ICA User Setup
This document assumes that the Patriot ICA module has been installed. This document covers setting user access levels and giving users access.
The Internet Client Access (ICA) module allows users access to their site information via the internet using a standard web browser. Patriot contains flexible configuration settings for allowing different levels of access to your users. This works by setting up one or more web-access security group(s) and then assigning one or more of these groups to each user that requires web access.
Create Web-Access Security Group(s)
Security > Operators > Security Groups
Web/Mobile Client Security Group
You can insert a new web access security group in exactly the same way you would insert a new operator security groups - the only difference between the two group types is whether you choose to check "Web/Mobile Client" as a supported client app. When you choose "Web/Mobile Client" as the only supported alp, a reduced set of security rights are available, which corresponds to the features currently available via the ICA website. Also note, that there are special considerations to be made when hiding and viewing tabs from the ICA that are listed under Security Right Definitions at operator security group because the ICA website is not an exact mirror of the Windows client interface.
Web Access Level
There are four levels of web access:
-
Level 1: Standard
Read-only access. View general client data and history, and generate client and log reports.
-
Level 2: Edit Client
Adds additional features:
- Edit client data (such as site contact details, users, schedules, zones, etc.)
- Create and edit Test Mode.
- Edit Auto Status Monitoring settings
-
Level 3: Extended Access
As well as the Standard and Edit Client features above, this adds additional features:
- Add new clients
- Edit Client Notes
- Create and edit Work Orders
- Access to the full range of Reports
- Access to Dispatch Jobs (requires Dispatch Module).
- Ability to grant multiple Engineers web access without adding to your license count - see Dealers and Engineers for more information.
-
Level 4: Monitoring
As well as all the features above, this adds additional monitoring features:
- Current Activations
- Ability to Sleep, Complete or Release Current Activations
- Add or Edit operator notes on Current or Completed Activations
Licensing Requirements
Each user that you grant one of four Web Access levels detailed above will count against your license limit. There is an ICA Module corresponding to each Web Access Level. When an ICA Module is added to your license it comes with a user limit and you will be able to grant up to that number of users web access to the level of the ICA Module or to a lower level. If you have multiple ICA Modules on your license then your web access users will be spread between your ICA Module limits such that every user counts against the module limit corresponding to its access level or to a higher level.
For example, if you have the ICA Edit module and the ICA Monitoring module, each with a limit of 5 users then your license could be spread across your web access users in many different ways including:
- 5 users with Monitoring level web access and 5 users with Edit level web access
- 10 users with Edit level web access
- 10 users with Standard level web access
- 5 users with Extended level web access, 1 user with Edit level web access and 4 users with Standard level web access
- 1 user with Monitoring level web access, 1 user with Extended level web access, 1 user with Edit level web access and 7 users with Standard level web access
- etc.
The Web Access Level is set on the Security Group. When a user is assigned multiple security groups with different web access levels then the user's licensed web access level is determined by the assigned security group with the highest access level.
To see exactly which users and operators count towards your usage, you can click on one of the ICA modules in the Help Menu.
This will display all the users and operators listed beneath each Web Access Level heading. Please beware that operators with Windows Client & Web Client access always count against the Monitoring Access level total.
Dealers and Engineers
There are some special licensing rules for engineers with remote access. The table below shows how license limits are calculated for a single dealer user, depending on how many engineers are assigned to them.
No. of Engineers Assigned | License count |
---|---|
0 | 1 ICA License. License level will match that of the security group. |
1 - 4 | 1 ICA Extended License. |
5 - 9 | 2 ICA Extended Licenses. |
10 - 14 | 3 ICA Extended Licenses. |
x > 0 | x / 5 + 1 ICA Extended Licenses |
General rule: When 1 or more engineers are assigned to a dealer, each block of 5 engineers adds 1 to the total usage, and they are all counted as ICA Extended Licenses.
Global User Protection
ICA users with view/edit access to a client's user listing by default gain this level of access to all assigned users equally. But this can be problematic as a client's user listing usually consists of a mix of Local Users such as key holders, and Global Users such as Patrols. Global users are assigned across many clients, often across bureaus, and typically require edit (and sometimes view) protection from most ICA users. For this reason Patriot has a concept of Protected Users. Access to protected users is controlled by the Protected Users security right (child right of Client User List). A user can be given protected status in a number of ways:
- Directly, by assigning a User Type with the Protected option enabled
- Directly, by assigning a User Grouping with the Protected option enabled
- Indirectly, by assigning the user to any client or template to which an ICA user does not have access.
Protected users, types, and groups are indicated visually with a padlock icon beside their name.
The Installer (a.k.a Dealer or Bureau) User Type has an extra layer of protection and cannot be edited by any ICA user without the Dealer Maintenance security right.
Remote Action Plan Filtering
Remote Action Plan Filtering configured through security groups applies to web/mobile client users only (windows client operator action plan filtering of pending activations is configured via operator preferences) and will determine what historic signals and activations are displayed to the web user. You can choose to exclude some action plans, or to only include some action plans. For performance reasons, pick the option which requires the fewest action plans to be selected.
ICA Report Access
To allow reporting in ICA, you should assign the security group rights for Report Shortcuts:
You can also decide which specific reports each security group has access to, out of the following options:
Report Type | Standard / Edit Client | ICA Extended / Monitoring / Administrators |
---|---|---|
Incident Report | ✔ | ✔ |
Log Report | ✔ | ✔ |
Activation List Report | ✔ | |
Client Report | ✔ | ✔ |
Client List Report | ✔ | |
Client Notes Report | ✔ | |
Client With Response Report | ✔ | |
Incident Extended Report | ✔ | |
Log Analysis Report | ✔ | |
Polled Client List Report | ✔ | |
Reason Analysis Report | ✔ | |
Type Report | ✔ | |
User Report | ✔ | |
Work Order Report | ✔ | |
Zone Report | ✔ |
Provide ICA Access to User
User's ICA settings will be visible when "Allow Web Access" is enabled:
- User Name: The login user name.
- Password: The login password, which only visible to the operator when setting up user for ICA for the first time and when resetting the password. To improve security, password set by the operator should be treat as a temporary password, the user should change the password in ICA once login.
- Account Recovery Email: The email address to receive password reset code, which can be used for operators to reset their password.
- Security Group: The security group the user should be assigned to.
- Access Type: Two options available: "Client Groupings" and "Client Assigned". "Client Groupings" allows the user accessing clients that have been assigned to one of the "Accessible Site Groupings" below, even when the user hasn't assigned to the site, while "Client Assigned" limited to clients that the user has been assigned to, regardless their Client Grouping. Note that Monitoring level doesn't support "Client Assigned" as the access type.
- Accessible Site Groupings: User will have access to these Site Groupings. This setting only available when the Access Type is "Client Groupings".
- Accessible Action Plans: User will have access to these Action Plans. This setting only available when the Security Group is a Monitoring level Security Group.
Patriot Desktop Client Linking
Patriot control room operators with dual Windows and Web/Mobile client access rights can quickly switch between the two interfaces by clicking the "Open in Patriot Client" link button which appears in the action button tool bar throughout the ICA interface. Clicking this button opens the same data in the Windows destop client.
The Windows client link buttons are only shown in ICA when the logged in user:
- Belongs to a security group with both Windows Client and Web/Mobile Client access.
and
- Is currently logged into a Patriot desktop client.
Corresponding ICA link buttons can be shown in the Patriot Windows client (when enabled in the System Wide Settings).
If an operator is currently logged into multiple Patriot desktop clients then they may set which desktop client should be used to open ICA links from the main menu bar of the ICA interface.