Table of Contents |
---|
General information
...
id | Role | Description |
---|---|---|
2 | Uploader | This role is obsolete |
25 | Editor_SystemTools_Profiles | Gives access to see and edit profiles in DAM administration view |
27 | Editor_SystemTools_UserManager_Users | Gives access to see and edit users in DAM administration view |
29 | Editor_Catalogs | Gives access to edit catalog folders in DAM administration view |
30 | Viewer_Catalogs | Gives access to see catalog folders in DAM administration view |
36 | Editor_SystemTools_UserManager_Groups | Gives access to see and edit groups in DAM administration view |
37 | Editor_SystemTools_Metadata | Gives access to see and edit metadata definitions |
38 | Administrator | Administrator role used for all administration APIs |
41 | Editor_SystemTools_Destinations | Gives access to see and edit destinations in DAM administration view |
42 | Editor_SystemTools_Dam | This role is obsolete |
43 | Editor_SystemTools_DigizuiteConfig | Gives access to see and edit Digizuite constants in DAM administration view |
44 | Editor_SystemTools_MediaFormat | Gives access to see and edit media formats in DAM administration view |
45 | Editor_SystemTools_TranscodeSetting | Gives access to see and edit transcodes in DAM administration view |
46 | Editor_Portal | This role is deprecated, but in use for the old API when editing channel folders. Only used in the DAM Administration view |
50 | Editor_Portal_Admin | Same as above (Editor_portal) |
52 | RunningJobs_View | Gives access to see your own upload progress |
54 | RunningJobs_ViewAll | Gives access to see all upload progress |
55 | RunningJobs_EditOwn | This role is obsolete |
57 | RunningJobs_EditAll | This role is obsolete |
58 | RunningJobs_ChangePriority | This role is obsolete |
59 | RunningJobs_AdminViewSubmitXML | This role is obsolete |
60 | Uploader_ShowFolderSelector | This role is obsolete |
61 | Uploader_ReplaceWithArchive | This role is obsolete |
62 | Uploader_ReplaceWithoutArchive | This role is obsolete |
65 | Editor_SystemTools_Config | This role gives access to product configuration including searches, labels, and configuration |
67 | VP3_Portal_Admin_StartScreen | This role is obsolete |
68 | VP3_Portal_Admin_VideoSlides | This role is obsolete |
72 | ItemControlAdmin | This role is obsolete |
74 | Editor_SystemTools_AlwaysAllowItemSecurityEdit | This role ignores all item security - use carefully! |
76 | MediaPortal_Admin_StartScreen | Allows editing of the start screen in Media Manager |
77 | MediaPortal_Admin_Users | This role is obsolete |
78 | MediaPortal_Admin_Log | This role is obsolete |
79 | MediaPortal_Admin_Trash | This role is obsolete |
80 | MediaPortal_User | Basic user role that gives access to login into MediaManager |
81 | MediaPortal_Collection | Gives access to collections |
82 | MediaPortal_Uploader | Gives access to upload from MediaManager |
83 | MediaPortal_Downloader | This role is obsolete |
84 | Editor_SystemTools_PlayerTemplate | This role is obsolete |
85 | Editor_SystemTools_Stopwords | This role gives access to edit stopwords for Search2 |
86 | Editor_SystemTools_License | This role gives access to edit Digizuite licenses |
87 | Editor_SystemTools_Status | This role is obsolete |
88 | Editor_SystemTools_Workflow | This role is obsolete |
90 | Editor_SystemTools_MediaFormatType | This role gives access to edit media format type setup |
91 | Editor_SystemTools_MetaDataLanguage | This role gives access to managing languages |
92 | MediaPortal_Asset_Replacer | This role is obsolete |
93 | MediaPortal_Asset_Unpublisher | This role is obsolete |
94 | Upload_Only | This role is deprecated, but used in the Digizuite administration to restrict users to only see the upload dialog |
95 | Member_Viewer | This role allows users to see information about other users |
103 | Comments_CRUD | Gives access to see, add, delete and edit own comments |
104 | Comments_View | Gives access to see comments |
105 | Comments_Admin_Delete | Gives access to delete all comments |
106 | Asset_Can_Download | Gives access to download assets - Please note that download is controlled by a set of roles and download qualities |
107 | Asset_Can_Download_Custom_Quality | Gives access to download custom download qualities if enabled by configuration |
108 | Asset_Can_Replace | Allows users to replace assets |
109 | Asset_Can_Revise | Allows users to replace an asset with a trim or crop |
110 | Asset_Can_Crop | Allows users to crop and trim assets |
111 | AuditTrail_View | Allows users to view audit trail for assets |
112 | Ai_Add | Allows users to use AI capabilities if enabled and configured |
113 | Can_Change_Styling_And_Theming | Allows users to change the styling and theming when Brand portal is not enabled |
114 | WorkStages_View | This role allows the user to see the statuses of tasks they're assigned to |
115 | WorkStages_Edit_Others | This role allows editing of asset status' they are not assigned to |
