01304 827609 info@use-ip.co.uk Find us

Hik-Connect Possible to give user access to "some" cameras only?

codlord

Gives a lot of help
Trusted Member
Messages
257
Points
43
I have a site with HikVision setup with many cameras.

I want to give view-only access to 5 particular cameras via Hik-Connect phone app to a particular user.

I can setup a user on the NVR who only has permission to view the 5 cameras
BUT (1) within Hik-Connect the user can still see the entire list of cameras and their names.
AND (2) of course the user could if they wanted to now login to the NVR admin interface and see every single bit of config.
both (1) and (2) I cannot have. I want a user who can only see 5 camera feeds and nothing else.

Is there some way to achieve what I want?

I realise I could probably setup the username on the 5 individual cameras and have the user add those 5 cameras as individual devices in Hik-Connect but that won't work for me as the individual cameras are not available outside of the site local network.
 
Hi @codlord

You need to share the device with the other Hik-Connect users rather than add it directly to their accounts.

Doing it this way means that you as the admin user are the only one with full access to the NVR.

To share a device you need to go to More > Manage Sharing Settings > and tap Share Device

You then need to enter the recipient users email address that their Hik-Connect account is registered to.

You can then select the device you want to share with them and set the permissions including how many cameras they can view.
 
Hi @codlord

You need to share the device with the other Hik-Connect users rather than add it directly to their accounts.

Doing it this way means that you as the admin user are the only one with full access to the NVR.

To share a device you need to go to More > Manage Sharing Settings > and tap Share Device

You then need to enter the recipient users email address that their Hik-Connect account is registered to.

You can then select the device you want to share with them and set the permissions including how many cameras they can view.
Thanks for the reply Dan, although I think this will only work if we are using the Hik-Connect Domain method with platform access enabled? Sorry I should have made clear we are not using any hik services/platform access, we use manual IP setup and therefore Hik-Connect app is always connecting direct to the NVR.
 
Ok, I would still recommend giving the device sharing a try, it may still work when the device is added via the IP address. (we have never tried it)

If this does not work then I am not aware of any other method to limit permissions & camera access when the NVR is connected directly to multiple users.
 
I've just checked on mine. Unfortunately if a user with limited permissions logs in via the web browser, they still have read only access to all settings apart from the user accounts. The browser will allow a setting to be altered and only give a "no permission" error when the save button is pressed. I try and avoid using Hik Connect services so haven't tried what @Dan is suggesting, but I imagine it may work as your user will not have the IP address of the site and even if they did, will not have a user account on the NVR/DVR, so won't get past the login page. Unfortunately this may be another use case where there is no avoiding using the Hik Connect connection method (the other being push notifications)
 
I was revisiting this issue/question as our site neighbor asked us about getting access to a couple of our cameras which overlook their land.

So I thought I would experiment with one camera to start with by adding a CAMERA user, then opening up the camera port 8000.

Do cameras even have a port 8000 management port like NVRs?

I ask as when I add the device (tried both iVMS and Hik-Connect Android apps) if I am on the local WiFi I get "Connection Failed" error and if I am on mobile data I get "Receiving data from the device timed out" error like this post (which may or may not be relevant):

I saw @JB1970 offered various suggestions to the error but I have tried changing the port to various non-standard ones and no luck.

So basically, I can connect to my NVRs direct by IP/900 but I cannot connect to a camera in the same way. Anyone have any ideas why? I even ditched the camera user and used the main admin/password and NVR connection works fine, but if I change my router port forward rule from the NVR IP to the camera IP I get the errors above.

All cameras are on the network, NOT directly connected to NVR.
 
Last edited:
Do cameras even have a port 8000 management port live NVRs?
Yes they do.

If the cameras are on the local network you would need to create a port forward rule for the camera, in addition to what you have for the NVR (as you only want the neighbour to have access to particular cameras). The issue is that the ports are common to all cameras so you'd need to do the port forwarding a little differently. Let's say the neighbour wants access to cameras 1 & 2 and that the IP addresses of those cameras on your LAN is 192.168.0.101 and 192.168.0.102. For the server port you can just do

External TCP port 50101 to internal port 8000 on 192.168.0.101
External TCP port 50102 to internal port 8000 on 192.168.0.102

In the Hik-Connect app on their phone you then add the two cameras individually setting the server ports for cam 1 and 2 to 50101 and 50102 respectively. However it might not work as you might also have to forward the RTSP port (554). You can't do that individually, as although you can use a separate external port number in your rule to differentiate, there's no way to alter the RTSP port in the Hik-Connect. You can try to just forward the server port as above and hope that the upon connection the app negotiates the RTSP connection (but I'm not sure it will....I've never tried)

This is really why you want to be using the Hik-Connect service. You can simply share the NVR with your neighbours Hik-Connect account, but restrict them to the cameras you want them to have access to (and decide whether they should have playback)
 
If the cameras are on the local network you would need to create a port forward rule for the camera, in addition to what you have for the NVR
@JB1970 thanks, that's exactly what I did.
In the Hik-Connect app on their phone you then add the two cameras individually setting the server ports to 50101 and 50102. However it might not work as you need to also forward the RTSP port (554).
e.g. say my external WAN IP is 1.2.3.4 and my NVR is 192.168.0.1 and my camera is 192.168.0.100

My existing (working) rule says forward 1.2.3.4 port 50100 to 192.168.0.1 port 8000
Adding a device 1.2.3.4 port 50100 to the apps works fine - I can see all cameras on the NVR.

But then I try a rule that says forward 1.2.3.4 port 50101 to 192.168.0.100 port 8000
Adding a device 1.2.3.4 port 50101 to the apps does not work - I get one of the two errors above.

I don't think you need to forward 554 either. You certainly don't to get NVRs working on the apps as I have everything locked down except what I absolutely need. But anyway, I temporarily opened port 554 on the router to try the camera device adding and it made no difference.

I have a firewall app on my phone so I can see exactly what IPs/ports every app connect to and I can confirm the NVR devices work fine with ONLY the device/port 8000, all other IPs and ports are blocked including any HikVision ones. The apps have never tried connecting to any port other than what I specify in add device.
This is really why you want to be using the Hik-Connect service. You can simply share the NVR with your neighbours Hik-Connect account, but restrict them to the cameras you want them to have access to (and decide whether they should have playback)
I have never used the service, to me, a web-based service just seems more insecure and more likely to be compromised by bugs/hacks. But regardless I was really trying to make it easier for the non-tech neighbors! If I can get devices working I can provide them with exact instructions to download app and add devices. If I go the Hik-Connect way I have to create an account for myself, enable the Hik service and do all the config, then expect the neighbor/s to also register an account and then send them some QR code nonsense etc etc...
 
@JB1970 sorry to waste your time - this was my mistake, a typo in one of the IPs - doh! I wasted so much time today...

So just to clarify, both phone apps work, and both NVRs and cameras work with only port 8000
 
typo in one of the IPs - doh! I wasted so much time today...
No problem, I've been there. I once blew several hours before realising I'd miskeyed one digit while using the on screen keyboard 192.169...
So just to clarify, both phone apps work, and both NVRs and cameras work with only port 8000
That's good to know. The app must connect using just the server port and then allow communication on RTSP port 554 once established.
 
Back
Top