Logged ID usages do not outright show the label on the ID, however. Instead, each ID has a hidden string (something like "ADF159JEI"), and labels (and unique hidden strings) are shown for the airlocks. An example log entry would read something like, "ADF159JEI opened Brig Airlock (ID:812)". You would be able to see the last 250 log entries, or sort them by department (so that you only see security airlocks or engineering airlocks, for example).
The console would have another screen, the Remote ID Access Management screen. By manually typing in (or copy pasting) an IDs unique hidden string (hereafter UHS), you would be able to remotely access that ID and wipe out all of its access. You could also place a label on it manually, which would then be appended to any further mentions of the UHS in the logs.
This means that if you know somebody has illicit access or a stolen ID and you know the general vicinity of where they are, you could observantly watch the logs on this console, determine which ID is theirs (or a cluster of IDs that could be theirs), and wipe their access before they can spread it to everybody else. It would take a degree of effort to do instead of being a one-click thing (which has been suggested), while also still being very robust.
There is another feature that the console would have: ID Console Logging and Management. ID console logins and logouts would be logged, showing only the UHS of the ID used to authenticate the console. An example log entry might be, "ADF159JEI logged in to ID Console (ID:525)". You would not be able to see the UHS of the modified ID, however, so there still exists a degree of counterplay to this for antags who are trying to sneak all access.
This screen would also allow you to issue a temporary lockout. All ID active consoles would be listed and selectable. Selecting an ID console that currently has an ID with valid identification in it will cause that console to be locked out, preventing any access modifications to be made for the next three minutes. A lockout could be issued every five minutes. This way, mass clusters of people (maybe revs or cultists) could be temporarily prevented from editing IDs at an ID console and potentially stopped if sec can arrive on time.
A final feature would be an ID scanner device that can be used on an ID to reveal its UHS. It could also be used on airlocks or ID Consoles to get their IDs. The HoP could start with this and use it to label his own ID or the IDs of people that come to line for access.
tl;dr:
- all access is really strong, spreads like a virus, and theres no real way to fix it besides calling the shuttle
- to fix this, we should add a new console that keeps logs of every time an airlock is opened with an ID
- the console would also log any logins on existing ID Consoles
- if youre observant, you can single out an ID on this console and wipe its access remotely
- if there is an authorization ID left inside of an ID Console, you can temporarily lockout that ID Console remotely
- this console would require a plaintext password that the HoP would start with in his locker, like telecomms logging
- this should help prevent rounds being destroyed by everybody getting all access
ms paint mockup of what the main screen could look like: