| Table of Contents |
|---|
General information
| Info |
|---|
Roles can be added to users in three ways:
Users can simultaneously have roles added directly and roles inherited via groups - having the same role added twice (or multiple times) doesn't have an impact. Removing e.g. a group with a duplicate role - will still leave your user with the role. Roles and groups that have been inherited, will be greyed out. (You also inherit download qualities, but our current implementation does not make them show up. In a perfect world, the inherited download qualities would show up as greyed out) If you have duplicate roles then the role will have a (+) appended
|
...
List of roles
| Note |
|---|
This list is descriptive, meaning that it's not prescriptive. Essentially, this means that this list describes what it currently does - not what it's supposed to do. As time goes on, these two things should align 100%. |
...
Roles
...
Enables you to use AI tagging on images. Requires additional setup if you don't want to use Digizuite's Azure account for it. Requires an EditMultiComboVlaue to be defined in MM's config manager.
...
Enables one to download an asset and print published assets (assets without a lock).
You need to have download qualities added, to be able to download assets. These are assigned via groups. Groups with download qualities are: "Guest", "Light Users", "Content Creators", "Administrators", and "Super Administrators"
...
Business_Workflow_General_Transition_Executor
...
21
...
Can_Configure_Members
...
✗
...
✓
...
Allows the user to configure MM to use a Member Approval business workflow.
...
Can_Force_Job_Status_Change
...
Allows the user to cancel or delete jobs in both AW and DigiBatch.
...
Can_Rerun_Workflows
...
✓
...
✓
...
Allows the user to use the "ManualTrigger" AW trigger to start workflows based on simple input data.
...
29
...
Can_See_Grafana_Shortcut
...
✗
...
✓
...
Allows the user to see the shortcut to Grafana in the MM ui. The login to grafana is separate from their Digizuite login, and has nothing to do with this role.
...
CanImpersonate
...
✓
...
✗
...
Allows the user to generate access keys for other users. Should only be given to the "System" user, unless you have very good reason for anything else.
...
Enables one to Update other people's comments
...
Enables one to Create (own), Update (own), Delete (own) comments (for tasks and images) and Create (own), Update (own), Delete (own), annotations on images.
It requires Comment_View to function.
...
Enables one to Read (all) comments (assets and tasks) and Read (all) annotations
Gives you the option to access comments directly from the asset overview
...
Editor_Catalogs
...
Editor_Portal
...
| Info | ||||
|---|---|---|---|---|
| ||||
|
Gives you read access to everything you've added - e.g. makes all Catalog and Channel folders appear if you've added "Editor_Catalogs" and "Editor_Portal".
It only gives read access to assets in the DC - I.e. it does not give you read access to assets in the MM (even though it appears that you have read access to them when you look at the channels in DC).
With this, you can give yourself (and others) write access to folders you don't have write access to.
It also adds "System Tools" to the left side menu - but it is blank - meaning that there are not any system tools in it.
It opens up for access to content in Media Manager. Here this role gives you high-level access.
It gives you access to all collections for all users in the system
...
Editor_SystemTools_Config
...
Editor_SystemTools_Dam
...
Enables one to select all catalog and channel folders in System tools → Workflow → AssetSyncFolder → "Sync rootfolder"/"Destination folder". Without this role, one can only select folders that you have read-access to.
...
Editor_SystemTools_Destinations
...
Editor_SystemTools_DigizuiteConfig
...
Editor_SystemTools_License
...
Editor_SystemTools_MediaFormat
...
Editor_SystemTools_MediaFormatType
...
Editor_SystemTools_Metadata
...
Editor_SystemTools_MetaDataLanguage
...
Editor_SystemTools_PlayerTemplate
...
Editor_SystemTools_Profiles
...
Editor_SystemTools_Status
...
Editor_SystemTools_Stopwords
...
Editor_SystemTools_TranscodeSetting
...
Editor_SystemTools_UserManager_Groups
...
Editor_SystemTools_UserManager_Users
...
Editor_SystemTools_Workflow
...
61
...
EditSso
...
✓
...
✓
...
Allows the user to change the systems SSO settings. Should probably only be given to a select set of super administrators
...
MediaPortal_Admin_StartScreen
...