116 | WorkStages_View_Others | This role allows users to always see asset status |
117 | GDPR_Admin | Allows users to do GDPR actions |
121 | Saved_Searches_CRUD | Gives access to saved searches |
122 | Ai_Translate | Gives access to use metadata translation APIs |
123 | Integration_Endpoints_View | Allows users to see integration endpoints |
124 | Integration_Endpoints_CRUD | Allows users to edit integration endpoints |
125 | Asset_Can_Delete_Permanently | Allows users to permanently delete assets |
126 | Can_Edit_Automation_Workflow | Allows editing of automations |
127 | Can_View_Logs | Allows users to see system logs |
128 | Can_View_Automation_Workflow_Status | Allows users to see the status of automations |
129 | Can_Live_Export_Assets_And_Metadata | Full access for downloading and exporting assets and its metadata |
130 | Can_Live_Export_Asset_Only | Gives access to download assets |
131 | Can_Live_Export_Metadata_Only | Gives access to export metadata for assets |
132 | Business_Workflow_View | Gives access to see the workflow definitions |
133 | Business_Workflow_CRUD | Gives access to edit the workflow definitions |
134 | Download_Approval_Bypass | If download approval is enabled, this role bypasses it |
135 | Download_Approval_Admin | Gives access to configure download approval |
136 | Copyright_Notification_Bypass | If copyright notification is enabled, this role bypasses it |
138 | Youtube_Admin | Gives access to configure Youtube integrations |
139 | Business_Workflow_Instance_View_Others | This role allows the users to see tasks in Workflows they are not assigned to |
140 | Asset_Can_Download_Any | Bypasses all download rules |
141 | Can_See_Grafana_Shortcut | Gives access to system monitoring |
142 | Comments_Admin_Update | Gives access to edit all comments |
143 | Business_Workflow_General_Transition_Executor | Allows users to do transitions in workflow tasks that have no user constraints on transition |
144 | Business_Workflow_Instance_Delete | Allows users to delete workflow tasks |
147 | Business_Workflow_Instance_View | Allows users to see workflow tasks they are assigned to |
148 | Business_Workflow_Instance_Transition | Allows users to see transitions |
149 | Business_Workflow_Instance_Assign | Allows assigning workflow tasks to other people |
150 | EditSso | Allows editing of SSO settings |
151 | CanImpersonate | Allows a user to create access keys for other users. Be careful with this role as it allows bumping user access. Should only be used for System user |
152 | FileRepository_Read | Used for files in workflows. This gives the users access to see attached files |
153 | FileRepository_Read_Secret | Used for files in workflows. This gives the users access to see secret attached files |
154 | FileRepository_Upload | Used for files in workflows. This gives the users access to see uploaded files |
155 | FileRepository_Delete | Used for files in workflows. This gives the users access to see delete uploaded files |
156 | MailTemplates_CRUD | Allows users to edit mail templates |
157 | Can_Force_Job_Status_Change | Allows users to change job status, for example restarting a failed job |
158 | Can_Configure_Members | Used in MediaManager to allow editing users. This is behind a feature flag in the current version. Will be available in the future |
159 | Can_Rerun_Workflows | This allows users to run automations with a manual trigger |
160 | ItemCheckInOut_CRUD | This gives access to check-in and check-out |
161 | ChannelFolder_CRUD | Allows the user to edit Channel folders. As of this release, this is a new API not being used in any UI and therefore this role is not needed by users |
162 | ChannelFolder_View | Allows the user to see Channel folders. As of this release, this is a new API not being used in any UI and therefore this role is not needed by users |
163 | ConfigManagement_Admin | Allows users to edit the configuration for products. This is a new API and is not available through UI yet. |
170 | Creative_Cloud_Connector | Allows users access to the Creative Cloud Connector |
171 | Can_See_Generic_Job_Status | Allows users to see generic job status - for instance elastic re-indexing |
172 | Can_Admin_Accelerated_Search | Allows users to see the status for search administration in Media Manager |
173 | Smart_Asset_Picker_Connector | Allows users to use the embedded Media Manager UI |
174 | Can_configure_portals | Allows editing of Digizuite portals |
175 | Can_view_portals | Allows users to see Digizuite portals |
176 | Can_view_metadata | Allows users to see the metadata tab on asset details |
177 | Can_view_related_assets | Allows users to see the related assets tab on asset details |
178 | Can_manage_filters_and_fields | Allows users to set up filters and free text searching |
179 | Asset_Can_Archive | Allows users to archive (soft delete) assets |
Features
The other way around - what roles and rights need to be added to enable a feature
...
