Introduction
Guardian Live provides a significant amount of information relating to the use of Guardian within a business. It provides information about individual Guardian systems (their performance, events that have been detected, and system health for example) as well as information about the people who interact with it (either receiving FIP calls, receiving reports or viewing the data that Guardian Live generates). As the data is ‘sensitive’ access needs to be considered within the context of a Data Privacy environment.
Your experience in Guardian Live will depend on the type of user you are. Guardian Live has been designed to provide access based on the business needs of the user. The need can be as simple as being a user who only needs to receive a phone call for a confirmed fatigue event, through to a user who is able to create and manage other users.
The different levels of access allow us to empower our Clients and Distributors to perform functions within a Data Privacy environment. The amount of information that a user can access or managed is a matrix, with the combination of Scope and Grant creating the amount of data privacy ‘risk’ that the user will pose to the business. An ‘Administrative’ user will be able to determine the Scope and Grants for users within their Scope.
Scope
To first define a user, a ‘Scope’ must be provided. The hierarchy of ‘Scope’ can be thought of as an ‘Onion’ where the Service Provider can see all Accounts (and their associated Fleets) and Accounts can see all their fleets. A Fleet user cannot see other fleets within their Account or Service Provider. Similarly, an Account user cannot see other Accounts within their Service Provider. Finally, a Service Provider cannot see other Service Providers (or Accounts and Fleets within them).
A single Guardian system must be allocated to a ‘Fleet’. For a Fleet to be created, it must be allocated to an Account and in turn allocated to a Service Provider within a ‘Host’ environment.
The following table describes the ‘scopes’ that exist within Guardian Live.
| Scope | Description |
|---|---|
| Fleet | A Fleet allows one or more Guardian systems to be ‘grouped’ together. Fleet attributes are based on a single geographic location and time zone and all systems within that Fleet will share the same information. For example, if a vehicle is allocated to a Fleet that is based in Adelaide, all activity for that vehicle (regardless of where it is traveling) will be reported in Australian Central Standard Time.
Users with this scope will only have permission to view (or manage depending upon their Grant) information within that Fleet. They only will be able to see the name of the Account and Service Provider under which the Fleet exists. Data Privacy Risk – Low |
| Account | Accounts are not limited to a geographical area and can be created without a Fleet, but not without a Service Provider. There are no limits to the number of Fleets that can be allocated within an Account.
Users with this scope will be able to see (or manage depending upon their grant) information for Fleets allocated to that Account. Care needs to be taken when approving ‘Administrators’ for Accounts as it is possible to share information that may result in a data breach where Fleets are separate entities where information, or access to that information, should not be shared. Data Privacy Risk – Medium |
| Service Provider | A Service Provider is usually a Distributor of Guardian. Only the Host can create new Service Providers. This will usually be done once there is a contractual agreement between the two parties.
Users with this level of access will be able to see (and manage depending on their grant) information for all Accounts and Fleets allocated to them. Care needs to be taken when approving ‘Administrators’ for Service Providers as it is possible to share information that may result in a data breach. Specifically, where Accounts are separate entities where information, or access to that information, should not be shared. Data Privacy Risk – High |
| Host | Seeing Machines is the only entity able to create Hosts. These will usually be done for stand-alone Guardian Live environments where special contracts have been signed. Once created, Seeing Machines will not be able to view another Hosts information.
Users with this level of access will be able to see (and manage depending on their grant) information for all Service Providers, Accounts, and Fleets within that environment. Data Privacy Risk – High |
A visual example of Scope
When you are logged in, your Scope will be visible at the top (Title Bar) of your Guardian Live dashboard.
Primary Grants and Guest Grants
There may be occasions where there is a requirement for a User to have access to more than one Fleet (but not all Fleets) in an Account or Fleet/Accounts from a different Service Provider. For example, an Installation Certified Technician needs to work on vehicles from different Accounts or Fleets.
A ‘Guest’ Grant will allow this to occur.
Only one Grant is in use at any time. The User will need to switch from their Primary Grant to their Guest to access the alternate information. Switching Grants occurs using the User Profile icon.
Note – Having a Guest Grant does not mean that the User will be able to generate reports that include the information for the Guest Fleets or Accounts.
Data Risk
The following risk matrix may assist in understanding the risk associated with a User’s Scope and Grant:
Notes:
- A technician who can download Extended Data Recording data using WINSCP is considered a risk due to the nature of the data.
- A Standard and Elevated users risk depend on if the ability to view video has been granted.
