Query the Access Control Expert: Determining Which Level is Which

Oct. 27, 2008
Get Vital Information Beforehand

Q: Can you explain how to set up Access Levels?

A: Few terms used in access control always mean the same thing for every system you may be involved with. Access levels can refer to the authority level of a system administrator. Access levels can refer to how deeply into the protected area a user is granted access. Access into the most critical area is analogous to the highest access level.

Access levels are affected by database architectures that vary from system to system. The complexity of each site is different: the number of doors and the number of card holders.

To start, determine from your clients what they envision will be the ultimate number of doors, end users and groups within the system. Some software may have limitations with respect to the number of doors, user groups, door groups or time zones it permits. The earlier in the process you have the clients' parameters and requirements it is easier to determine if you might have to select one product over another in order to meet the job's requirements.

It doesn't have to be a large project to have a customer's requirements cause a big problem. A halted project will always cost you money.

One important element of access level is to determine how the client expects to authorize end users for access. The usual choices are: PIN (Personal Identity Number); Credential (prox card or FOB); or a combination of PIN and credential.

Some keypad access systems separate on a common memorized code. This is considered the lowest access level because the common code is easily shared and therefore security can be compromised. However, these types of systems are no less secure than a key lock which uses a non-proprietary keyway. Non-proprietary keys are keys which can be copied anywhere, and lock cylinders which might be vulnerable to picking.

Because mechanical combination locks may be reprogrammed quickly without requiring a re-key in this respect they are considered more convenient, easier to manage and more secure than a mechanical key lock. For many applications they are considered a perfect solution. Such areas include storage areas or doors to which only a limited number of trusted users have access, or where there are guards, video surveillance or alarm systems.

Single code mechanical locks dovetail well with other forms of access control and may be combined with credential based security as well.

Another category of keypad lock is the electronic standalone and supports multiple user codes. Although the same vulnerability of memorized codes still exists, by issuing individual codes and providing an activity log of entries into the protected area, users are less likely to share codes because they fear reprisals for violating security policies.

Devices in this category offer features which invite creative security solutions. Besides audit log reports, different models of these systems support remote release, lockout, one time use, time zones and integral credential readers, thereby providing three access levels in a self contained battery powered device.