MediaPortal_Asset_Replacer
...
MediaPortal_Asset_Unpublisher
...
MediaPortal_Collection
...
Enables one to share via the MM UI. Enabling this gives you the ability to share assets via: URL, Zip (email), social media - and if collections are enabled one can also share assets via: New collection (create new), and Existing collection (add to existing).
If collections are enabled, one can share them via: Zip (a package over mail), Social media, and Collection (give people rights to preview the collection from MM)
If the following is enabled "Give new recipients of non-social collections (e.g. not Facebook collections) access to manipulate collections:" via config manager, the recipient will be able to CRUD the collection, else the recipient will only be able to Read the collection.
Sharing over social media makes the shared asset publicly available. One needs to manually revoke the read rights on the asset level, to make it internal again.
...
MediaPortal_Uploader
...
MediaPortal_User
...
Requires "MediaPortal_Share" + some settings in CondigManager to work (See the table in the bottom of this page - ctrl+f "embed")
Adds embed as a sharing option. It only works with videos.
...
Member_Viewer
...
RunningJobs_AdminViewSubmitXML
...
RunningJobs_ChangePriority
...
RunningJobs_EditAll
...
Obsolete - To be deleted
...
RunningJobs_EditOwn
...
Obsolete - To be deleted
...
RunningJobs_View
...
RunningJobs_ViewAll
...
Uploader_ShowFolderSelector
...
Only implemented in DFS. Is used to give users access to upload to the catalog area while using the embedded upload component
...
Note: If both Uploader_ReplaceWithArchive and Uploader_ReplaceWithoutArchive are enabled the user will be asked what he wants to do with the old asset: archive it or delete it.
Features
The other way around - what roles and rights need to be added to enable a feature
| Info |
|---|
MediaPortal_User is needed to access MM - so for all MM features below, it's given that MediaPortal_User is already enabled. In a lot of instances, you also need read access to assets. I only scarcely add this as a right sometimes. Usually, it's self-evident that one should have read access to an asset to add it to a collection. The Upload folder (46) is the default folder for uploading. This can be changed - and if changed, use this other folder instead. For Keywords - Keywords (10192) is default. This can of course also be changed - where you should use this new metadata field instead. |
Green = OK
Yellow = Might not be OK
...
Features in MM
...
Enable profile images = True
Enable users to see and edit their account information = True
...
WorkStages_View
WorkStages_View_Others
...
Member_Viewer
WorkStages_View
...
Write access to the asset
Write rights to the metadata fields in "Metadata > Asset > Shared > Tasks" (usually granted via trusted)
...
Member_Viewer
WorkStages_View
WorkStages_Edit_Others
...
Write access to the asset
Write rights to the metadata fields in "Metadata > Asset > Shared > Tasks" (usually granted via trusted)
...
Enable (single- and multi-) download of an asset's predefined qualities
Enable (single- and multi-) download of assets and metadata
Enable download of collections as zip
Asset_Can_Download
Can_Live_Export_Assets_And_Metadata
...
The asset is "public" (no padlock)
Should be added to a group with download qualities: "Guest", "Light Users", "Content Creators", "Administrators", or "Super Administrators"
...
Enable (single- and multi-) download of an asset's predefined qualities
Enable (single- and multi-) download of metadata
Enable download of collections as zip
Asset_Can_Download
Can_Live_Export_Metadata_Only
...
The asset is "public" (no padlock)
Should be added to a group with download qualities: "Guest", "Light Users", "Content Creators", "Administrators", or "Super Administrators"
...
Enable (single- and multi-) download of an asset's predefined qualities
Enable (single- and multi-) download of assets
Enable download of collections as zip
Asset_Can_Download
Can_Live_Export_Asset_Only
...
The asset is "public" (no padlock)
Should be added to a group with download qualities: "Guest", "Light Users", "Content Creators", "Administrators", or "Super Administrators"
...
Asset_Can_Download
Asset_Can_Download_Custom_Quality
...
Custom quality color spaces = must have content
Custom quality image types = must have content
Enable custom quality download = true
...
