Permissions

Permission are defined at the level of user groups or users. A useful set of default permissions is defined at the Organization level. These permission apply recursively to all groups in the organization. (see Defining groups and permissions).

Call access permissions

The following call-related permissions are possible:

Permission	Description
View listing	The list of calls can be viewed.
Playback recordings	Playback of audio recordings of calls* (excluding screen recordings)
Playback screen recordings	Playback of screen recordings
Playback active calls	Real-time playback of currently active calls. This requires the Call monitoring option to be enabled in the Recording settings. Note that calls that are currently recorded, but will not be stored in the end (because of no store on demand command, or because of a delete on demand command), can still be played back while active, by a user who has this permission.
Download recordings	Call recordings can be downloaded, also multiple at once. Playback of finished recordings (including screen recording playback) is allowed (excluding active calls).
Delete recordings	Call recordings can be deleted.
Edit notes	Notes attached to a call recording can be edited.

*) The handling of playback compared to download is dependent on browser configuration. Playback inside the browser is possible with modern browsers and MP3 encoding, and with Internet Explorer and the Windows Media Player ActiveX. In other situations, the file might be downloaded to a temporary location, and played back from there. See also the System setting "Playback permission allows playback only inside the browser".

The permission applies only to calls of the user or group that is filled in. As a special feature, instead of a specific user or group, it is possible to give permission to calls of users depending on to whom the permission is given:

•special: itself: The permission specifies what a user may do with its own recorded calls.

•special: its own group: The permission specifies what a user may do with recorded calls of people in his group.

•special: subgroups of its own group: The permission specifies what a user may do with recorded calls of people in subgroup of his own group. For example, a manager may access calls of the group he manages.

It is also possible to give a global permission:

•special: Everyone: The permission specifies what a user may do with any recorded call

On the user page, there is a second table in which permissions can be granted to a user for a recorder. A recorder can be the current server itself, V-Taps, other Apresa servers, or other Vidicode devices. It will give access to all the available recordings that were imported from the selected recorder. This can be useful, for example, when a V-Tap device is used to record calls of only one user, and the used phone numbers are not unique. The assigned permissions in this second table apply in addition to permissions granted the in the first table.

User account editing permission

Permission

Description

Edit user accounts

When granting this permission, you can specify which user account or which group of user accounts may be edited.

A) If special: Everyone is specified, then access to all users and groups is granted, except the administrator accounts. All permissions can be set, except the administrator permission. The list of managed phones can be edited.

B) If a group is specified, then the user accounts in that group can be edited and deleted, and new users in that group can be added. The group itself cannot be edited.

C) If a user is specified, then the user account of that user can be edited.

B,C) Users can be moved to another managed group. Permissions can be granted, but only if the manager has this permission himself. A new phone can be added to the list of user phones, but only if it is in the managed phones list of the manager (taking into account wildcards).

System access permissions

The following system-related permissions are available:

Permission	Description
Tenant Administrator: Audit Trail	Retrieve the audit trail of the users of the tenant (the tenant group of which this user is also a member).
Tenant Administrator: Export recordings	Enable/disable and configure the time schedule of the export of recordings of the tenant (the tenant group of which this user is also a member). The system administrator needs to do configuration of the export destination beforehand (on the command line).
Tenant administrator: Call encryption	This option allows a tenant to set up a password-protected per tenant call encryption.
Web Client	The user can access the web client. In case a user has only this permission or this permission in combination with the edit notes permission, only the web client can be reached and all other pages are blocked, and after logging in the user will immediately be redirected to the web client. The user will have access to calls involving its own phones.
Live Dashboard	The user can access the Live Dashboard using the Tools menu. It provides a configurable selection of live data and statistics.
Access to contact list	The list of external and internal telephone numbers and their names can be viewed. The contact list is system-wide or per tenant.
Edit names	Names attached to a telephone number can be edited. Names are stored in the contact list, which system-wide or per tenant.
Add recordings (API)	This permission can be used by a mobile app or another remote application to upload recordings into the database for this user.
View system info, reset alarm	The system information page can be viewed (which shows the system health status), and resettable alarms can be reset.
Manage user sub-accounts	The user can create new user accounts, but with the restriction that only phones can be added to these account that are also part of his own account. These new user accounts can be managed (edited/deleted) by this user. This can be useful in a multi-tenant situation. New user accounts are created in the same group as the manager. Note: Consider using the "Edit user accounts" permission instead.
Edit recording filters	The recording filters on the Recording settings page can be edited.
Edit configuration (Administrator)	The complete configuration of Apresa can be edited, including user accounts and system settings. This makes the user a full administrator.
Level 2 administrator	Allows access to the following pages: Contact list, Export/import recordings to/from another Apresa, Diagnostics, Users, User groups, Tenants.
Level 3 administrator	Allows access to the following pages: Users, User groups, Tenants.
Delete multiple calls	Allows for the deletion of multiple calls at once with a search filter. In addition, it is still required to have the 'Delete recordings' permission before a call can be deleted via this option.

Lower level administrators are prevented from editing higher level administrator accounts, or assigning higher level permissions.