Denylists in Space
Overview
The denylist is a record of canceled keys. When a canceled key is sent to the denylist, the information is communicated throughout the system. As users update their keys at SVN updater points, like wall readers, and present their keys to other locks, the new denylist information is circulated to all access points. The updated denylist can also be distributed throughout the system by all online (wired) locks.
An unlimited amount of users and four million keys can be created, but a maximum of 65,535 keys can be canceled through the denylist. If the denylist is full, you cannot create any new users on the system, and you cannot edit new keys for users. This can be avoided by monitoring the denylist from the System resources screen.
If the denylist is full, you can perform a denylist recovery. You should consult your Salto technical support contact for more information about this process.
Managing denylists
You can choose to select if user keys will be sent to the denylist when canceled by enabling the MORE_THAN_64K_USERS advanced parameter in General options. This parameter also allows you to control whether visitor and guest keys are sent to the denylist. See Advanced tab for more information.
The process is different for user, visitor, and guest keys.
Sending user keys to the denylist
When you enable the MORE_THAN_64K_USERS advanced parameter in Space General options, the New key can be canceled through denylist checkbox is displayed in the Key options panel on the User information screen. This checkbox is selected by default. If you clear the checkbox, the canceled key is not sent to the denylist. Instead, it is invalidated when it expires or when it is presented to an SVN updater point, like a wall reader.
By default, the maximum expiration period for keys that cannot be canceled through the denylist is 3 days. You can change this value from the Users tab in Space General options if required. However, for security reasons, it cannot be higher than 21 days. See Users tab for more information.
Sending visitor keys to the denylist
When you enable the MORE_THAN_64K_USERS advanced parameter in Space General options, a Visitors keys are cancelable through denylist checkbox is displayed on the Visitors tab in Space General options. This checkbox is selected by default. The option applies to all the visitor keys in the system. This means that visitor keys are sent to the denylist if you delete visitors in Space before their visit has expired.
Note that if you delete visitors after their visit has expired, their keys are not sent to the denylist. If you clear the Visitors keys are cancelable through denylist checkbox, valid visitor keys are not sent to the denylist when you delete them. Instead, the keys are invalidated when they expire, or when they are presented to an SVN wall reader.
See Printing the visitor list and Deleting expired visitors for more information.
Sending guest keys to the denylist
When you enable the MORE_THAN_64K_USERS advanced parameter in Space General options, guest keys are sent to the denylist when you cancel them. This applies to all guest keys in the system. See Configuring hotel keys for more information.