| Table of Contents |
|---|
General information
...
| id | Role | Description |
|---|---|---|
| 2 | Uploader | This role is obsolete |
| 25 | Editor_SystemTools_Profiles | Gives access to see and edit profiles in DAM administration view |
| 27 | Editor_SystemTools_UserManager_Users | Gives access to see and edit users in DAM administration view |
| 29 | Editor_Catalogs | Gives access to edit catalog folders in DAM administration view |
| 30 | Viewer_Catalogs | Gives access to see catalog folders in DAM administration view |
| 36 | Editor_SystemTools_UserManager_Groups | Gives access to see and edit groups in DAM administration view |
| 37 | Editor_SystemTools_Metadata | Gives access to see and edit metadata definitions |
| 38 | Administrator | Administrator role used for all administration APIs |
| 41 | Editor_SystemTools_Destinations | Gives access to see and edit destinations in DAM administration view |
| 42 | Editor_SystemTools_Dam | This role is obsolete |
| 43 | Editor_SystemTools_DigizuiteConfig | Gives access to see and edit Digizuite constants in DAM administration view |
| 44 | Editor_SystemTools_MediaFormat | Gives access to see and edit media formats in DAM administration view |
| 45 | Editor_SystemTools_TranscodeSetting | Gives access to see and edit transcodes in DAM administration view |
| 46 | Editor_Portal | This role is deprecated, but in use for the old API when editing channel folders. Only used in the DAM Administration view |
| 50 | Editor_Portal_Admin | Same as above (Editor_portal) |
| 52 | RunningJobs_View | Gives access to see your own upload progress |
| 54 | RunningJobs_ViewAll | Gives access to see all upload progress |
| 55 | RunningJobs_EditOwn | This role is obsolete |
| 57 | RunningJobs_EditAll | This role is obsolete |
| 58 | RunningJobs_ChangePriority | This role is obsolete |
| 59 | RunningJobs_AdminViewSubmitXML | This role is obsolete |
| 60 | Uploader_ShowFolderSelector | This role is obsolete |
| 61 | Uploader_ReplaceWithArchive | This role is obsolete |
| 62 | Uploader_ReplaceWithoutArchive | This role is obsolete |
| 65 | Editor_SystemTools_Config | This role gives access to product configuration including searches, labels, and configuration |
| 67 | VP3_Portal_Admin_StartScreen | This role is obsolete |
| 68 | VP3_Portal_Admin_VideoSlides | This role is obsolete |
| 72 | ItemControlAdmin | This role is obsolete |
| 74 | Editor_SystemTools_AlwaysAllowItemSecurityEdit | This role ignores all item security - use carefully! |
| 76 | MediaPortal_Admin_StartScreen | Allows editing of the start screen in Media Manager |
| 77 | MediaPortal_Admin_Users | This role is obsolete |
| 78 | MediaPortal_Admin_Log | This role is obsolete |
| 79 | MediaPortal_Admin_Trash | This role is obsolete |
| 80 | MediaPortal_User | Basic user role that gives access to login into MediaManager |
| 81 | MediaPortal_Collection | Gives access to collections |
| 82 | MediaPortal_Uploader | Gives access to upload from MediaManager |
| 83 | MediaPortal_Downloader | This role is obsolete |
| 84 | Editor_SystemTools_PlayerTemplate | This role is obsolete |
| 85 | Editor_SystemTools_Stopwords | This role gives access to edit stopwords for Search2 |
| 86 | Editor_SystemTools_License | This role gives access to edit Digizuite licenses |
| 87 | Editor_SystemTools_Status | This role is obsolete |
| 88 | Editor_SystemTools_Workflow | This role is obsolete |
| 90 | Editor_SystemTools_MediaFormatType | This role gives access to edit media format type setup |
| 91 | Editor_SystemTools_MetaDataLanguage | This role gives access to managing languages |
| 92 | MediaPortal_Asset_Replacer | This role is obsolete |
| 93 | MediaPortal_Asset_Unpublisher | This role is obsolete |
| 94 | Upload_Only | This role is deprecated, but used in the Digizuite administration to restrict users to only see the upload dialog |
| 95 | Member_Viewer | This role allows users to see information about other users |
| 103 | Comments_CRUD | Gives access to see, add, delete and edit own comments |
| 104 | Comments_View | Gives access to see comments |
| 105 | Comments_Admin_Delete | Gives access to delete all comments |