Features in MM | Roles | Rights | ConfigManager |
---|---|---|---|
Upload assets via MM + see "Your uploads" | MediaPortal_Upload | Write access to the "Upload" folder (Usually granted through the "Trusted" group) | |
Enable users to change their profile information | Enable users to see and edit their account information = True | ||
Upload/change profile image via MM | MediaPortal_Upload | Enable profile images = True Enable users to see and edit their account information = True | |
Restore old asset version via MM | Asset_Can_Replace | Write access to the "Upload" folder (Usually granted through the "Trusted" group) (Having write access to Content does nothing) | |
Replace asset + See "Asset History" (Not audit trail) | Asset_Can_Replace | Write access to the asset | |
See asset statuses + Enable the "My tasks" view | WorkStages_View | Read access to the asset | |
Enable the "All tasks" view | WorkStages_View WorkStages_View_Others | Read access to the asset | |
Change/set assets' statuses (on assets not already assigned to other users - Meaning only assets where you or none is assigned) | Member_Viewer WorkStages_View | Write access to the asset Write rights to the metadata fields in "Metadata > Asset > Shared > Tasks" (usually granted via trusted) | |
Change/set assets' statuses (regardless of who they're assigned to) | Member_Viewer WorkStages_View WorkStages_Edit_Others | Write access to the asset Write rights to the metadata fields in "Metadata > Asset > Shared > Tasks" (usually granted via trusted) | |
Printing | Asset_Can_Download | The asset is "public" (no padlock) | |
Enable (single- and multi-) download of an asset's predefined qualities Enable (single- and multi-) download of assets and metadata Enable download of collections as zip | Asset_Can_Download Can_Live_Export_Assets_And_Metadata | The asset is "public" (no padlock) Should be added to a group with download qualities: "Guest", "Light Users", "Content Creators", "Administrators", or "Super Administrators" | |
Enable (single- and multi-) download of an asset's predefined qualities Enable (single- and multi-) download of metadata Enable download of collections as zip | Asset_Can_Download Can_Live_Export_Metadata_Only | The asset is "public" (no padlock) Should be added to a group with download qualities: "Guest", "Light Users", "Content Creators", "Administrators", or "Super Administrators" | |
Enable (single- and multi-) download of an asset's predefined qualities Enable (single- and multi-) download of assets Enable download of collections as zip | Asset_Can_Download Can_Live_Export_Asset_Only | The asset is "public" (no padlock) Should be added to a group with download qualities: "Guest", "Light Users", "Content Creators", "Administrators", or "Super Administrators" | |
Download custom qualities | Asset_Can_Download Asset_Can_Download_Custom_Quality | The asset is "public" (no padlock) | Custom quality color spaces = must have content Custom quality image types = must have content Enable custom quality download = true |
Enable sharing (URL, Social) | MediaPortal_Share | The asset is "public" (no padlock) | |
Enable sharing (Zip) | MediaPortal_Share Can_Live_Export_Asset_Only | The asset is "public" (no padlock) | |
Enable embed as a sharing option for videos | MediaPortal_Video_Embed MediaPortal_Share | The "Embed player user" has read rights to the video assets | Choose available embed video sizes = must have content Choose available embed video qualities = must have content Embed player user = must have content (usually "Guest") |
Enable sharing assets to/via collections (Create new, Add to existing) | MediaPortal_Share MediaPortal_Collection | The asset is "public" (no padlock) | |
Add asset to own collection | MediaPortal_Collection | The asset is "public" (no padlock) | |
Enable the ability to CRUD own collections | MediaPortal_Collection | ||
Enable ability to CRUD own collections + CRUD collections shared to oneself/Others | MediaPortal_Collection | Give new recipients of non-social collections (e.g. not Facebook collections) access to manipulate collections = true | |
Enable non-pre-existing users to read collections on an SSO site | MediaPortal_Collection | Allow shared collection users to bypass login required screen = true | |
Enable users to use AI Tagging + your site has external access | Ai_Add | Write access to the asset (only images) | Enable AI tagging functionality for metadata field = Keywords(10192) (Keywords must be autotranslate = true) |
If you want AI tagging but don't have external access | Ai_Add | Write access to the asset (only images) | Enable AI tagging functionality for metadata field = Keywords(10192) (Keywords must be autotranslate = true) Use local analysis for AI services = true |
Enable CRUD of own saved searches | Saved_Searches_CRUD | ||
Enable crop/trim (share it via email) | Asset_Can_Crop | ||
Enable crop/trim + Replace original asset with crop/trim + Restore to an older version of an asset | Asset_Can_Crop Asset_Can_Replace | Write access to the asset Write access to the Uploads folder OR the Content folder (The option to restore requires "write access" to the Uploads folder) | |
Enable crop/trim + Make new child asset with crop/trim | Asset_Can_Crop Asset_Can_Revise | Write access to the asset Write access to the Uploads folder OR the Content folder | |
