Authentication and user management
SmartFace Station supports user management and authentication using the Keycloak user management and authentication server.
Detailed guide how to configure SmartFace with KeyCloak is available here
There are 3 main scopes which are recognized in SmartFace Station: Access, Investigation and Security, with 3 granular levels each - Operator, Supervisor and Administrator. So in total, there is a group of 9 roles which can be assigned to user
| Scope / Level | Admin | Supervisor | Operator |
|---|---|---|---|
| Access | access_admin | access_supervisor | access_operator |
| Investigation | investigation_admin | investigation_supervisor | investigation_operator |
| Security | security_admin | security_supervisor | security_operator |
How to setup
The file .env.sfstation in located in the same folder as the main docker-compose.yml. There is a section in this file that allows you to configure what role is to be used in the SmartFace Station. This allows you to focus on the functionality related to the role and to hide functionality that should not be related to the role of the user.
The section of the file .env.sfstation is listed below:
# Optional roles are used for locking specified part of frontend for given roles
# Claim name is "Group mapper name" specified in Keycloak or "cognito:groups" in Cognito
# ROLES_CLAIM_NAME=sf_roles
# ROLE_KEY_ADMIN=/admin
# ROLE_KEY_SECURITY_SUPERVISOR=/security_supervisor
# ROLE_KEY_SECURITY_OPERATOR=/security_operator
# ROLE_KEY_ACCESS_SUPERVISOR=/access_supervisor
# ROLE_KEY_ACCESS_OPERATOR=/access_operator
# ROLE_KEY_INVESTIGATION_SUPERVISOR=/investigation_supervisor
# ROLE_KEY_INVESTIGATION_OPERATOR=/investigation_operator
# ROLE_KEY_SECURITY_ADMIN=/security_admin
# ROLE_KEY_ACCESS_ADMIN=/access_admin
# ROLE_KEY_INVESTIGATION_ADMIN=/investigation_admin
# FORCED_ROLE_NAME_0=/admin
By adjusting the line #14 you can adjust the role to be used. So to change the role to access operator instead of the admin role, you can set the line #14 as this:
FORCED_ROLE_NAME_0=/access_supervisor
Please do not forget to remove the # symbol as only then is the new configuration applied. Once the role is applied please save the configuration file and restart the SmartFace Station docker container. It easiest way to achieve this is to run the commands below in the same folder as is the docker-compose.yml file.
docker-compose stop;docker-compose down;docker-compose up -d
SmartFace Station roles
The default role is the admin (administrator) of the whole SmartFace Station - can see/change everything. There are 3 specific roles Access, Investigation and Security with 3 levels each - Operator, Supervisor and Administrator.
Access
Starting page at http://localhost:8000/access-control
| Access Admin | Access Supervisor | Access Operator | |
|---|---|---|---|
| Security Dashboard | ❌ | ❌ | ❌ |
| Security Dashboard Camera Preview Setting | ❌ | ❌ | ❌ |
| Security Dashboard Recent Events Settings | ❌ | ❌ | ❌ |
| Security Dashboard Notification Detail | ❌ | ❌ | ❌ |
| Investigation Dashboard | ❌ | ❌ | ❌ |
| History | ❌ | ❌ | ❌ |
| History - Notification Detail | ❌ | ❌ | ❌ |
| Access Dashboard | ✅ | ✅ | ✅ |
| Watchlist | ✅ | ✅ | ❌ |
| Configuration | ✅ | ✅ | ✅ |
| Configuration SmartFace Station section | ✅ | ✅ | ✅ |
| Configuration SmartFace Camera section | ✅ | ❌ | ❌ |
| Configuration SmartFace Platform section | ✅ | ❌ | ❌ |
Investigation
Starting page at http://localhost:8000/investigation
| Access Admin | Access Supervisor | Access Operator | |
|---|---|---|---|
| Security Dashboard | ❌ | ❌ | ❌ |
| Security Dashboard Camera Preview Setting | ❌ | ❌ | ❌ |
| Security Dashboard Recent Events Settings | ❌ | ❌ | ❌ |
| Security Dashboard Notification Detail | ❌ | ❌ | ❌ |
| Investigation Dashboard | ✅ | ✅ | ✅ |
| History | ✅ | ✅ | ✅ |
| History - Notification Detail | ✅ | ✅ | ✅ |
| Access Dashboard | ❌ | ❌ | ❌ |
| Watchlist | ✅ | ✅ | ❌ |
| Configuration | ✅ | ✅ | ✅ |
| Configuration SmartFace Station section | ✅ | ✅ | ✅ |
| Configuration SmartFace Camera section | ❌ | ❌ | ❌ |
| Configuration SmartFace Platform section | ✅ | ❌ | ❌ |
Security
Starting page at http://localhost:8000/security
| Access Admin | Access Supervisor | Access Operator | |
|---|---|---|---|
| Security Dashboard | ✅ | ✅ | ✅ |
| Security Dashboard Camera Preview Setting | ✅ | ✅ | ✅ |
| Security Dashboard Recent Events Settings | ✅ | ✅ | ✅ |
| Security Dashboard Notification Detail | ✅ | ✅ | ✅ |
| Investigation Dashboard | ❌ | ❌ | ❌ |
| History | ✅ | ✅ | ❌ |
| History - Notification Detail | ✅ | ✅ | ❌ |
| Access Dashboard | ❌ | ❌ | ❌ |
| Watchlist | ✅ | ✅ | ❌ |
| Configuration | ✅ | ✅ | ✅ |
| Configuration SmartFace Station section | ✅ | ✅ | ✅ |
| Configuration SmartFace Camera section | ✅ | ❌ | ❌ |
| Configuration SmartFace Platform section | ✅ | ❌ | ❌ |