HOW TO DEFINE AND CHOOSE YOUR ROLE-BASED ACCESS SYSTEM?

There are 3 operation scenarios of role-based access systems: central unlocking, general pass, general and partial pass.

1. CENTRAL LOCK

This type of a role based access system is intended mainly for apartment buildings. Each apartment key is different, but all of them open the common areas of the building such as the main entrance door, access to the cellars or even to the bicycle park… In other words, with your apartment key you are able to open all the doors of the common premises (entrance, dustbin room, bicycle park…) without interchangeability between apartments (that is, with your apartment key you can not open neighbours’ doors)

2. GENERAL PASS

This type of a role based access system is for a simple configuration. Some users can open all access control points with a Pass key while other users can only have access where they are allowed. Each cylinder can be operated with its own key, but a pass key (general pass) allows to open and close all of the cylinders and door locks and other access points. Each cylinder has its own set of keys (different combinations – each key is different), the cylinders are therefore different, and each key opens its own cylinder.

Ex.: In a company, each person can enter one’s office with their own key, but not in the offices of your colleagues (or other access points), while the boss can open all with a general pass key.

Ex.: The gardener can open only the garden shed, your neighbour will only have access to the garage… but they won’t have access to other areas of your residence.

3. GENERAL PASS - PARTIAL PASSES

This type of a role based access system is intended for a more elaborate configuration and is frequently used by cities, hospitals, schools, hotels and sport complexes… where there are several role players involved in different services. In this configuration, while some users may access all areas with a general pass key, other users can open only some access points with a different key (partial pass)

For example, think of a facility with 11 doors:

The boss who has a general pass key can open all of them.

Each of the 2 sales managers, each having one’s own office, manage by 4 salesmen who in turn have their offices.

The Northern region sales manager can open with his key his own office and the Northern region salesmen’s offices, but not the office of the boss nor those of the Southern region sales force.

The Southern region sales manager can open with his key his own office and the Southern region salesmen’s offices, but not the office of the boss nor those of the Northern region sales force.

Each salesman can only open one’s own office.

4. GENERAL PASS - PARTIAL PASSES WITH INTERFERENCE OPTION

These complex systems require a special study. Design of role-based access plans is carried out using computer software. This type of a role based access system with interference is frequently used in the field of hospitality or in industry.

For example, think of a facility with 11 doors:

The boss who has a general pass key can open all of them.

Each of the 2 sales managers, each having one’s own office, manage by 4 salesmen who in turn have their offices.

The Northern region sales manager can open with his key his own office and the Northern region salesmen’s offices, but not the office of the boss nor those of the Southern region salesmen nor that of the Southern region sales manager, with the exception of 2 salesmen of the Southern region with whom he works on particular accounts.

The Southern region sales manager can open with his key his own office and the Southern region salesmen’s offices, but not the office of the boss nor those of the Northern region salesmen and their sales manager, with the exception of one salesman of the Northern region with whom he works on a particular account where they are experts and need to have regular exchange.

Each salesman can only open one’s own office, with the exception of the southern salesman, who works with the Northern sales manager, who can open one’s own office and the office of the Northern region sales manager.

NOTE:

The general pass – partial passes role based access system (with or without interference) allows access to a site by structuring it according to the general operations thereof. It is necessary to consider the different paths of persons within the site, as well as their permissions and refusals of access. For a quick general idea, it is necessary to divide the site by buildings and services, identify primary and secondary access points, and then detail the operations, not missing any possible exceptions, such as sporadic external stakeholders, maintenance of green spaces, for example… Once accomplished, the role-based access system must be a carbon copy of the physical tree of the site staff. Finally, it is necessary to consider the future of this role based access system and foresee adequate extensions.