0

Knowledgebase

  Categories

10
Communicators
 11
CyberAudit Management Software
 544
CyberAuditWeb 9.8 Help
 15
CyberKey Smart Keys
 6
CyberLock
 6
Cyberlock Cylinders
 4
CyberPoint Checkpoints
 3
Door Controller & I/O Module
 2
FlashLock
 4
Flex System Input & Output Modules
 1
Glossary
 3
Security Center Video Phone

  Categories

  Tag Cloud

Access-a-CyberLock Adding People Adding_People assign-a-key Bluetooth Communicators CyberKey Cyberlink Flex Flex_System How-to How-to-setup-a-cyberkey key maintenance open-a-cyberlock Portable_Link Removing People Setup Update Cyberkey Update key Update-Cyberkey USB Using_the_People_List Validikey Web_Authorizer

  Support

  My Support Tickets   Announcements   Knowledgebase   Downloads   Network Status   Open Ticket

Implications of Using Rolling Access codes

Print
  • 0
..//assets/img/kb/accessCode.png Implications of Using Rolling Access Codes

Rolling Access codes adds automation to change access codes for selected CyberLocks on an ongoing, periodic basis. Each time the access code "rolls", all affected CyberLocks must be programmed and CyberKeys updated before the end of a grace period. Failure to do so may prevent some CyberKeys from opening CyberLocks until the updating is complete.

What CyberAudit-Web does

  • On systems with 3300 or fewer locks and one common access code, all CyberKeys are programmed with instructions to program all CyberLocks with the same rolling access code. If the key does not have access permissions to the lock , it will still program the lock and emit three beeps like a CyberLock Programmer.
  • Lost keys with disable points will be added to the lost key list in all locks. If the lost key is past its expiration when the access code is rolled, the key will be removed from the list of disabling points because the disabling points are no longer needed.
  • CyberAudit-Web will not generate a new rolling access code until all CyberLock change icons are clear for the locks using that access code.
  • There is an effort to make as many keys as possible program the locks needing updates. This is done by:
    1. Excluding locks with delay or multi-key settings from being automatically programmed by user keys
    2. Un-assigning disabling points for expired lost keys
    3. Adding the remaining lost key IDs to all locks to be programmed with the access code to make a common list.
  • All subsystems will be set preferences to Allow User Keys to Program Locks and all keys will be set to the Recompute Daily lock programming mode.
  • When the system automatically rolls access codes, all affected CyberLocks and CyberKeys will get change icons. CyberKeys will continue to get change icons as lock programming is confirmed. After the last lock is confirmed, keys must be programmed one additional time to clear their change icons.

Cautions and exceptions about using rolling access codes:

  • When using rolling access codes, the only way to recover a system is from a recent backup. Daily, off site, database backups are essential to ensure the system can be recovered. Without a recent backup there may be no way to recover the re-programmed locks.
  • Lock Subsystem codes cannot be rolling codes - As such, any lock assigned a rolling access code will automatically get its subsystem code cleared. All locks with Subsystem Codes must be reset prior to programming to enable the rolling code changes to occur.
  • Set workable times to complete rolling code changes - The completion of a rolling code change means:
    1. Updating CyberKeys with the new lock configuration.
    2. A CyberKey with the updated configuration must program each lock with the new code.
    3. The CyberKeys must be downloaded to clear the change icons on the locks.
    4. After all lock change icons are updated, all CyberKeys must be updated via a communicator so they will open the lock with the new access code. Locks will no longer open using the old lock access code the day after the access code expiration grace is over.
    It is important to allow enough time to complete all of the steps above within the grace period. If there are locks in the list that may not be updated in-time, plans should be made to go to those locks to update them. An email notification may be used to notify of locks yet to be programmed some number of days prior to the end of the grace period. Frequent key expiration and renewal helps ensure keys have the latest lock access information.
  • Administrators of systems with more than 3300 CyberLocks should contact their support reseller to discuss the best way to use this feature. Options include using different access codes in different locks or the Locklist Expansion SEM.
  • CyberAudit-Web will not automatically load programming instructions for locks with multi-key or delay settings. These locks must be programmed either by using a programming job or by setting the locks to program in the individual CyberKey settings.
  • User keys are limited to programming a group of locks that have the same current access code plus the same new access code(s). If some relatively small number of locks (i.e. 3 locks) are changed to use an access code that has rolled two or more times, and there is lock programming already in-progress for more than 3 locks, it is unlikely the new locks will be added to the list to program until or unless:
    1. The newly added locks represent the majority of locks in a key's lock list
      2. or
    2. The number of locks left to program in the larger group is reduced to a smaller number than the new group
    In these cases, an administrator may need to program these locks with a programming job or manually designate the key(s) that are to program those newly added locks.
  • Systems with differing secondary access codes may require special handling. The most certain way to manage these locks is via a programming job using a CyberLock Programmer or Grand Master. As an alternative, the CyberAudit-Web administrator may manually designate the keys that will program a certain set of locks.

    Where there is more than one access code that requires updating, CyberAudit-Web selects the locks to program as follows:
    1. The first priority is on locks the key has access to via its lock list or via its master key access code.
    2. If there are still multiple access codes in the accessible locks, it finds the access code(s) with the earliest date where the previous access code expires. Then among those, select the largest group of locks that require programming.
  • Adding lost key disable points or changing multi-key or delay settings on a CyberLock with a pending update for a rolling access code will supersede the rolling access code process for the affected CyberLock(s). In this case, the lock(s) should be programmed with a programming job immediately after updating the lock settings and dock the programming key to clear the change icon(s).
  • Loading all locks into all keys impacts the amount of storage used in caching communicators. This will most affect Flex system storage. CyberAudit-Web deployments with Flex System hubs should set the following CyberAuditWeb.properties file setting:

    #(OPTIONAL default=45)
    #flexhub will ignore input from modules while uploading people records for the time provided.
    #the value of zero indicates that module input will not be ignored during the loading of people records.
    flex.suspend.modules.when.uploading=45

    Communicators such as Web Authorizers and Vault 20S have much more storage for key records so will not normally be affected. It also may somewhat increase traffic on the network. This will normally only have any noticeable affect on limited bandwidth networks such as a 64K GPRS modem.
  • Foreign locks cannot use rolling access codes.
  • A master key will be configured to program locks only if it's master access code is a rolling access code.
  • Only new access codes may be designated as rolling. Once an access codes is changed to static ("non rolling") it cannot be changed back to rolling. To get a rolling code, a new code must be created.
  • Grand Master CyberKeys and Subsystem Master Keys will no longer open CyberLocks because the lock Subsystem Code is no longer present.
  • A subsystem code will not normally be assigned to locks with rolling access codes. As such, the functionality of subsystem keys will be limited. Specifically, Grand Masters and subsystem masters will not open locks and reset keys will not reset locks with no subsystem code.

Additional Topics:
Steps to transition CyberLocks with a subsystem code to rolling access
Starting a new system with rolling code

Was this answer helpful?

Related Articles

Rolling Access Codes ... Transition Guide ...
« Back