# JaniAccess – Access Control Basics

[![JaniAccess_Access_Control_Explained_Simply_compressed.jpg](https://manual.drakos.de/uploads/images/gallery/2026-07/scaled-1680-/janiaccess-access-control-explained-simply-compressed.jpg)](https://manual.drakos.de/uploads/images/gallery/2026-07/janiaccess-access-control-explained-simply-compressed.jpg)

JaniAccess access control is based on a simple principle:

> **Who is allowed to access which areas and when?**

Every access permission consists of these three components, which are linked together to determine whether access is granted.

---

# 1. Who? – Persons and Person Groups

The **Persons** menu defines **who** is allowed to access the system.

Individual users are created and managed in the **Persons** menu. To simplify administration, persons can be organized into **Person Groups** based on common characteristics such as department, location, role, or employment type.

**Examples of person groups:**

- Production Employees
- Office Staff
- External Contractors
- Cleaning Staff

Using person groups significantly reduces the effort required to manage access permissions.

---

# 2. Where? – Devices and Device Groups

The **Devices** menu defines **where** access is granted.

Each controlled access point (e.g. doors, gates or turnstiles) is configured as a device. Multiple devices can be combined into **Device Groups** to simplify permission management.

**Examples of device groups:**

- Main Building
- Production Area
- Administration
- Warehouse
- Outdoor Areas

Assigning permissions to device groups allows multiple access points to be managed with a single configuration.

---

# 3. When? – Time Models

The **Time Models** menu defines **when** access is permitted.

A time model specifies the days and times during which access is allowed.

**Examples:**

- Monday – Friday: 00:00 – 24:00
- Monday – Friday: 08:00 – 17:00
- Weekends
- Night Shift
- Holiday Schedule

Time models can be combined with any person, person group, device, or device group.

---

# 4. Assigning Permissions

The **Permissions** menu links the three building blocks **Who**, **Where**, and **When**.

Permissions can be assigned in two different ways.

## <span role="text">Option 1: Assign Permissions to Individual Persons *(Not Recommended)*</span>

Permissions can be assigned directly to a single person by linking a device or device group with a time model.

**Example:**

John Smith → Main Entrance → Monday–Friday 08:00–17:00

This approach is suitable only for exceptional cases. As the number of individually assigned permissions grows, administration becomes increasingly complex and difficult to maintain.

---

## <span role="text">Option 2: Assign Permissions to Person Groups *(Recommended)*</span>

The recommended approach is to assign permissions to **Person Groups**.

In this case, a person group is linked to a device or device group together with a time model.

Every person who belongs to that group automatically inherits the assigned permissions.

**Example:**

Person Group **Office Staff**  
→ Device Group **Administration Building**  
→ Time Model **Monday–Friday 08:00–17:00**

All members of the *Office Staff* group automatically receive these access rights.

This approach keeps the access control system structured, scalable, and easy to maintain.

---

# Summary

Every access permission is created using the same principle:

<div class="TyagGW_tableContainer" id="bkmrk-building-block-menu-"><div class="group TyagGW_tableWrapper flex flex-col-reverse w-fit" tabindex="-1"><table class="w-fit min-w-(--thread-content-width)" data-end="3428" data-start="3052"><thead data-end="3087" data-start="3052"><tr data-end="3087" data-start="3052"><th class="last:pe-10" data-col-size="sm" data-end="3069" data-start="3052">Building Block</th><th class="last:pe-10" data-col-size="sm" data-end="3076" data-start="3069">Menu</th><th class="last:pe-10" data-col-size="md" data-end="3087" data-start="3076">Purpose</th></tr></thead><tbody data-end="3428" data-start="3124"><tr data-end="3186" data-start="3124"><td data-col-size="sm" data-end="3134" data-start="3124">**Who**</td><td data-col-size="sm" data-end="3160" data-start="3134">Persons / Person Groups</td><td data-col-size="md" data-end="3186" data-start="3160">Who is allowed access?</td></tr><tr data-end="3266" data-start="3187"><td data-col-size="sm" data-end="3199" data-start="3187">**Where**</td><td data-col-size="sm" data-end="3225" data-start="3199">Devices / Device Groups</td><td data-col-size="md" data-end="3266" data-start="3225">Which doors or areas can be accessed?</td></tr><tr data-end="3333" data-start="3267"><td data-col-size="sm" data-end="3278" data-start="3267">**When**</td><td data-col-size="sm" data-end="3292" data-start="3278">Time Models</td><td data-col-size="md" data-end="3333" data-start="3292">During which times is access allowed?</td></tr><tr data-end="3428" data-start="3334"><td data-col-size="sm" data-end="3348" data-start="3334">**Linking**</td><td data-col-size="sm" data-end="3362" data-start="3348">Permissions</td><td data-col-size="md" data-end="3428" data-start="3362">Combines *Who*, *Where*, and *When* into an access permission.</td></tr></tbody></table>

</div></div>> **Best Practice:** Whenever possible, assign permissions to **Person Groups** instead of individual persons and use **Device Groups** together with **Time Models**. This approach keeps the access control configuration organized, scalable, and easy to manage, even in large installations.