segment.
Most of the major manufacturers support segmentation, but be sure to work out the details before purchasing a system. There are lots of potential "gotchas" to watch out for.
It is also possible to connect a single card reader to two or more separate access control systems using an Intelligent Wiegand Splitter. These devices look at facility codes and then direct the Wiegand signal to the appropriate system. I have never seen a successful implementation of this but see no reason why it wouldn't work. I have seen attempts to do this with less sophisticated splitters and these never worked well. (Cards from one system read as "invalid access attempts" on the other system and vice versa.) Hopefully the use of an intelligent splitter would solve this problem.
U
Undisclosed #3
Feb 13, 2019Thanks Mike, you made me want to test bench and think about:
1) A central switch port mirroring the data from an IP source card reader or single door module to multiple access control head ends.
2) In a segmented system, you would still see all the card rejects? However this is a common door so monitoring valid/invalid events would be futile.
3) Perhaps the Access Control Software Engineers can modify software to filter card ranges specifically (incoming future code) so that their system(example:tenant A) can read a card# range such as 1000 - 5000 and still ignore but log all the cards outside this range without broadcasting the invalid rejects to the tenant A monitor view? The second (tenant B) segment can accept card# 10000 - 15000 and so on. Tenant A, B, C ranges 1, 2, 3.
4) If this can be achieved even in segmentation it seems like it could work to take a common point of entry reader and distribute its activity uniquely amongst the 'tenant' segments as to appear as a dedicated reader on a single system to the end user without all the cluttered transactions of non segment card holders.
Hrm…...
UI
Undisclosed Integrator #2
Feb 13, 2019This is a PDK ProDataKey feature of the cloud product. I don’t work for PDK but i’ve seen it demonstrated.
UI
Undisclosed Integrator #4
Feb 13, 2019If these are international customers they probably want to have their own access control system tied into their system. One thing we have done is just put in wiegand splitters so one reader can go to multiple systems. The downside is you will get a fair amount of unknown card alarms which you can have most enterprise level systems ignore and just log instead of generating alarms.
UI
Undisclosed Integrator #5
Feb 13, 2019RBH has the option to divide cardholders in "Companies". Based on the login credentials to the software a stakeholder would only be able to see the cardholders in their "Company". Setup this scenario with two stakeholders in a warehouse/office building where the office people wanted to have full control of their doors and the warehouse wanted to have full control of their doors, some of the doors where shared. Worked great and I don't know of any reason the concept wouldn't be able to scale up to 4 stakeholders. In this install the cardholders where totally isolated, the warehouse folks couldn't see the office cardholders and visa-versa, even in history reporting.
I would think most major access control offerings would offer similar functionality.
U
Undisclosed #1
Feb 13, 2019i was looking though the posts and suddenly it occurred to me that i had this problem before and solved it easily. But that was 12 years ago and being a bit older than most folks, I could not recall the product. After digging though some old project records without success, I reached out an old friend in NYC (integrator) who reminded me of this product . Has anyone had experience with this? I used this product in a long time ago and its still in today.
U
Undisclosed #1
Feb 13, 2019These are all international companies with thousands, of doors and hundreds of thousands of credentials. Solutions that require new systems are pretty much off the table.
Michael Silva
Feb 13, 2019It sounds like the Wiegand splitter approach is the one that makes the most sense then.
I'm guessing that each of the tenant companies may use different brands of access control panels and probably different integrators. If this is the case, the question becomes, who takes responsibility for installing and supporting the shared card reader and Wiegand splitter? I see lots of opportunity for finger pointing here if something goes wrong.
One very common approach used to manage your application is to have a "building" system that is managed by the property management company. The building system would be used to control card readers at building entries, lobby turnstile, elevators, etc. Each of the tenants would install their own system to control the doors on their floors, but use access cards compatible with the building system. In some cases, it may be necessary to use a multi-technology card to achieve this.
When a tenant issues an access card to one of their employees, the property manager is given the employee's name and card number so that it can be entered into the building system database. When an employee is terminated, a reverse process is followed. Not quite as elegant as having a unified system, but very workable. The property management company usually prefers this approach as they retain control over who has access to their building.
U
Undisclosed #1
Feb 13, 2019The base building will have its own system which it will offer to stakeholders partitioned in a way to permit access only to those cameras and doors that are in the stakeholder's world for a cost. Great for the small office operation. I have done it this way before. Problem with this scheme is that it places liability on the Building manager to deal with cards for the stakeholders. The idea is to back the Building Owner out of this process as there are about 5000 people involved, not including the visitors, temp cards, etc, etc. My goal is to have the owner set a general policy and articulate this policy in the lease. It will also avoid mistakes (name misspellings, job changes, etc) that must be reflected in the base building cardholder files.
New discussion
Ask questions and get answers to your physical security questions from IPVM team members and fellow subscribers.
Newest discussions