These are the roles that are needed:

  • User

Understanding User Group Roles

Most actions in the iconik user interface make calls to the iconik API. So when you wish to enter metadata, make a comment or perform an upload that will send commands to the API, the rights to be able to make these actions are controlled with Roles.

The User Interface makes sure that only the options for which your role allows you to have are available. So if you don't have the roles which allow upload you will not see the upload functionality.

When using iconik and comparing to the documentation please be aware that certain functionality is only available to users with the correct role.

The type of user also restricts the available roles, as described below. Note that Standard Users can have all Browse Only user roles, and Power Users can have all roles.

If you give a user a can_create role, make sure you also give the corresponding can_write role. Also giving write access does not automatically give read access, so that also needs to be added.

Note that the user also requires ACL access to the Assets, Collections etc., that they are trying to interact with, it is not enough to only have the role.

Browse Only User Roles

Role Description
can_create_segments Allows creating comments
can_delete_approval_status Allows to delete its own approvals
can_delete_saved_searches Allows deleting saved searches that you have access to
can_delete_search_history Allows deleting your search history
can_delete_segments Allows deleting your own comments
can_read_acls Required for getting access to anything
can_read_approval_request Allows being part of an approval workflow
can_read_asset_relations Allows reading relations
can_read_asset_subtitles Allows reading subtitles
can_read_assets Allows reading assets
can_read_collections Allows reading collections
can_read_custom_actions Allows seeing custom actions
can_read_discovery_entities Allow seeing the discovery view
can_read_files Allows seeing files
can_read_formats Allows seeing formats
can_read_group_mappings Allows reading groups (Required for SAML)
can_read_identity_providers Allows reading identity providers for SAML (Required for SAML)
can_read_jobs Allows seeing jobs
can_read_metadata_categories Allows seeing metadata categories (Required for metadata)
can_read_metadata_values Allows seeing metadata values
can_read_metadata_views Allows seeing metadata views
can_read_notifications Allows seeing notifications
can_read_notification_settings Allows seeing notification settings
can_read_proxies Allows viewing proxies
can_read_saved_searches Allows access to saved searches
can_read_search_history Allows access to search history
can_read_segments Allows access to comments and times metadata
can_read_subscriptions Allows seeing notification subscriptions
can_read_shares Allows access to shares
can_read_transcode_jobs Allows access to transcode jobs
can_read_transcriptions Allows access to transcriptions
can_read_transfers Allows seeing ongoing transfers
can_search Allows searching
can_write_approval_status Allows setting approval status (If part of an approval workflow)
can_write_metadata_values Allows editing metadata
can_write_saved_searches Allows saving searches
can_write_segments Allows editing (your own) comments
can_write_subscriptions Allows editing your notification subscriptions
can_list_all_users Allows seeing all users when listing users or querying for users
can_list_group_users Only allows seeing users from groups you are a member of
can_list_all_groups Allows seeing the all groups when listing groups. Otherwise only groups you are a member of is shown.
web_can_download_original Allows the user to download the original file from an asset
web_can_download_proxy Allows the user to download the proxy file from an asset
web_can_list_users Allows seeing the user list when sharing (And other places you can list users)
web_can_list_users Allows seeing the user list when sharing (And other places you can list users)
web_can_view_versions Allows viewing the different versions of assets

