Skip to main content

Go Search
Standards Actions & Public Review Drafts > Review Comments > Access Control Object Reference Inconsistencies  

Review Comments: Access Control Object Reference Inconsistencies

Document Title

BSR/ASHRAE Addendum j to ANSI/ASHRAE Standard 135-2004, BACnet-A Data Communication Protocol for Building Automation and Control Networks (Third Public Review Draft) 


Access Control Object Reference Inconsistencies 

Comment Number


Comment Type


Commenter Number


Component Identifier


Component Type


Date Submitted

5/5/2008 5:23 AM 



Comment Text

Cross-Reference Listing of Access Control related Object Types:


Access Point is referenced in:

  • AccessZone.EntryPoints
  • AccessZone.ExitPoints
  • AccessRights.NegativeAccessRules.Location*
  • AccessRights.PositiveAccessRules.Location*

Access Zone is referenced in:

  • AccessPoint.ZoneTo
  • AccessPoint.ZoneFrom
  • AccessRights.NegativeAccessRules.Location*
  • AccessRights.PositiveAccessRules.Location*

Access User is referenced in:

  • AccessUser.Members
  • AccessUser.Member_Of
  • AccessCredential.BelongsTo
  • AccessRights.Accompanied*

Access Rights is referenced in:

  • AccessRights.Accompanied*
  • AccessCredential.AssignedAccessRights.AssignedAccessRights*

Access Credential is referenced in:

  • AccessPoint.AccessEvent*
  • AccessZone.CredentialsInZone*
  • AccessZone.LastCredentialAdded*
  • AccessZone.LastCredentialRemoved*
  • AccessUser.Credentials
  • AccessRights.Accompanied*

Additional possible cross-device references (for consistency with Location):

  • AccessRights.NegativeAccessRules.TimeRange*
  • AccessRights.PositiveAccessRules.TimeRange*


* Referenced by BACnetObjectIdentifier


Analyzing the above cross-references table it highlights some limitations. The Access Authentication & Authorization process can only run on a Device having all its elements locally: Access Point objects, Access Credential objects, Access Rights objects, Access Zone objects and Access User objects (see

  • AccessRights.NegativeAccessRules.Location,
  • ccessRights.PositiveAccessRules.Location,
  • AccessRights.Accompanied, etc.).


In some cases remote relations are used:

  • The device has limited capacity and needs to do some data access remotely, having only the recent most used data locally (Cache)
  • The device has some object types remotely stored (e.g. Access User)
  • Global Anti-Passback when the devices have no peer-to-peer communication in pure Client-Server systems
  • Etc.


But in other properties, these same object types can be reached using DeviceObjectReference meaning that the object can be located on the same device or also on another device. This could be the case for

  • AccessUser and AccessZone
    with the following limitation: an AccessUser or an AccessZone involved by the Authentication & Authorization process shall be accessible locally. Note: this applies especially to Access Zones pointed by any ZoneTo and ZoneFrom when Anti-Passback and/or Zone Counting are involved (see
    • AccessZone.CredentialInZone,
    • AccessZone.LastCredentialAdded,
    • AccessZone.LastCredentialRemoved).


The other cross-device issue is the maintenance of the lists, e.g.

  • AccessUser.Members
  • AccessUser:Member_Of

e.g. an Access_User object refers to another device Access User object.

Substantiating Statements_0




Comment Approval Date


Comment Status

Replied To - Resolved 


Siemens Building Technologies 

Last Action


Last Action Request Further Contact


Last Action Type

New Comment 

Response Status


Review Period


Start Date


End Date






Assigned Responder/SC/WG


Committee Response


Reply Status


Commenter Reply

OK - Resolved 

Late Comment


ANSI Comment


Committee Title


Draft Comment


Committee Tag


Response Sent


Substantiating Statements

The easiest solution is to make all objects local and let the synchronization, if any required, be a local matter.


Another solution could be making all objects remote and omit the device reference, when needed. The empty or not empty device-reference will be a local matter.

Content Type: Review Comment
Created at 5/5/2008 5:23 AM  by 
Last modified at 6/19/2011 12:07 AM  by oldtownit