Have filter open every time you access the MM | Automatically expand filter pane in asset list = true | ||
Make all filters be expanded every time you access MM | Automatically expand filter pane in asset list = true Automatically expand individual filters in asset list = true | ||
Make asset ID shown | Show asset ID in asset list = true | ||
Enable password reset | Enable the option to reset one's password = true | ||
Enable self sign-up where users can choose their own password | Enable self sign up = true Template user for self sign up users = A user with all the rights, roles, and groups your users should have (User must be enabled) Allow users to choose a password on signup = true Auto-created user folder ID = the ID of the folder where you want your users to go. | ||
Enable email verification for self-sign up (when self sign-up already is enabled) where users can choose their own password | Enable self sign up = true Template user for self sign up users = A user with all the rights, roles, and groups your users should have (User must be disabled) Allow users to choose a password on signup = true Verification when a user is created using self sign up = Email verification | ||
Enable admin verification for self-sign up (when self sign-up already is enabled) where users can choose their own password | Enable self sign up = true Template user for self sign up users = A user with all the rights, roles, and groups your users should have (User must be disabled) Allow users to choose a password on signup = true Verification when a user is created using self sign up = Admin verification Administrative verification email = the admin's email | ||
Enable that refreshing MM will log one out | Enable persistent login = false | ||
Enable reading other peoples' comments and annotations | Comment_View | ||
Enable commenting and annotating | Comment_View Comment_CRUD | ||
Enable commenting and annotating + tagging other users | Comment_View Comment_CRUD Member_Viewer | ||
Access the task list | Business_Workflow_Instance_View | ||
Edit workflows | Business_Workflow_CRUD Business_Workflow_View | ||
Request download of an asset's predefined formats. Can single download approved assets. Can single download if bypassed with a bit field. | Business_Workflow_Instance_Transition Business_Workflow_Instance_View Asset_Can_Download | Download approval must be set up The asset is "public" (no padlock) | |
Request download of an asset's predefined formats. Can single download approved assets. Can single and multi download if bypassed with a bit field. | Business_Workflow_Instance_Transition Business_Workflow_Instance_View Asset_Can_Download Can_Live_Export_Asset_Only | Download approval must be set up The asset is "public" (no padlock) | |
Request a custom quality download | Business_Workflow_Instance_Transition Business_Workflow_Instance_View Asset_Can_Download_Custom_Quality | Download approval must be set up The asset is "public" (no padlock) | |
Circumvent the download approval process | Download_Approval_Bypass | Download approval must be set up Have enabled either standard or custom download | |
Approve or deny download requests | Business_Workflow_Instance_View Business_Workflow_Instance_Transition Download_Approval_Admin | You must be auto-assigned via the accompanying workflow as per the documentation | |
Enable copyright notification | Follow the documentation: In short, you need to set it up via the config manager settings + metadata settings | ||
Circumvent the copyright notification | Copyright_Notification_Bypass | Have copyright notifications enabled | |
Upload both insecure and secure attachments on tasks | FileRepository_Upload | ||
View own and others' insecure attachments on tasks | FileRepository_Read | ||
View insecure and own secure attachments on tasks | FileRepository_Read | The upload constraint you upload with must have the "secret" bit set to true | |
View own and others' secure attachments on tasks + insecure attachments | FileRepository_Read FileRepository_Read_Secret | ||
Enable intro screen | Choose intro screen mode: Splashscreen or Disclaimer | ||
Enable configuration of the brand portals + styles | FileRepository_Upload FileRepository_Delete Editor_systemTools_config Can_configure_portals | ||
Enable viewing of the brand portals | Can_view_portals | ||
See other users in notifications | Member_Viewer |
Info |
---|
The CCC (DACCC or Digizuite Adobe Creative Cloud Connector) requires all its users to have read access to assets + the following roles
|
Features in CCC | Roles | Rights | ConfigManager |
---|---|---|---|
Check-out assets + check-in assets you've checked out yourself | ItemCheckInOut_CRUD | Write access to the asset | Enable check in/out = true |
See who has checked out assets (both own and others') | Member_Viewer (OR Administrator) | ||
Check-in assets that other people have checked out | Administrator Member_Viewer | ||
Upload active documents or e.g. image files | MediaPortal_Upload | Write access to the "Upload" folder (Usually granted through the "Trusted" group) | |
Replace (INDD, PSD, AI, AEP, PRPROJ) | Asset_Can_Replace | Write access to the "Upload" folder (Usually granted through the "Trusted" group) (?) Write access to the asset |
...