MediaPortal_Share
...
| Table of Contents |
|---|
General information
| Info |
|---|
Roles can be added to users in three ways:
Users can simultaneously have roles added directly and roles inherited via groups - having the same role added twice (or multiple times) doesn't have an impact. Removing e.g. a group with a duplicate role - will still leave your user with the role. Roles and groups that have been inherited, will be greyed out. (You also inherit download qualities, but our current implementation does not make them show up. In a perfect world, the inherited download qualities would show up as greyed out) If you have duplicate roles then the role will have a (+) appended
|
List of roles
| id | Role | Description |
|---|---|---|
| 2 | Uploader | This role is obsolete |
| 25 | Editor_SystemTools_Profiles | Gives access to see and edit profiles in DAM administration view |
| 27 | Editor_SystemTools_UserManager_Users | Gives access to see and edit users in DAM administration view |
| 29 | Editor_Catalogs | Gives access to edit catalog folders in DAM administration view |
| 30 | Viewer_Catalogs | Gives access to see catalog folders in DAM administration view |
| 36 | Editor_SystemTools_UserManager_Groups | Gives access to see and edit groups in DAM administration view |
| 37 | Editor_SystemTools_Metadata | Gives access to see and edit metadata definitions |
| 38 | Administrator | Administrator role used for all administration APIs |
| 41 | Editor_SystemTools_Destinations | Gives access to see and edit destinations in DAM administration view |
| 42 | Editor_SystemTools_Dam | This role is obsolete |
| 43 | Editor_SystemTools_DigizuiteConfig | Gives access to see and edit Digizuite constants in DAM administration view |
| 44 | Editor_SystemTools_MediaFormat | Gives access to see and edit media formats in DAM administration view |
| 45 | Editor_SystemTools_TranscodeSetting | Gives access to see and edit transcodes in DAM administration view |
| 46 | Editor_Portal | This role is deprecated, but in use for the old API when editing channel folders. Only used in the DAM Administration view |
| 50 | Editor_Portal_Admin | Same as above (Editor_portal) |
| 52 | RunningJobs_View | Gives access to see your own upload progress |
| 54 | RunningJobs_ViewAll | Gives access to see all upload progress |
| 55 | RunningJobs_EditOwn | This role is obsolete |
| 57 | RunningJobs_EditAll | This role is obsolete |
| 58 | RunningJobs_ChangePriority | This role is obsolete |
| 59 | RunningJobs_AdminViewSubmitXML | This role is obsolete |
| 60 | Uploader_ShowFolderSelector | This role is obsolete |
| 61 | Uploader_ReplaceWithArchive | This role is obsolete |
| 62 | Uploader_ReplaceWithoutArchive | This role is obsolete |
| 65 | Editor_SystemTools_Config | This role gives access to product configuration including searches, labels and configuration |
| 67 | VP3_Portal_Admin_StartScreen | This role is obsolete |
| 68 | VP3_Portal_Admin_VideoSlides | This role is obsolete |
| 72 | ItemControlAdmin | This role is obsolete |
| 74 | Editor_SystemTools_AlwaysAllowItemSecurityEdit | This role ignores all item security - use carefully! |
| 76 | MediaPortal_Admin_StartScreen | Allows editing of start screen in Media Manager |
| 77 | MediaPortal_Admin_Users | This role is obsolete |
| 78 | MediaPortal_Admin_Log | This role is obsolete |
| 79 | MediaPortal_Admin_Trash | This role is obsolete |
| 80 | MediaPortal_User | Basic user role that gives access to login into MediaManager |
| 81 | MediaPortal_Collection | Gives access to collections |
| 82 | MediaPortal_Uploader | Gives access to upload from MediaManager |
| 83 | MediaPortal_Downloader | This role is obsolete |
| 84 | Editor_SystemTools_PlayerTemplate | This role is obsolete |
| 85 | Editor_SystemTools_Stopwords | This role gives access to edit stopwords for Search2 |
| 86 | Editor_SystemTools_License | This role gives access to edit Digizuite licenses |
| 87 | Editor_SystemTools_Status | This role is obsolete |
| 88 | Editor_SystemTools_Workflow | This role is obsolete |
| 90 | Editor_SystemTools_MediaFormatType | This role gives access to edit media format type setup |
| 91 | Editor_SystemTools_MetaDataLanguage | This role gives access to manage languages |
| 92 | MediaPortal_Asset_Replacer | This role is obsolete |
| 93 | MediaPortal_Asset_Unpublisher | This role is obsolete |
| 94 | Upload_Only | This role is deprecated, but used in the Digizuite administration to restrict users to only see the upload dialog |
| 95 | Member_Viewer | This roles allows user to see information about other users |
