Table of Contents |
---|
...
id | Role | Description | |||
---|---|---|---|---|---|
2 | Uploader | This role is obsolete | |||
25 | Editor_SystemTools_Profiles | Gives access to see and edit profiles in DAM administration view | |||
27 | Editor_SystemTools_UserManager_Users | Gives access to see and edit users in DAM administration view | |||
29 | Editor_Catalogs | Gives access to edit catalog folders in DAM administration view | |||
30 | Viewer_Catalogs | Gives access to see catalog folders in DAM administration view | |||
36 | Editor_SystemTools_UserManager_Groups | Gives access to see and edit groups in DAM administration view | |||
37 | Editor_SystemTools_Metadata | Gives access to see and edit metadata definitions | |||
38 | Administrator | Administrator role used for all administration APIs | |||
41 | Editor_SystemTools_Destinations | Gives access to see and edit destinations in DAM administration view | |||
42 | Editor_SystemTools_Dam | This role is obsolete | |||
43 | Editor_SystemTools_DigizuiteConfig | Gives access to see and edit Digizuite constants in DAM administration view | |||
44 | Editor_SystemTools_MediaFormat | Gives access to see and edit media formats in DAM administration view | |||
45 | Editor_SystemTools_TranscodeSetting | Gives access to see and edit transcodes in DAM administration view | |||
46 | Editor_Portal | This role is deprecated, but in use for the old API when editing channel folders. Only used in the DAM Administration view | |||
50 | Editor_Portal_Admin | Same as above (Editor_portal) | |||
52 | RunningJobs_View | Gives access to see your own upload progress | |||
54 | RunningJobs_ViewAll | Gives access to see all upload progress | |||
55 | RunningJobs_EditOwn | This role is obsolete | |||
57 | RunningJobs_EditAll | This role is obsolete | |||
58 | RunningJobs_ChangePriority | This role is obsolete | |||
59 | RunningJobs_AdminViewSubmitXML | This role is obsolete | |||
60 | Uploader_ShowFolderSelector | This role is obsolete | |||
61 | Uploader_ReplaceWithArchive | This role is obsolete | |||
62 | Uploader_ReplaceWithoutArchive | This role is obsolete | |||
65 | Editor_SystemTools_Config | This role gives access to product configuration including searches, labels, and configuration | |||
67 | VP3_Portal_Admin_StartScreen | This role is obsolete | |||
68 | VP3_Portal_Admin_VideoSlides | This role is obsolete | |||
72 | ItemControlAdmin | This role is obsolete | |||
74 | Editor_SystemTools_AlwaysAllowItemSecurityEdit | This role ignores all item security - use carefully! | |||
76 | MediaPortal_Admin_StartScreen | Allows editing of the start screen in Media Manager | |||
77 | MediaPortal_Admin_Users | This role is obsolete | |||
78 | MediaPortal_Admin_Log | This role is obsolete | |||
79 | MediaPortal_Admin_Trash | This role is obsolete | |||
80 | MediaPortal_User | Basic user role that gives access to login into MediaManager | |||
81 | MediaPortal_Collection | Gives access to collections | |||
82 | MediaPortal_Uploader | Gives access to upload from MediaManager | |||
83 | MediaPortal_Downloader | This role is obsolete | |||
84 | Editor_SystemTools_PlayerTemplate | This role is obsolete | |||
85 | Editor_SystemTools_Stopwords | This role gives access to edit stopwords for Search2 | |||
86 | Editor_SystemTools_License | This role gives access to edit Digizuite licenses | |||
87 | Editor_SystemTools_Status | This role is obsolete | |||
88 | Editor_SystemTools_Workflow | This role is obsolete | |||
90 | Editor_SystemTools_MediaFormatType | This role gives access to edit media format type setup | |||
91 | Editor_SystemTools_MetaDataLanguage | This role gives access to managing languages | |||
92 | MediaPortal_Asset_Replacer | This role is obsolete | |||
93 | MediaPortal_Asset_Unpublisher | This role is obsolete | |||
94 | Upload_Only | This role is deprecated, but used in the Digizuite administration to restrict users to only see the upload dialog | |||
95 | Member_Viewer | This role allows users to see information about other users | |||
103 | Comments_CRUD | Gives access to see, add, delete and edit own comments | |||
104 | Comments_View | Gives access to see comments | |||
105 | Comments_Admin_Delete | Gives access to delete all comments | |||
106 | Asset_Can_Download | Gives access to download assets - Please note that download is controlled by a set of roles and download qualities | |||
107 | Asset_Can_Download_Custom_Quality | Gives access to download custom download qualities if enabled by configuration | |||
