Access Control¶
The Access Control module integrates CautaReside with the physical access systems at your facility — gate barriers, pedestrian turnstiles, lift floor-locks, lobby doors. When a resident's status changes (moves out, suspended for non-payment, lease ends), their physical access updates automatically.
What residents see¶
Residents have an Access tab if your facility uses access control:
- My credentials — RFID cards, keypad codes, or biometric enrolments tied to their account.
- Last access — most recent gate / lift / door event.
- My household — credentials for family members or domestic staff registered to their unit.
- Request a card / code — for new household members.
- Report a lost card — immediately revokes; system issues a replacement workflow.
What facility admins do¶
Connect a hardware integration¶
Settings → Access Control → Integrations:
CautaReside supports common access-control vendors via webhook integrations (your CautaReside operator can confirm which ones — current first-class integrations: ZKTeco, Hikvision, Dahua). Additional vendors can be added per facility on operator request.
Each integration is configured with: - Vendor + product - Endpoint URL (the local controller's IP, or a cloud relay endpoint) - Authentication credentials - Sync frequency
Once connected, CautaReside syncs: - New residents → enrolled with credentials - Suspended residents → access revoked - Move-outs → credentials disabled on the lease end date - Visitor passes → temporary credentials for the visit window
Issue credentials¶
Access Control → Issue Credential: - Pick the resident - Pick the credential type (RFID card, PIN, fingerprint) - For RFID: scan the card to register the UID - For PIN: system generates a secure random PIN - For fingerprint: enroll at the facility's enrolment terminal - Set expiry (typical: aligns with lease end + 30 days)
The credential immediately provisions on the access controllers.
Revoke / replace¶
For lost cards or terminated tenancies: - Revoke → controller stops accepting that credential within seconds - Replace → revokes old + issues new in one step
Visitor credentials¶
When a visitor pass is issued (Visitors module), the system can optionally issue them a temporary access credential: - One-time PIN, valid for the visit window - Or temporary RFID card (collected at the gate)
This avoids the guard manually buzzing every visitor in.
Reports + dashboard¶
Access Control → Reports: - Access events — who entered/exited where, when - Failed attempts — declined credentials (revoked card used, wrong PIN, after-hours attempt) - Tail-gating events — multiple entries in quick succession through one credential (suggests credential sharing or piggy-backing) - After-hours access — entries outside permitted hours
A Dashboard tab sits alongside Reports with KPI tiles + charts for the current period: devices online vs offline, scan events per hour, top entry points, denials per category. Same period selector pattern as other module dashboards.
IP allowlist (admin access restriction)¶
For facilities that want to lock down which networks can reach the CautaReside admin surface (separate from the device + credential flows), Settings → Access Control → Admin IP allowlist lets mgmt pin the admin login + dashboard to a set of allowed public IPs / CIDR ranges. Useful when the facility office sits behind a fixed-IP business connection and you want to refuse admin sessions from arbitrary networks.
- Empty list = no restriction (any IP can attempt login, subject to the normal credential + 2FA gates).
- Populated list = only the listed IPs / CIDRs can reach the admin endpoints; all others get an opaque 403.
- A facility default allowlist is also available — operator- level — that applies across new facilities until they configure their own list.
Compliance¶
- GDPR / Ghana Data Protection Act — biometric data is encrypted at rest and accessible only to your designated DPO.
- Retention — access events default to 12 months, configurable in Settings → Access Control → Data Retention.
- Audit — every credential issue / revoke is logged with who, what, when.
Common workflows¶
Move-in¶
- Resident's lease starts in CautaReside.
- Issue credentials in the Access Control module.
- Resident receives card / PIN at handover.
- System auto-tests: verify card registers an entry on first use.
Move-out¶
- Lease end date reached (or move-out workflow completed).
- Credentials auto-disable on the configured cutoff (default: lease end + 7 days for grace).
- Cards collected at handover; the system flags any that weren't returned for follow-up.
Suspension for arrears¶
If a resident's account goes 60+ days past due (configurable): - Credentials are not revoked automatically (legal risk). - A warning is logged + management notified. - Manager can choose: keep access, restrict to certain doors only (e.g. resident can enter their unit but not the gym), or revoke.
The exact policy is set per facility — talk to your CautaReside operator about your jurisdiction's legal constraints.
Tips¶
- Test integrations regularly — controllers occasionally lose network connectivity to CautaReside. Schedule a monthly verify to ensure sync is current.
- One credential per person, even within a household — when there's a security incident, you want to know exactly who entered.
- Don't share PINs — even between spouses. Issue both spouses their own PIN. The audit log only tells you who's PIN was used, not who used it.
- Lose-card workflow > deactivation — if the resident reports a lost card, revoke immediately even if you suspect it's misplaced rather than stolen. Re-issue on recovery is easy.
- Access events feed your security incident reviews — if there's a break-in or theft, the access logs from that day are your first point of investigation.
Process flows¶
End-to-end procedures the security / mgmt team runs day-to-day. Steps are anchored to the actual UI labels.
Grant a user gate access¶
New resident moves in, or staff member is hired.
- Access Control → Users → + Grant access.
- Pick the user from the facility-user dropdown (residents and staff are both eligible).
- Pick which gates the user may transit — tick all that apply (most residents need only the main gate; staff often need service + main).
- Pick a credential method:
- PIN — system generates a 6-digit code; user receives it by email + SMS.
- RFID — physical card; mgmt scans the card at the desk to bind it to the user.
- Mobile — push-based unlock, requires the resident app installed.
- Set an auto-revoke date if the access is temporary (lease end-date, contract expiry).
- Save → access is live within ~15 seconds at every selected gate.
Revoke gate access (offboarding)¶
Resident moves out, or staff member is terminated.
- Access Control → Users → search for the person.
- Tap the row → Revoke.
- Pick a reason (Move-out / Termination / Lost credential / Other) — drives the audit trail and any optional automatic actions (notify HR, etc.).
- Confirm. The credential is invalidated immediately; subsequent attempts log as Denied — revoked.
- If the revocation is temporary (e.g. resident on holiday), use Suspend instead — preserves the credential for future reactivation.
Audit who has access to a specific gate¶
Periodic security review, or a board / HOA request.
- Access Control → Gates → pick the gate.
- The right-hand panel lists every active credential for that gate, the user it's bound to, and the last-used timestamp.
- Use Filters to narrow by role (residents only / staff only) or by last-used (≥ 30 days idle is a candidate for review).
- Export CSV for the board / HOA write-up.
- Spot-revoke any stale credentials directly from this view.