| 106 | Asset_Can_Download | Gives access to download assets - Please note that download is controlled by a set of roles and download qualities |
| 107 | Asset_Can_Download_Custom_Quality | Gives access to download custom download qualities if enabled by configuration |
| 108 | Asset_Can_Replace | Allows users to replace assets |
| 109 | Asset_Can_Revise | Allows users to replace an asset with a trim or crop |
| 110 | Asset_Can_Crop | Allows users to crop and trim assets |
| 111 | AuditTrail_View | Allows users to view audit trail for assets |
| 112 | Ai_Add | Allows users to use AI capabilities if enabled and configured |
| 113 | Can_Change_Styling_And_Theming | Allows users to change the styling and theming when Brand portal is not enabled |
| 114 | WorkStages_View | This role allows the user to see the statuses of the tasks they're assigned to |
| 115 | WorkStages_Edit_Others | This role allows editing of asset status' they are not assigned to |
| 116 | WorkStages_View_Others | This role allows users to always see asset status |
| 117 | GDPR_Admin | Allows users to do GDPR actions |
| 121 | Saved_Searches_CRUD | Gives access to saved searches |
| 122 | Ai_Translate | Gives access to use metadata translation APIs |
| 123 | Integration_Endpoints_View | Allows users to see integration endpoints |
| 124 | Integration_Endpoints_CRUD | Allows users to edit integration endpoints |
| 125 | Asset_Can_Delete_Permanently | Allows users to permanently delete assets |
| 126 | Can_Edit_Automation_Workflow | Allows editing of automations |
| 127 | Can_View_Logs | Allows users to see system logs |
| 128 | Can_View_Automation_Workflow_Status | Allows users to see the status of automations |
| 129 | Can_Live_Export_Assets_And_Metadata | Full access for downloading and exporting assets and its metadata |
| 130 | Can_Live_Export_Asset_Only | Gives access to download assets |
| 131 | Can_Live_Export_Metadata_Only | Gives access to export metadata for assets |
| 132 | Business_Workflow_View | Gives access to see the workflow definitions |
| 133 | Business_Workflow_CRUD | Gives access to edit the workflow definitions |
| 134 | Download_Approval_Bypass | If download approval is enabled, this role bypasses it |
| 135 | Download_Approval_Admin | Gives access to configure download approval |
| 136 | Copyright_Notification_Bypass | If copyright notification is enabled, this role bypasses it |
| 138 | Youtube_Admin | Gives access to configure Youtube integrations |
| 139 | Business_Workflow_Instance_View_Others | This role allows the users to see tasks in Workflows they are not assigned to |
| 140 | Asset_Can_Download_Any | Bypasses all download rules |
| 141 | Can_See_Grafana_Shortcut | Gives access to system monitoring |
| 142 | Comments_Admin_Update | Gives access to edit all comments |
| 143 | Business_Workflow_General_Transition_Executor | Allows users to do transitions in workflow tasks that have no user constraints on transition |
| 144 | Business_Workflow_Instance_Delete | Allows users to delete workflow tasks |
| 147 | Business_Workflow_Instance_View | Allows users to see workflow tasks they are assigned to |
| 148 | Business_Workflow_Instance_Transition | Allows users to see transitions |
| 149 | Business_Workflow_Instance_Assign | Allows assigning workflow tasks to other people |
| 150 | EditSso | Allows editing of SSO settings |
| 151 | CanImpersonate | Allows a user to create access keys for other users. Be careful with this role as it allows bumping user access. Should only be used for System user |
| 152 | FileRepository_Read | Used for files in workflows. This gives the users access to see attached files |
| 153 | FileRepository_Read_Secret | Used for files in workflows. This gives the users access to see secret attached files |
| 154 | FileRepository_Upload | Used for files in workflows. This gives the users access to see uploaded files |
| 155 | FileRepository_Delete | Used for files in workflows. This gives the users access to see delete uploaded files |
| 156 | MailTemplates_CRUD | Allows users to edit mail templates |
| 157 | Can_Force_Job_Status_Change | Allows users to change job status, for example restarting a failed job |