| 103 | Comments_CRUD | Gives access to see, add, delete and edit own commets |
| 104 | Comments_View | Gives access to see comments |
| 105 | Comments_Admin_Delete | Gives access to delete all comments |
| 106 | Asset_Can_Download | Gives access to download assets - Please note that download is controlled by a set of roles and download qualities |
| 107 | Asset_Can_Download_Custom_Quality | Gives access to download custom download qualities if enabled by configuration |
| 108 | Asset_Can_Replace | Allows users to replace assets |
| 109 | Asset_Can_Revise | Allows users to replace an asset with a trim or crop |
| 110 | Asset_Can_Crop | Allows users to crop and trim assets |
| 111 | AuditTrail_View | Allows users to view audit trail for assets |
| 112 | Ai_Add | Allows users to use AI capabilities if enabled and configured |
| 113 | Can_Change_Styling_And_Theming | Allows user to change styling and theming when Brand portal is not enabled |
| 114 | WorkStages_View | This role allows the user to see asset status' they are assigned to |
| 115 | WorkStages_Edit_Others | This role allows editing of asset status' they are not assigned to |
| 116 | WorkStages_View_Others | This role allows users to always see asset status |
| 117 | GDPR_Admin | Allows users to do GDPR actions |
| 121 | Saved_Searches_CRUD | Gives access to saved searches |
| 122 | Ai_Translate | Gives access to use metadata translation API's |
| 123 | Integration_Endpoints_View | Allows users to see integration endpoints |
| 124 | Integration_Endpoints_CRUD | Allows users to edit integration endpoints |
| 125 | Asset_Can_Delete_Permanently | Allows users to permanently delete assets |
| 126 | Can_Edit_Automation_Workflow | Allows editing of automations |
| 127 | Can_View_Logs | Allows users to see system logs |
| 128 | Can_View_Automation_Workflow_Status | Allows users to see the status of automations |
| 129 | Can_Live_Export_Assets_And_Metadata | Full access for downloading and exporting assets and it's metadata |
| 130 | Can_Live_Export_Asset_Only | Gives access to download assets |
| 131 | Can_Live_Export_Metadata_Only | Gives access to export metadata for assets |
| 132 | Business_Workflow_View | Gives access to see the workflow definitions |
| 133 | Business_Workflow_CRUD | Gives access to edit the workflow definitions |
| 134 | Download_Approval_Bypass | If download approval is enabled, this role bypasses it |
| 135 | Download_Approval_Admin | Gives access to configure download approval |
| 136 | Copyright_Notification_Bypass | If copyright notification is enabled, this role bypasses it |
| 138 | Youtube_Admin | Gives access to configure Youtube integrations |
| 139 | Business_Workflow_Instance_View_Others | This role allows the users to see tasks in Workflows they are not assigned to |
| 140 | Asset_Can_Download_Any | Bypasses all download rules |
| 141 | Can_See_Grafana_Shortcut | Gives access to system monitoring |
| 142 | Comments_Admin_Update | Gives access to edit all comments |
| 143 | Business_Workflow_General_Transition_Executor | Allows users to do transitions in workflow tasks that has no user constraints on transition |
| 144 | Business_Workflow_Instance_Delete | Allows user to delete workflow tasks |
| 147 | Business_Workflow_Instance_View | Allows users to see workflow tasks they are assigned to |
| 148 | Business_Workflow_Instance_Transition | Allows users to see transitions |
| 149 | Business_Workflow_Instance_Assign | Allows assigning workflow tasks to other people |
| 150 | EditSso | Allows editing of SSO settings |
| 151 | CanImpersonate | Allows a user to create accesskeys for other users. Be careful with this role as it allows bumping user access. Should only be used for System user |
| 152 | FileRepository_Read | Used for files in workflows. This gives the users access to see attached files |
| 153 | FileRepository_Read_Secret | Used for files in workflows. This gives the users access to see secret attached files |
| 154 | FileRepository_Upload | Used for files in workflows. This gives the users access to see upload files |
| 155 | FileRepository_Delete | Used for files in workflows. This gives the users access to see delete uploaded files |
| 156 | MailTemplates_CRUD | Allows users to edit mail templates |
| 157 | Can_Force_Job_Status_Change | Allows users to change job status, for example restarting a failed job |
| 158 | Can_Configure_Members | Used in MediaManager to allow editing users. This is behind a feature flag in current version. Will be available in the future |
| 159 | Can_Rerun_Workflows | This allows users to run automations with a manual trigger |