Standard User Roles

Role Description
can_archive_formats Allows archiving of formats
can_analyze_content Allows access to the Analyze function
can_approve_without_request Allows approval of an asset without going through the request stage
can_create_asset_relations Allows creating asset relations
can_create_assets Allows creating new assets
can_create_collections Allows creating new collections
can_create_formats Allows uploading files
can_create_poster Allows creating poster images
can_create_transcode_jobs Allows creating transcode jobs
can_delete_acls Allows removing ACLs
can_delete_approval_request Allows to delete an approval request
can_delete_asset_relations Allows removing asset relations
can_delete_assets Allows deleting assets
can_delete_collections Allows deleting collections
can_delete_discovery_entities Allows deleting Discovery view items
can_delete_files Allows deleting files
can_delete_formats Allows deleting formats
can_delete_object_shares Allows deleting shares
can_delete_proxies Allows deleting proxies
can_delete_saved_search_groups Allows deleting Saved Search Groups
can_delete_transcriptions Allows deleting transcriptions
can_delete_versions Allows deleting versions of an asset
can_purge_assets Allows to purge assets from the recycle bin
can_purge_collections Allows to purge collections for the recycle bin
can_read_storages Allows access to the Storage list
can_reindex_assets Allows explicit reindex of assets
can_reindex_collections Allows explicit reindex of collections
can_reindex_segments Allows explicit reindex of segments (Comments and Time based metadata)
can_restore_archived_formats Allows restoring an archived format
can_use_adobe_panel Allows using the Adobe panels
can_write_acls Allows setting ACLs
can_write_approval_request Allows making Approval requests
can_write_asset_subtitles Allows adding subtitle files
can_write_assets Allows editing assets
can_write_collections Allows editing collections
can_write_discovery_entities Allows editing the discovery view
can_write_exports Allows creating exports
can_write_files Allows updating file entries
can_write_formats Allows updating format entries
can_write_jobs Allows updating jobs
can_write_keyframes Allows creating posters and setting keyframes (In combination with web_enable_posters and can_create_posters)
can_write_proxies Allows updating proxies
can_write_shares Allows updating shares
can_write_saved_search_groups Allows creating and updating Saved Search Groups
can_write_transcode_jobs Allows updating transcode jobs
can_write_transcriptions Allows creating and editing transcriptions
can_write_transfers Allows updating transfers
can_write_versions Allows creating new versions of assets
is_storage_worker Special role for users that acts as an Iconik Storage Gateway
web_can_create_placeholder Allows the user to create a placeholder from the Web UI
web_can_top_level_upload Allows users to upload to the top level of a storage
web_can_upload Allows the user to Upload using the web interface
web_enable_posters Allows the user to see the Poster tab. To create posters, can_write_keyframes and can_create_posters is also required

Power User Roles

Role Description
can_create_users Gives access to create users
can_delete_apps Allows deleting applications and tokens
can_delete_archived_formats Allows deleting an archived format
can_delete_assets_history Allows deleting an asset history entry
can_delete_export_locations Allows deleting export locations
can_delete_group_mappings Allows deleting group mappings (For SAML only)
can_delete_groups Allows deleting groups
can_delete_identity_providers Allows deleting SAML identity providers
can_delete_jobs Allows deleting jobs
can_delete_metadata_categories Allows deleting metadata categories
can_delete_metadata_fields Allows deleting metadata fields
can_delete_metadata_views Allows deleting metadata views
can_delete_storages Allows deleting storages
can_delete_transcode_jobs Allows aborting a transcode job
can_delete_transcoders Allows deleting a Transcoder
can_delete_users Allows deleting users
can_delete_webhooks Allows deleting a Webhook definition
can_read_apps Gives access to the Applications panel in the Admin view
can_read_assets_history Gives access to Asset history
can_read_export_locations Gives access to the Export location list.
can_read_groups Gives access to the group list in the Admin view
can_read_metadata_fields Gives access to the metadata fields in the Admin view
can_read_stats Gives access to the Stats page
can_read_system_domains Gives access to read the system domain info (Only current domain, unless given access by a super admin)
can_read_transcoders Gives access to the Transcoder list in the Admin view
can_read_users Gives access to the User list in the Admin view
can_read_webhooks Gives access to the Webhooks in the Admin view
can_reindex_assets_history Allows reindex operations using API
can_reindex_export_locations Allows reindex operations using API
can_reindex_groups Allows reindex operations using API
can_reindex_saved_searches Allows reindex operations using API
can_reindex_storages Allows reindex operations using API
can_reindex_transcoders Allows reindex operations using API
can_reindex_users Allows reindex operations using API
can_scan_bucket Allows scanning a cloud bucket for new content
can_write_apps Allows creating new Applications and tokens
can_write_assets_history Allows updating Asset History entries
can_write_export_locations Allows creating and editing Export Locations
can_write_group_mappings Allows editing group mappings (For SAML)
can_write_groups Allows editing and creating groups
can_write_identity_providers Allows editing the identity provider (For SAML)
can_write_metadata_categories Allows editing Metadata Categories
can_write_metadata_fields Allows editing and creating Metadata Fields
can_write_metadata_views Allows editing and creating Metadata View
can_write_storages Allows editing and creating Storages
can_write_system_domains Allows editing the system domain information
can_write_transcoders Allows creating and editing Transcoders
can_write_users Allows editing Users
can_write_webhooks Allows creating and editing Webhooks

Administrator Role

The Administrator Role is a special role which gives increased capabilities over the system. Administrators have access to all functions and content in the system regardless of roles and ACLs.

Changing the roles

Only Administrators are allowed to change the roles on the group(s) you are a member of. Ask your Administrator for more details.

Learn more