| 158 | Can_Configure_Members | Used in MediaManager to allow editing users. This is behind a feature flag in the current version. Will be available in the future |
| 159 | Can_Rerun_Workflows | This allows users to run automations with a manual trigger |
| 160 | ItemCheckInOut_CRUD | This gives access to check-in and check-out |
| 161 | ChannelFolder_CRUD | Allows the user to edit Channel folders. As of this release, this is a new API not being used in any UI and therefore this role is not needed by users |
| 162 | ChannelFolder_View | Allows the user to see Channel folders. As of this release, this is a new API not being used in any UI and therefore this role is not needed by users |
| 163 | ConfigManagement_Admin | Allows users to edit the configuration for products. This is a new API and is not available through UI yet. |
| 170 | Creative_Cloud_Connector | Allows users access to the Creative Cloud Connector |
| 171 | Can_See_Generic_Job_Status | Allows users to see generic job status - for instance elastic re-indexing |
| 172 | Can_Admin_Accelerated_Search | Allows users to see the status for search administration in Media Manager |
| 173 | Smart_Asset_Picker_Connector | Allows users to use the embedded Media Manager UI |
| 174 | Can_configure_portals | Allows editing of Digizuite portals |
| 175 | Can_view_portals | Allows users to see Digizuite portals |
| 176 | Can_view_metadata | Allows users to see the metadata tab on asset details |
| 177 | Can_view_related_assets | Allows users to see the related assets tab on asset details |
| 178 | Can_manage_filters_and_fields | Allows users to set up filters and free text searching |
...
Features in MM | Roles | Rights | ConfigManager |
|---|---|---|---|
| Upload assets via MM + see "Your uploads" | MediaPortal_Upload | Write access to the "Upload" folder (Usually granted through the "Trusted" group) | |
| Enable users to change their profile information | Enable users to see and edit their account information = True | ||
| Upload/change profile image via MM | MediaPortal_Upload | Enable profile images = True Enable users to see and edit their account information = True | |
| Restore old asset version via MM | Asset_Can_Replace | Write access to the "Upload" folder (Usually granted through the "Trusted" group) (Having write access to Content does nothing) | |
| Replace asset + See "Asset History" (Not audit trail) | Asset_Can_Replace | Write access to the asset | |
| See asset statuses + Enable the "My tasks" view | WorkStages_View | Read access to the asset | |
| Enable the "All tasks" view | WorkStages_View WorkStages_View_Others | Read access to the asset | |
| Change/set assets' statuses (on assets not already assigned to other users - Meaning only assets where you or none is assigned) | Member_Viewer WorkStages_View | Write access to the asset Write rights to the metadata fields in "Metadata > Asset > Shared > Tasks" (usually granted via trusted) | |
| Change/set assets' statuses (regardless of who they're assigned to) | Member_Viewer WorkStages_View WorkStages_Edit_Others | Write access to the asset Write rights to the metadata fields in "Metadata > Asset > Shared > Tasks" (usually granted via trusted) | |
| Printing | Asset_Can_Download | The asset is "public" (no padlock) | |
Enable (single- and multi-) download of an asset's predefined qualities Enable (single- and multi-) download of assets and metadata Enable download of collections as zip | Asset_Can_Download Can_Live_Export_Assets_And_Metadata | The asset is "public" (no padlock) Should be added to a group with download qualities: "Guest", "Light Users", "Content Creators", "Administrators", or "Super Administrators" | |
Enable (single- and multi-) download of an asset's predefined qualities Enable (single- and multi-) download of metadata Enable download of collections as zip | Asset_Can_Download Can_Live_Export_Metadata_Only | The asset is "public" (no padlock) Should be added to a group with download qualities: "Guest", "Light Users", "Content Creators", "Administrators", or "Super Administrators" | |