| 160 | ItemCheckInOut_CRUD | This gives access to check-in and check-out |
| 161 | ChannelFolder_CRUD | Allows the user to edit Channel folders. As of this release this is new API not being used in any UI and therefore this role is not needed on users |
| 162 | ChannelFolder_View | Allows the user to seeChannel folders. As of this release this is new API not being used in any UI and therefore this role is not needed on users |
| 163 | ConfigManagement_Admin | Allows users to edit configuration for products. This is new API and not available through UI yet. |
| 170 | Creative_Cloud_Connector | Allows users access to Creative cloud connector |
| 171 | Can_See_Generic_Job_Status | Allows users to see generic job status - for instance elastic re-indexing |
| 172 | Can_Admin_Accelerated_Search | Allows users to see status for search administration in Media Manager |
| 173 | Smart_Asset_Picker_Connector | Allows users to use the embedded Media Manager UI |
| 174 | Can_configure_portals | Allows editing of Digizuite portals |
| 175 | Can_view_portals | Allows users to see Digizuite portals |
| 176 | Can_view_metadata | Allows users to see the metadata tab on asset details |
| 177 | Can_view_related_assets | Allows users to see the related assets tab on asset details |
| 178 | Can_manage_filters_and_fields | Allows users to setup filters and free text searching |
Features
The other way around - what roles and rights need to be added to enable a feature
| Info |
|---|
MediaPortal_User is needed to access MM - so for all MM features below, it's given that MediaPortal_User is already enabled. In a lot of instances, you also need read access to assets. I only scarcely add this as a right sometimes. Usually, it's self-evident that one should have read access to an asset to add it to a collection. The Upload folder (46) is the default folder for uploading. This can be changed - and if changed, use this other folder instead. For Keywords - Keywords (10192) is default. This can of course also be changed - where you should use this new metadata field instead. |
Green = OK
Yellow = Might not be OK
...
Features in DC
...
Changes in roles from the last version to this
Added
...
Can_Force_Job_Status_Change
Removed
...
Changed
Features in MM | Roles | Rights | ConfigManager | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Upload assets via MM + see "Your uploads" | MediaPortal_Upload | Write access to "Upload" folder (Usually granted through the "Trusted" group) | |||||||||||
| Enable users to change their profile information | Enable users to see and edit their account information = True | ||||||||||||
| Upload/change profile image via MM | MediaPortal_Upload | Enable profile images = True Enable users to see and edit their account information = True | |||||||||||
| Restore old asset version via MM | Asset_Can_Replace | Write access to "Upload" folder (Usually granted through the "Trusted" group) (Having write access to Content does nothing) | |||||||||||
| Replace asset + See "Asset History" (Not audit trail) | Asset_Can_Replace | Write access to the asset | |||||||||||
| See asset statuses + Enable the "My tasks" view | WorkStages_View | Read access to the asset | |||||||||||
| Enable the "All tasks" view | WorkStages_View WorkStages_View_Others | Read access to the asset | |||||||||||
| Change/set assets' statuses (on assets not already assigned to other users - Meaning only assets where you or none is assigned) | Member_Viewer WorkStages_View | Write access to the asset Write rights to the metadata fields in "Metadata > Asset > Shared > Tasks" (usually granted via trusted) | |||||||||||
| Change/set assets' statuses (regardless of who they're assigned to) | Member_Viewer WorkStages_View WorkStages_Edit_Others | Write access to the asset Write rights to the metadata fields in "Metadata > Asset > Shared > Tasks" (usually granted via trusted) | |||||||||||
| Printing | Asset_Can_Download | The asset is "public" (no padlock) | |||||||||||
Enable (single- and multi-) download of an asset's predefined qualities Enable (single- and multi-) download of assets and metadata Enable download of collections as zip | Asset_Can_Download Can_Live_Export_Assets_And_Metadata | Enable sharing assets to/via collections (Create new, Add to existing) | The asset is "public" (no padlock) | ||||||||||
| Enable embed as a sharing option for videos | MediaPortal_Video_Embed MediaPortal_Share | The "Embed player user" has read rights to the video assets | Choose available embed video sizes = must have content Choose available embed video qualities = must have content Embed player user = must have content (usually "Guest") | ||||||||||