108 | Asset_Can_Replace | Allows users to replace assets | |||
109 | Asset_Can_Revise | Allows users to replace an asset with a trim or crop | |||
110 | Asset_Can_Crop | Allows users to crop and trim assets | |||
111 | AuditTrail_View | Allows users to view audit trail for assets | |||
112 | Ai_Add | Allows users to use AI capabilities if enabled and configured | |||
113 | Can_Change_Styling_And_Theming | Allows users to change the styling and theming when Brand portal is not enabled | |||
114 | WorkStages_View | This role allows the user to see the statuses of tasks they're assigned to | |||
115 | WorkStages_Edit_Others | This role allows editing of asset status' they are not assigned to | |||
116 | WorkStages_View_Others | This role allows users to always see asset status | |||
117 | GDPR_Admin | Allows users to do GDPR actions | |||
121 | Saved_Searches_CRUD | Gives access to saved searches | |||
122 | Ai_Translate | Gives access to use metadata translation APIs | |||
123 | Integration_Endpoints_View | Allows users to see integration endpoints | |||
124 | Integration_Endpoints_CRUD | Allows users to edit integration endpoints | |||
125 | Asset_Can_Delete_Permanently | Allows users to permanently delete assets | |||
126 | Can_Edit_Automation_Workflow | Allows editing of automations | |||
127 | Can_View_Logs | Allows users to see system logs | |||
128 | Can_View_Automation_Workflow_Status | Allows users to see the status of automations | |||
129 | Can_Live_Export_Assets_And_Metadata | Full access for downloading and exporting assets and its metadata | |||
130 | Can_Live_Export_Asset_Only | Gives access to download assets | |||
131 | Can_Live_Export_Metadata_Only | Gives access to export metadata for assets | |||
132 | Business_Workflow_View | Gives access to see the workflow definitions | |||
133 | Business_Workflow_CRUD | Gives access to edit the workflow definitions | |||
134 | Download_Approval_Bypass | If download approval is enabled, this role bypasses it | |||
135 | Download_Approval_Admin | Gives access to configure download approval | |||
136 | Copyright_Notification_Bypass | If copyright notification is enabled, this role bypasses it | |||
138 | Youtube_Admin | Gives access to configure Youtube integrations | |||
139 | Business_Workflow_Instance_View_Others | This role allows the users to see tasks in Workflows they are not assigned to | |||
140 | Asset_Can_Download_Any | Bypasses all download rules | |||
141 | Can_See_Grafana_Shortcut | Gives access to system monitoring | |||
142 | Comments_Admin_Update | Gives access to edit all comments | |||
143 | Business_Workflow_General_Transition_Executor | Allows users to do transitions in workflow tasks that have no user constraints on transition | |||
144 | Business_Workflow_Instance_Delete | Allows users to delete workflow tasks | |||
147 | Business_Workflow_Instance_View | Allows users to see workflow tasks they are assigned to | |||
148 | Business_Workflow_Instance_Transition | Allows users to see transitions | |||
149 | Business_Workflow_Instance_Assign | Allows assigning workflow tasks to other people | |||
150 | EditSso | Allows editing of SSO settings | |||
151 | CanImpersonate | Allows a user to create access keys for other users. Be careful with this role as it allows bumping user access. Should only be used for System user | |||
152 | FileRepository_Read | Used for files in workflows. This gives the users access to see attached files | |||
153 | FileRepository_Read_Secret | Used for files in workflows. This gives the users access to see secret attached files | |||
154 | FileRepository_Upload | Used for files in workflows. This gives the users access to see uploaded files | |||
155 | FileRepository_Delete | Used for files in workflows. This gives the users access to see delete uploaded files | |||
156 | MailTemplates_CRUD | Allows users to edit mail templates | |||
157 | Can_Force_Job_Status_Change | Allows users to change job status, for example restarting a failed job | |||
158 | Can_Configure_Members | Used in MediaManager to allow editing users. This is behind a feature flag in the current version. Will be available in the future | |||
159 | Can_Rerun_Workflows | This allows users to run automations with a manual trigger | |||
160 | ItemCheckInOut_CRUD | This gives access to check-in and check-out | |||
161 | ChannelFolder_CRUD | Allows the user to edit Channel folders. As of this release, this is a new API not being used in any UI and therefore this role is not needed by users | |||