Enable (single- and multi-) download of an asset's predefined qualities Enable (single- and multi-) download of assets Enable download of collections as zip | Asset_Can_Download Can_Live_Export_Asset_Only | The asset is "public" (no padlock) Should be added to a group with download qualities: "Guest", "Light Users", "Content Creators", "Administrators", or "Super Administrators" | |
| Download custom qualities | Asset_Can_Download Asset_Can_Download_Custom_Quality | The asset is "public" (no padlock) | Custom quality color spaces = must have content Custom quality image types = must have content Enable custom quality download = true |
| Enable sharing (URL, Social) | MediaPortal_Share | The asset is "public" (no padlock) | |
| Enable sharing (Zip) | MediaPortal_Share Can_Live_Export_Asset_Only | The asset is "public" (no padlock) | |
| Enable embed as a sharing option for videos | MediaPortal_Video_Embed MediaPortal_Share | The "Embed player user" has read rights to the video assets | Choose available embed video sizes = must have content Choose available embed video qualities = must have content Embed player user = must have content (usually "Guest") |
| Enable sharing assets to/via collections (Create new, Add to existing) | MediaPortal_Share MediaPortal_Collection | The asset is "public" (no padlock) | |
| Add asset to own collection | MediaPortal_Collection | The asset is "public" (no padlock) | |
| Enable the ability to CRUD own collections | MediaPortal_Collection | ||
| Enable ability to CRUD own collections + CRUD collections shared to oneself/Others | MediaPortal_Collection | Give new recipients of non-social collections (e.g. not Facebook collections) access to manipulate collections = true | |
| Enable non-pre-existing users to read collections on an SSO site | MediaPortal_Collection | Allow shared collection users to bypass login required screen = true | |
| Enable users to use AI Tagging + your site has external access | Ai_Add | Write access to the asset (only images) | Enable AI tagging functionality for metadata field = Keywords(10192) (Keywords must be autotranslate = true) |
| If you want AI tagging but don't have external access | Ai_Add | Write access to the asset (only images) | Enable AI tagging functionality for metadata field = Keywords(10192) (Keywords must be autotranslate = true) Use local analysis for AI services = true |
| Enable CRUD of own saved searches | Saved_Searches_CRUD | ||
| Enable crop/trim (share it via email) | Asset_Can_Crop | ||
| Enable crop/trim + Replace original asset with crop/trim + Restore to an older version of an asset | Asset_Can_Crop Asset_Can_Replace | Write access to the asset Write access to the Uploads folder OR the Content folder (The option to restore requires "write access" to the Uploads folder) | |
| Enable crop/trim + Make new child asset with crop/trim | Asset_Can_Crop Asset_Can_Revise | Write access to the asset Write access to the Uploads folder OR the Content folder | |
| Have filter open every time you access the MM | Automatically expand filter pane in asset list = true | ||
| Make all filters be expanded every time you access MM | Automatically expand filter pane in asset list = true Automatically expand individual filters in asset list = true | ||
| Make asset ID shown | Show asset ID in asset list = true | ||
| Enable password reset | Enable the option to reset one's password = true | ||
Enable self sign-up where users can choose their own password | Enable self sign up = true Template user for self sign up users = A user with all the rights, roles, and groups your users should have (User must be enabled) Allow users to choose a password on signup = true Auto-created user folder ID = the ID of the folder where you want your users to go. | ||
Enable email verification for self-sign up (when self sign-up already is enabled) where users can choose their own password | Enable self sign up = true Template user for self sign up users = A user with all the rights, roles, and groups your users should have (User must be disabled) Allow users to choose a password on signup = true Verification when a user is created using self sign up = Email verification | ||