Should be added to a group with download qualities: "Guest", "Light Users", "Content Creators", "Administrators", or "Super Administrators" | |||||||||||||
Enable (single- and multi-) download of an asset's predefined qualities Enable (single- and multi-) download of metadata Enable download of collections as zip | Asset_Can_Download Can_Live_Export_Metadata_Only | The asset is "public" (no padlock) | Add asset to own collection | MediaPortal_Collection | The asset is "public" (no padlock) | Enable ability to CRUD own collections | MediaPortal_Collection | Enable ability to CRUD own collections + CRUD collections shared to oneself/Others | MediaPortal_Collection | Give new recipients of non-social collections (e.g. not Facebook collections) access to manipulate collections = true | Enable non-pre-existing users to read collections on an SSO site | MediaPortal_Collection | Allow shared collection users to bypass login required screen = true |
| Enable user to use AI Tagging + your site has external access | Ai_Add | Write access to the asset (only images) | Enable AI tagging functionality for metadata field = Keywords(10192) (Keywords must be autotranslate = true) | ||||||||||
| If you want AI tagging but don't have external access | Ai_Add | Write access to the asset (only images) | Enable AI tagging functionality for metadata field = Keywords(10192) (Keywords must be autotranslate = true) Use local analysis for AI services = true | Enable CRUD of own saved searches | Saved_Searches_CRUD | Enable crop/trim (share it via email) | Asset_Can_Crop | Enable crop/trim + Replace original asset with crop/trim + Restore to an older version of an asset | Asset_Can_Crop Asset_Can_Replace | Write access to the asset Write access to the Uploads folder OR the Content folder (The option to restore requires "write access" to the Uploads folder) | Enable crop/trim + Make new child asset with crop/trim | Asset_Can_Crop Asset_Can_Revise | Write access to the asset Write access to the Uploads folder OR the Content folder | Have filter open every time you access the MM | Automatically expand filter pane in asset list = true | Make all filters be expanded every time you access MM | Automatically expand filter pane in asset list = true Automatically expand individual filters in asset list = true | Make asset ID shown | Show asset ID in asset list = true | Enable password reset | Enable the option to reset one's password = true | Enable self sign-up where users can choose their own password | Enable self sign up = true Template user for self sign up users = A user with all the rights, roles, and groups your users should have (User must be enabled) Allow users to chose a password on signup = true Auto-created user folder ID = the ID of the folder where you want your users to go. | Enable email verification for self-sign up (when self sign-up already is enabled) where users can choose their own password | Enable self sign up = true Template user for self sign up users = A user with all the rights, roles, and groups your users should have (User must be disabled) Allow users to chose a password on signup = true Verification when a user is created using self sign up = Email verification | Enable admin verification for self-sign up (when self sign-up already is enabled) where users can choose their own password | Enable self sign up = true Template user for self sign up users = A user with all the rights, roles, and groups your users should have (User must be disabled) Allow users to chose a password on signup = true Verification when a user is created using self sign up = Admin verification Administrative verification email = the admin's email | Enable that refreshing MM will log one out | Enable persistent login = false | Enable reading other peoples' comments and annotations | Comment_View | Enable commenting and annotating | Comment_View Comment_CRUD | Enable commenting and annotating + tagging other users | Comment_View Comment_CRUD Member_Viewer | Access the task list | Business_Workflow_Instance_View | Edit workflows | Business_Workflow_CRUD Business_Workflow_View | Request download of an asset's predefined formats. Can single download approved assets. Can single download if bypassed with a bit field. | Business_Workflow_Instance_Transition Business_Workflow_Instance_View Asset_Can_Download | Download approval must be set up The asset is "public" (no padlock) | Request download of an asset's predefined formats. Can single download approved assets. Can single and multi download if bypassed with a bit