Roles

These are the roles that are needed:

  • Admin
  • Can read acls
  • Can write acls
  • Can write groups

Links

  • Hybrid Cloud
  • Is it possible to restrict what a user can do with an asset?

    Yes, it is possible as an Administrator using a combination of Roles and Access Control on assets and collections.

    Only allow view of assets

    For example if you have a user, Jenny, and you would like Jenny to be able to see an asset but not download, edit metadata or delete an asset you can put Jenny in to a User Group that has restricted roles. Jenny should not be in any other group that has more roles, as Jenny will inherit all the roles from all the groups that she is in.

    So if we create a User Group “Restricted Users", and then for the Roles we would pick:

    • can read approval request
    • can read assets
    • can read assets history
    • can read asset relations
    • can read asset subtitles
    • can read collections
    • can read custom actions
    • can read discovery entities
    • can read files
    • can read formats
    • can read metadata categories
    • can read metadata fields
    • can read metadata values
    • can read metadata views
    • can read notifications
    • can read notification settings
    • can read proxies
    • can read saved searches
    • can read search history
    • can read segments
    • can read shares
    • can read users
    • can search

    We then save the group, and go to the user Jenny and add this group to her. We could set it as the primary group if she doesn't have any other groups. Do the same for the other users that require the same restrictions.

    Finally, we want to let her have access to content. For the assets that you want her to see you set an Access Control on the asset that gives the User Group "Restricted Users" READ permission. You can learn how to do this on assets and collections.

    Allowing commenting

    If you would like the above plus to enable commenting, you need to enable the extra following roles in addition to above. This could be in another group that you apply to the user.

    • can create segments

    Allowing upload

    If you want to allow the user to upload add the following role in addition to the main roles above.

    • can write assets
    • can create assets
    • can create formats
    • can create transcode jobs
    • can write formats
    • can write files
    • can write jobs
    • can read storages
    • web can upload

    If you have setup the system so that it requires metadata upon upload then you also need to add the roles listed for "Allow editing metadata".

    Learn more.