162 | ChannelFolder_View | Allows the user to see Channel folders. As of this release, this is a new API not being used in any UI and therefore this role is not needed by users | |||
163 | ConfigManagement_Admin | Allows users to edit the configuration for products. This is a new API and is not available through UI yet. | |||
170 | Creative_Cloud_Connector | Allows users access to the Creative Cloud Connector | |||
171 | Can_See_Generic_Job_Status | Allows users to see generic job status - for instance elastic re-indexing | |||
172 | Can_Admin_Accelerated_Search | Allows users to see the status for search administration in Media Manager | |||
173 | Smart_Asset_Picker_Connector | Allows users to use the embedded Media Manager UI | |||
174 | Can_configure_portals | Allows editing of Digizuite portals. Requires FileRepository_Upload, FileRepository_Delete, Editor_systemTools_config to work | |||
175 | Can_view_portals | Allows users to see Digizuite portals | |||
176 | Can_view_metadata_tab | Allows users to see the metadata tab on asset details | |||
177 | Can_view_related_assets | Allows users to see the related assets tab on asset details | |||
178 | Can_manage_filters_and_fields | Allows users to set up filters and free text searching. Requires Editor_systemTools_config to work | |||
179 | Can_configure_external_sharing | Allow users to configure external sharing. Requires Editor_systemTools_config to work | |||
180 | Can_view_service_health | Allows users to see the health status of the DigizuiteCore services | |||
181 | Asset_Can_Archive | Allows users to archive (soft delete) assets | |||
182 | Can_view_rabbit_health | Allows users to see the RabbitMQ queues | |||
183 | Can_crud_rabbit_health | Allows users to perform move and pruge messages also create and delete temp queues in RabbitMQ | |||
184 | Collection_Super_Administrator | Allows the user to access the apis defined under "DigizuiteCore/CollaborationService/api/collection/admin". These are currently only used by AW. So only the System user really needs this role, though by default it is given to the Super Administrator group. | |||
186 | Upload_with_required_metadata | Limits the user to fill in all required metadata fields before an asset upload can be performed | |||
187 | Can_crop_email | Allows the user to make a crop and e-mail it to someone | |||
191 | Collection_can_share_mail | Allows the user to share with an external e-mail (available from 5.6.1, but not enabled before 5.6.2) can be turned on through Media Manager Settings → collections → Enable external collection sharing | |||
192 | Collection_can_share_zip | Allows the user to share asset(s) as a zip (available from 5.6.1, but not enabled before 5.6.2) can be turned on through Media Manager Settings → collections → Enable external collection sharing | |||
193 | Collection_can_share_user | Allows the user to share collections with other users (available from 5.6.1, but not enabled before 5.6.2) can be turned on through Media Manager Settings → collections → Enable external collection sharing | |||
194 | Collection_can_share_group | Allows the user to share with groups (available from 5.6.1) can be turned on through Media Manager Settings → collections → Enable external collection sharing | |||
195 | Collection_can_share_link | Allows the user to share a collection as a link (available from 5.6.1, but not enabled before 5.6.2) can be turned on through Media Manager Settings → collections → Enable external collection sharing | |||
196 | Can_Configure_Importer | Allows the user to configure the importer | |||
197 | Can_change_password | Allows the user to change it's own password | |||
198 | Can_embed_assets | Allows the user to use the embed video feature | |||
199 | Can_embed_assets_admin | Allows the user to manage active embeds | |||
200 | Can_edit_combo_nodes | Allows the user to edit combo nodes. | |||
201 | Can_edit_tree_nodes | Allows the user to edit tree nodes. | |||
203 | Analytics_viewer | Allows the user to view analytics. | |||
204 | Analytics_writer | Allows the user to create, update, and delete dashboards. | |||
205 | Formats_CRUD | Allows the user to create, read, update, and delete formats. | 206 | Can_Get_Custom_Rendition | Allows the user to request a custom rendition of a dynamically specified format. |
Features
The other way around - what roles and rights need to be added to enable a feature
...