field. | Business_Workflow_Instance_Transition Business_Workflow_Instance_View Asset_Can_Download Can_Live_Export_Asset_Only | Download approval must be set up The asset is "public" (no padlock) | Request a custom quality download | Business_Workflow_Instance_Transition Business_Workflow_Instance_View Asset_Can_Download_Custom_Quality | Download approval must be set up The asset is "public" (no padlock) | Circumvent the download approval process | Download_Approval_Bypass | Download approval must be set up Have enabled either standard or custom download | Approve or deny download requests | Business_Workflow_Instance_View Business_Workflow_Instance_Transition Download_Approval_Admin | You must be auto-assigned via the accompanying workflow as per the documentation | Enable copyright notification | Follow the documentation: In short, you need to set it up via the config manager settings + metadata settings | Circumvent the copyright notification | Copyright_Notification_Bypass | Have copyright notifications enabled | Upload both insecure and secure attachments on tasks | FileRepository_Upload | View own and others' insecure attachments on tasks | FileRepository_Read | View insecure and own secure attachments on tasks | FileRepository_Read | The upload constraint you upload with must have the "secret" bit set to true | View own and others' secure attachments on tasks + insecure attachments | FileRepository_Read FileRepository_Read_Secret | Enable intro screen | Choose intro screen mode: Splashscreen or Disclaimer |
| Info |
|---|
The CCC requires all its users to have the "Asset_Can_Download" role + read access to assets. |
...
Features in CCC
...
Administrator
Member_Viewer
...
Write access to "Upload" folder (Usually granted through the "Trusted" group)
Write access to the asset
...
Enable duplicate asset check = true
Should be added to a group with download qualities: "Guest", "Light Users", "Content Creators", "Administrators", or "Super Administrators" | |||
Enable (single- and multi-) download of an asset's predefined qualities Enable (single- and multi-) download of assets Enable download of collections as zip | Asset_Can_Download Can_Live_Export_Asset_Only | The asset is "public" (no padlock) Should be added to a group with download qualities: "Guest", "Light Users", "Content Creators", "Administrators", or "Super Administrators" | |
| Download custom qualities | Asset_Can_Download Asset_Can_Download_Custom_Quality | The asset is "public" (no padlock) | Custom quality color spaces = must have content Custom quality image types = must have content Enable custom quality download = true |
| Enable sharing (URL, Social) | MediaPortal_Share | The asset is "public" (no padlock) | |
| Enable sharing (Zip) | MediaPortal_Share Can_Live_Export_Asset_Only | The asset is "public" (no padlock) | |
| Enable embed as a sharing option for videos | MediaPortal_Video_Embed MediaPortal_Share | The "Embed player user" has read rights to the video assets | Choose available embed video sizes = must have content Choose available embed video qualities = must have content Embed player user = must have content (usually "Guest") |
| Enable sharing assets to/via collections (Create new, Add to existing) | MediaPortal_Share MediaPortal_Collection | The asset is "public" (no padlock) | |
| Add asset to own collection | MediaPortal_Collection | The asset is "public" (no padlock) | |
| Enable ability to CRUD own collections | MediaPortal_Collection | ||
| Enable ability to CRUD own collections + CRUD collections shared to oneself/Others | MediaPortal_Collection | Give new recipients of non-social collections (e.g. not Facebook collections) access to manipulate collections = true | |
| Enable non-pre-existing users to read collections on an SSO site | MediaPortal_Collection | Allow shared collection users to bypass login required screen = true | |
| Enable user to use AI Tagging + your site has external access | Ai_Add | Write access to the asset (only images) | Enable AI tagging functionality for metadata field = Keywords(10192) (Keywords must be autotranslate = true) |
| If you want AI tagging but don't have external access | Ai_Add | Write access to the asset (only images) | Enable AI tagging functionality for metadata field = Keywords(10192) (Keywords must be autotranslate = true) Use local analysis for AI services = true |
| Enable CRUD of own saved searches | Saved_Searches_CRUD | ||
| Enable crop/trim (share it via email) | Asset_Can_Crop | ||
