Enroll users and their rules

This topic describes how to create the access rules that the device will use after an access attempt in any of the possible ways (via a biometric reader, proximity card, id, password, etc). Note that these access rules only apply when the device is in standalone mode because when operating in some online mode the access rules must be managed by the access server itself (except when the device goes into contingency mode after failures in communication with the access server).

The same user can have several access rules directly and indirectly. Direct access rules are those that are linked directly to the user, and indirect access rules are those that are applied to the user because he is present in a certain access group, such as a department.

To create an indirect access rule, i.e., create a user group and assign access rules to that group, you will need to follow the steps below, and this is the recommended workflow in access control applications :

  • Create objects of type users as described in this example.

  • Create objects of type groups as described in this example.

  • Create objects of type user_groups, to add the user to a group, as described in this example.

  • Create objects of type access_rules as described in this example.

  • Create objects of type group_access_rules (access rules --> group), which are responsible for linking groups objects with access_rules objects, as described in this example.

Finally, it will be necessary to define the time intervals in which the access rule will be valid, and this must be done through the three steps described below:

  • Create objects of type time_zones, a time can contain several intervals. How to create objects of this type is described in this example.

  • Create objects of type time_spans. These objects contain time intervals, days of the week, and holidays that can be linked to a time. How to create objects of this type is described in this example.

  • Create objects of type access_rule_time_zones (access rules -> times), which are responsible for linking time_zones objects with access_rules objects, as described in this example.


For special cases, it is also possible to create a direct access rule, that is, an exclusive rule for a user. However, this is not recommended and should only be used to handle exceptions. If this is the case, just follow the steps below:

  • Create objects of type users as described in this example.

  • Create objects of type access_rules as described in this example.

  • And finally create objects of type user_access_rules (access rules --> user), which are responsible for linking users objects with access_rules objects, as described in this example.


In both cases above (direct and indirect access rule), after creating the access rules, it will be necessary to link them to a portal to indicate which door should be opened when the access rule is satisfied.

To consult the existing portals in a certain access control device, this example can be used.

  • Finally, to define which door will be opened when the access rule is satisfied, create an object of type portal_access_rules as described in this example.