Restrict Access for Access Control
Restricted Access allows users to temporarily prevent access on specified plans when the panel is in the Armed state. This can be used to prevent access to the property by users who may not be able to disarm the security panel.
Requirements
- The account must have Access Control and a security panel
- Double swipes must be reliable on at least one external reader
Note: This is required for local override.
How does Restricted Access work?
When enabled on an account, Restricted Access allows users to designate plans that will only work when the security panel is disarmed. When the security panel is armed, access on participating plans will be denied until the panel is disarmed by any means.
Restricted Access can be disabled on the account at any time, and individual plans can be set to ignore the Restricted Access setting if needed. By default, all generic All Access Plans will ignore Restricted Access to ensure that some users can gain access or override Restricted Access locally if needed.
How to enable or disable Restricted Access:
- Log into the Alarm.com customer website.
- Click Settings.
- Click Restricted Access Settings.
- Click the Enable Restricted Access toggle switch to enable or disable the feature.
- Click Save.
Manage Restricted Access for Access Plans
To enable or disable Restricted Access on a specific plan:
- Log into the Alarm.com customer website.
- Click User Access.
- Click Edit next to the desired plan.
- Click Schedule.
- Select whether the plan only works when the panel is disarmed or if it works when the panel is both armed and disarmed.
- Click Save.
Note: When Restricted Access is first enabled on an account, the Restricted Access parameter will be applied to all plans on the account with the exception of an existing All Access plan. Additionally, any true All Access plans cannot be restricted using Restricted Access.
How to create a rule to override Restricted Access locally
Restricted Access will always pause when the security panel is disarmed, but if you need a way to override it locally when the controller is offline, you will need an Automation Rule to allow this. Without a rule you may not be able to disable restricted access at the reader if the controller is offline.
By default, a rule will be created to allow all users on an All Access Plan to override restricted access when the controller is offline by double swiping at any door. If this rule is ever deleted or you wish to remove it and replace it with a rule specifying specific doors, you can use the following steps.
- Log into the Alarm.com customer website.
- Click Automation.
- Click Add New Rule, then click New Rules Builder.
- Enter a name for the rule.
- Click When.
- Select Door, then click Next.
- In Door, select the desired door the rule will apply to or select Any doors.
- In Select Status, select Door Accessed with Double Swipe.
Note: This is the only option that is allowed for use with Restricted Access. - Click Done.
- Click Then.
- Click Restricted Access, then click Next.
- Select whether the rule is to exit or enter Restricted Access when offline, then click Done.
Note: This will be used to exit Restricted Access in almost all cases. - Click
. - Select At all times to have the rule run at all times, or select Only during the following times to select the desired time frame.
Note: It is recommended to have this rule run at all times. - Click Done.
- Click Save.
Additional considerations
- Only users within a generic All Access Plan can trigger these rules.
- Any Restricted Access rule will be sent to every controller on the account
- The rule itself will only work if the controller is offline. However, the All Access plan will still allow access.
Restricted Access for locations
Restricted Access can be enabled at the Single System, Subgroup, or Parent Group to allow users to limit Access Plans at their respective levels.
Important: Restricted Access must be enabled on at least one location to function at the Enterprise level.
When Restricted Access is activated for a location, only those with authorized credentials can access selected doors when a location's panel is armed. Access can be assigned to those who can disarm the panel, preventing unintentional alerts and access plans can be adjusted to remain active only when the panel is disarmed.
Note: Restricted Access can be used with Access Control doors and it cannot be used with Z-Wave locks.
To enable Restricted Access for a single system or group:
- Log into the Alarm.com customer website.
- Use the dropdown menu to select the desired single system or group.
Note: Enterprise groups have
next to the Enterprise name, whereas locations will have 
for commercial accounts or 
for residential accounts next to the location name. - Click Settings.
- Click Restricted Access.
Set up a notification for Restricted Access failure
You can create a notification to warn a user(s) if the system failed to change in/out of Restricted Access mode due to the controller being offline.
To set up a Access Control Rule Failed notification:
- Log into the Alarm.com customer website.
- Click Notifications.
- Click New Notification.
- Click Business.
- Click Access Control Rule Failed.
- Select the desired timeframe and recipients.
- Click Save.
Frequently Asked Questions
Will Restricted Access work if the controller is offline?
If a controller on an Account with Restricted Access goes offline, the controller is expected to stay in whatever mode it was in before going offline.
Note: If using the Alarm.com reader, the reader will flash amber if the controller is offline and in Restricted Access mode.
Can I change the Restricted Access mode when the controller is offline?
Yes. The operating mode can be temporarily changed when the controller is offline by doing one of the following:
- Use the Restricted Access override Automation Rule
- Power Cycle the controller
What happens when an offline controller comes back online when Restricted Access is on the account?
When a participating controller comes back online, it will check the panel status to determine whether it should be restricted or not. If the panel is armed, the controller will go into Restricted Mode regardless of whether it was overridden when offline. If the panel is disarmed, the controller will not be in restricted mode after reconnecting.
Are there any other options user or input type options for the override rule?
No. The only users allowed to override will be those users included on the generic All Access Plan.
The input is limited to double swipe to prevent unwanted overrides and to ensure the least amount of overlap with other rule options.
What if I do not have a generic All Access Plan?
Currently, all new Access Control systems should have a generic All Access Plan created by default. If that plan was deleted or the system predates the auto-creation, the generic All Access Plan can be recreated using the following steps:
- Log into the Alarm.com customer website.
- Click User Access.
- Click Actions.
- Click Add All Access Plan.
Is Restricted Access incompatible with any other Access Control Features?
Yes. Restricted Access is currently incompatible with dual-access mode.
How does Restricted Access interact with Enterprise?
Restricted Access is fully supported on Enterprise. However, there are a few things to note:
- Restricted Access must be enabled on the group level in order for any Enterprise-level Access Plans to be affected. If there are no individual systems with the feature currently enabled, you will not see the option on the Enterprise level.
- Restricted Access on the Enterprise level will only apply to doors on controllers that are configured for Restricted Access on the single system level. This means that if an Enterprise Access Plan contains doors from multiple single systems, only the doors subject to Restricted Access at the single system level will participate on the Enterprise level. The other doors will not be restricted.