CoreSight

Users and roles

Accounts, permissions, per-camera scoping, and the audit log.

Accounts are managed on the Users page, permissions on the Roles page. Every action a user takes is checked against their role's permissions — and recorded in the audit log.

Built-in roles

CoreSight ships with three roles:

RoleIntended forTypical rights
ViewerGuards, receptionistsWatch live video and playback. Read-only.
OperatorControl-room staffEverything a viewer has, plus working alarms (ack/assign/clear), events, and exports.
AdminSite administratorsEverything — cameras, storage, users, roles, licensing, updates.

The built-in roles cover most sites. Give each person their own account with the least role that does their job — shared logins defeat the audit trail.

Custom roles

When the built-ins don't fit, create a custom role on the Roles page. A custom role is built from the permission matrix — a catalog of fine-grained permissions (view cameras, manage recording, export clips, manage storage, apply updates, and so on) that you toggle individually.

Examples:

  • A "Reviewer" who can search events and export clips but never sees live video.
  • A "Camera tech" who can manage cameras and view health, but touch nothing else.

Per-camera scoping

A role can be limited to specific cameras: a user with a camera-scoped role sees and operates only those cameras — in the live grid, playback, events, everywhere. Use it for tenants in a shared building, or contractors who should only see the areas they service.

If a user holds several roles, their access is the union — the broadest grant wins per camera.

The audit log

Every significant action — logins, camera changes, alarm handling, exports, settings changes, updates — is appended to the audit log, viewable on the Audit page with filters by user, action, and time.

The log is append-only and hash-chained: each entry is cryptographically linked to the previous one, so an entry cannot be altered or deleted without breaking the chain.

Verifying integrity

The Audit page includes a verify action that walks the chain and confirms it is intact. Run it when the log will be relied on as evidence — a clean verification demonstrates the trail has not been tampered with since it was written.

Audit history is a compliance asset. Pair it with individual accounts (no shared logins) and the log answers "who did what, when" for any incident review.

Practical setup for a typical site

  1. Keep one admin account for yourself (and a second admin as backup).
  2. Create an operator account per control-room member.
  3. Create viewer accounts for anyone who only needs to watch.
  4. Reach for custom roles and camera scoping only when a real need appears — fewer roles are easier to reason about.

On this page