User management allows you to add additional users and define their rights which are applied also for the REST API. It has a specific section in FLOW Insights where you can add and remove users as well as specify their roles. In this article we will go over the user management in FLOW covering both the My account and Users sections.
User management menu location on the navigation panel.
User roles
There are 3 levels of access: Admin, Analyst and Viewer and the level of access is descending in this order. User management is currently implemented on the BLOCK level meaning that each FLOW-powered device has its own login details.
Admin - Can add and remove users including Admins, Analysts and Viewers and can do anything i.e. add/remove new analytics, add/remove hardware and software interfaces (I/O relays, Webhooks, SDLC, VMS) and do everything Analyst can such as define traffic tasks, dashboards, data sinks etc. The admins also have the right to change the system settings such as date-time, anonymization and do backups and updates.
Analyst - this user is able to manipulate the analytics they have access to. It means that they can define the traffic tasks, dashboards and use data sinks. Analysts cannot access user management and device/interface settings (i.e. BLOCK settings).
Viewer - Viewers can only view the analytics (definition and dashboard tab) they have access to. They have read-only rights.
Admin can see and manage all analytics. Analyst and Viewer roles, on the other hand, have their access defined for each analytic separately, by default they will, however, have the access set to their user role level of access meaning that Analyst will have their rights set to Analyst on all the analytics. This level of access will be also applied to newly added analytics. The level of access for the individual analytics of Analysts and Viewers can be changed by Admins. Admins can also completely remove access for Analysts and Viewers.
Adding a new user (admin only)
You add new users by clicking on the “Add a user” button in the Users tab. There you need to set the username and password and their user role. You can leave the other details for them to fill out. If you want the user to access only some Analytics you can click on the Specify roles button as shown in the picture below. It opens another window where you can also set the default user role (role this user will get for any newly added analytics) To set roles on all analytics simultaneously you can use the buttons “Set all to” on the top of the columns
User details and interface for individual analytics access.
Scheduled access
In addition to user roles, FLOW user management allows you to restrict user access to a FLOW device for certain times. To restrict access for specific times, change Time mode option to Scheduled and then click on Scheduled access times to define the time intervals in which the access is allowed. You can also set specific dates for which these time intervals are applied.
Editing user profile
Once you have created users you can edit them. Admin can edit details on any user profile while Analyst and Viewer roles can only edit their own details under the My account tab. Here you can change the username and password. To change the password click on Edit and then Change password button and type the new password into each of the 2 provided spaces for verification and click Save Changes on the bottom to confirm it. To change any other details such as username, name, or email address, simply retype the fields and again use the Save changes button.
How to create GDPR compliant access
Would you like to publish the traffic insights, dashboards, or live views from the cameras, but you can’t because of GDPR? Creating GDPR compliant and read-only access to your analytic for 3rd parties is easy with FLOW. As an administrator, set up the static and dynamic anonymization zones to blur the faces, licenses or facilities in the analytics settings (read more here). Then create a new user with a Viewer role for this analytic and use this user to access GDPR compliant data. You can also stream only the anonymized video stream via MJPEG.
FLOW implements advanced tools for static and dynamic anonymization of the images. Dynamic anonymization applies the blurring only to sensitive parts such as faces or LPs.
Users and REST API
The bearer token for the specific user is accessible via API or via INSIGHTS for the logged user in the user profile (tab My account). Based on the user rights of the specific user the API token provides access to the same analytics and in the same level of access as what the user has. In other words, the token allows the user to download data via REST, from analytics which the user can access. This mechanism very easily enables limiting 3rd parties such as smart city platforms or data analysis platforms access to selected traffic insights.
Conclusion
In this article, you have learned about the different user types, their level of access, and how they can be managed. You have also learned how you can comply with GDPR using dynamic anonymization and how API access can be created with users. Thank you for your attention.