Enable admin verification for self-sign up (when self sign-up already is enabled) where users can choose their own password | Enable self sign up = true Template user for self sign up users = A user with all the rights, roles, and groups your users should have (User must be disabled) Allow users to choose a password on signup = true Verification when a user is created using self sign up = Admin verification Administrative verification email = the admin's email | ||
| Enable that refreshing MM will log one out | Enable persistent login = false | ||
| Enable reading other peoples' comments and annotations | Comment_View | ||
| Enable commenting and annotating | Comment_View Comment_CRUD | ||
| Enable commenting and annotating + tagging other users | Comment_View Comment_CRUD Member_Viewer | ||
| Access the task list | Business_Workflow_Instance_View | ||
| Edit workflows | Business_Workflow_CRUD Business_Workflow_View | ||
Request download of an asset's predefined formats. Can single download approved assets. Can single download if bypassed with a bit field. | Business_Workflow_Instance_Transition Business_Workflow_Instance_View Asset_Can_Download | Download approval must be set up The asset is "public" (no padlock) | |
Request download of an asset's predefined formats. Can single download approved assets. Can single and multi download if bypassed with a bit field. | Business_Workflow_Instance_Transition Business_Workflow_Instance_View Asset_Can_Download Can_Live_Export_Asset_Only | Download approval must be set up The asset is "public" (no padlock) | |
| Request a custom quality download | Business_Workflow_Instance_Transition Business_Workflow_Instance_View Asset_Can_Download_Custom_Quality | Download approval must be set up The asset is "public" (no padlock) | |
| Circumvent the download approval process | Download_Approval_Bypass | Download approval must be set up Have enabled either standard or custom download | |
| Approve or deny download requests | Business_Workflow_Instance_View Business_Workflow_Instance_Transition Download_Approval_Admin | You must be auto-assigned via the accompanying workflow as per the documentation | |
| Enable copyright notification | Follow the documentation: In short, you need to set it up via the config manager settings + metadata settings | ||
| Circumvent the copyright notification | Copyright_Notification_Bypass | Have copyright notifications enabled | |
| Upload both insecure and secure attachments on tasks | FileRepository_Upload | ||
View own and others' insecure attachments on tasks | FileRepository_Read | ||
View insecure and own secure attachments on tasks | FileRepository_Read | The upload constraint you upload with must have the "secret" bit set to true | |
| View own and others' secure attachments on tasks + insecure attachments | FileRepository_Read FileRepository_Read_Secret | ||
| Enable intro screen | Choose intro screen mode: Splashscreen or Disclaimer | ||
| Enable configuration of the brand portals + styles | FileRepository_Upload FileRepository_Delete Editor_systemTools_config Can_configure_portals | ||
| Enable viewing of the brand portals | Can_view_portals | ||
| See other members users in notifications | Member_Viewer |
| Info |
|---|
The CCC (DACCC or Digizuite Adobe Creative Cloud Connector) requires all its users to have read access to assets + the following roles
|
Features in CCC | Roles | Rights | ConfigManager |
|---|---|---|---|
| Check-out assets + check-in assets you've checked out yourself | ItemCheckInOut_CRUD | Write access to the asset | Enable check in/out = true |
| See who has checked out assets (both own and others') | Member_Viewer (OR Administrator) | ||
| Check-in assets that other people have checked out | Administrator Member_Viewer | ||
| Upload active documents or e.g. image files | MediaPortal_Upload | Write access to the "Upload" folder (Usually granted through the "Trusted" group) | |
| Replace (INDD, PSD, AI, AEP, PRPROJ) | Asset_Can_Replace | Write access to the "Upload" folder (Usually granted through the "Trusted" group) (?) Write access to the asset |
...