| Enable crop/trim + Replace original asset with crop/trim + Restore to an older version of an asset | Asset_Can_Crop Asset_Can_Replace | Write access to the asset Write access to the Uploads folder OR the Content folder (The option to restore requires "write access" to the Uploads folder) | |
| Enable crop/trim + Make new child asset with crop/trim | Asset_Can_Crop Asset_Can_Revise | Write access to the asset Write access to the Uploads folder OR the Content folder | |
| Have filter open every time you access the MM | Automatically expand filter pane in asset list = true | ||
| Make all filters be expanded every time you access MM | Automatically expand filter pane in asset list = true Automatically expand individual filters in asset list = true | ||
| Make asset ID shown | Show asset ID in asset list = true | ||
| Enable password reset | Enable the option to reset one's password = true | ||
Enable self sign-up where users can choose their own password | Enable self sign up = true Template user for self sign up users = A user with all the rights, roles, and groups your users should have (User must be enabled) Allow users to chose a password on signup = true Auto-created user folder ID = the ID of the folder where you want your users to go. | ||
Enable email verification for self-sign up (when self sign-up already is enabled) where users can choose their own password | Enable self sign up = true Template user for self sign up users = A user with all the rights, roles, and groups your users should have (User must be disabled) Allow users to chose a password on signup = true Verification when a user is created using self sign up = Email verification | ||
Enable admin verification for self-sign up (when self sign-up already is enabled) where users can choose their own password | Enable self sign up = true Template user for self sign up users = A user with all the rights, roles, and groups your users should have (User must be disabled) Allow users to chose a password on signup = true Verification when a user is created using self sign up = Admin verification Administrative verification email = the admin's email | ||
| Enable that refreshing MM will log one out | Enable persistent login = false | ||
| Enable reading other peoples' comments and annotations | Comment_View | ||
| Enable commenting and annotating | Comment_View Comment_CRUD | ||
| Enable commenting and annotating + tagging other users | Comment_View Comment_CRUD Member_Viewer | ||
| Access the task list | Business_Workflow_Instance_View | ||
| Edit workflows | Business_Workflow_CRUD Business_Workflow_View | ||
Request download of an asset's predefined formats. Can single download approved assets. Can single download if bypassed with a bit field. | Business_Workflow_Instance_Transition Business_Workflow_Instance_View Asset_Can_Download | Download approval must be set up The asset is "public" (no padlock) | |
Request download of an asset's predefined formats. Can single download approved assets. Can single and multi download if bypassed with a bit field. | Business_Workflow_Instance_Transition Business_Workflow_Instance_View Asset_Can_Download Can_Live_Export_Asset_Only | Download approval must be set up The asset is "public" (no padlock) | |
| Request a custom quality download | Business_Workflow_Instance_Transition Business_Workflow_Instance_View Asset_Can_Download_Custom_Quality | Download approval must be set up The asset is "public" (no padlock) | |
| Circumvent the download approval process | Download_Approval_Bypass | Download approval must be set up Have enabled either standard or custom download | |
| Approve or deny download requests | Business_Workflow_Instance_View Business_Workflow_Instance_Transition Download_Approval_Admin | You must be auto-assigned via the accompanying workflow as per the documentation | |
| Enable copyright notification | Follow the documentation: In short, you need to set it up via the config manager settings + metadata settings | ||
| Circumvent the copyright notification | Copyright_Notification_Bypass | Have copyright notifications enabled | |
| Upload both insecure and secure attachments on tasks | FileRepository_Upload | ||
View own and others' insecure attachments on tasks | FileRepository_Read | ||
View insecure and own secure attachments on tasks | FileRepository_Read | The upload constraint you upload with must have the "secret" bit set to true | |
| View own and others' secure attachments on tasks + insecure attachments | FileRepository_Read FileRepository_Read_Secret | ||
| Enable intro screen | Choose intro screen mode: Splashscreen or Disclaimer |
| Info |
|---|
The CCC requires all its users to have the "Asset_Can_Download" role + read access to assets. |