Features in MM | Roles | Rights | ConfigManager |
---|---|---|---|
Upload assets via MM + see "Your uploads". | MediaPortal_Upload | Write access to the "Upload" folder (Usually granted through the "Trusted" group) | |
Enable users to change their profile information | Enable users to see and edit their account information = True | ||
Upload/change profile image via MM | MediaPortal_Upload | Enable profile images = True Enable users to see and edit their account information = True | |
Restore old asset version via MM | Asset_Can_Replace | Write access to the "Upload" folder (Usually granted through the "Trusted" group) (Having write access to Content does nothing) | |
Replace asset + See "Asset History" (Not audit trail) | Asset_Can_Replace | Write access to the asset | |
See asset statuses + Enable the "My tasks" view | WorkStages_View | Read access to the asset | |
Enable the "All tasks" view | WorkStages_View WorkStages_View_Others | Read access to the asset | |
Change/set assets' statuses (on assets not already assigned to other users - Meaning only assets where you or none is assigned) | Member_Viewer WorkStages_View | Write access to the asset Write rights to the combo options in "Metadata → Asset → Shared → Tasks → Status" and then "Metadata field label → Edit combo values" (usually granted via trusted) | |
Change/set assets' statuses (regardless of who they're assigned to) | Member_Viewer WorkStages_View WorkStages_Edit_Others | Write access to the asset Write rights to the combo options in "Metadata → Asset → Shared → Tasks → Status" and then "Metadata field label → Edit combo values" (usually granted via trusted) | |
Printing | Asset_Can_Download | The asset is "public" (no padlock) | |
Enable (single- and multi-) download of an asset's predefined qualities Enable (single- and multi-) download of assets and metadata Enable download of collections as a zip | Asset_Can_Download Can_Live_Export_Assets_And_Metadata | The asset is "public" (no padlock) Should be added to a group with download qualities: "Guest", "Light Users", "Content Creators", "Administrators", or "Super Administrators" | |
Enable (single- and multi-) download of an asset's predefined qualities Enable (single- and multi-) download of metadata Enable download of collections as a zip | Asset_Can_Download Can_Live_Export_Metadata_Only | The asset is "public" (no padlock) Should be added to a group with download qualities: "Guest", "Light Users", "Content Creators", "Administrators", or "Super Administrators" | |
Enable (single- and multi-) download of an asset's predefined qualities Enable (single- and multi-) download of assets Enable download of collections as a zip | Asset_Can_Download Can_Live_Export_Asset_Only | The asset is "public" (no padlock) Should be added to a group with download qualities: "Guest", "Light Users", "Content Creators", "Administrators", or "Super Administrators" | |
Download custom qualities | Asset_Can_Download Asset_Can_Download_Custom_Quality | The asset is "public" (no padlock) | Custom quality color spaces = must have content Custom quality image types = must have content Enable custom quality download = true |
Enable embed as a sharing option for videos | MediaPortal_Video_Embed MediaPortal_Share | The "Embed player user" has read rights to the video assets | Choose available embed video sizes = must have content Choose available embed video qualities = must have content Embed player user = must have content (usually "Guest") |
Enable sharing assets to/via collections (Create new, Add to existing) | MediaPortal_Share MediaPortal_Collection | The asset is "public" (no padlock) | |
Add asset to own collection. | MediaPortal_Collection | The asset is "public" (no padlock) | |
Enable the ability to CRUD own collections | MediaPortal_Collection | ||
Enable ability to CRUD own collections + CRUD collections shared to oneself/Others | MediaPortal_Collection | Give new recipients of non-social collections (e.g. not Facebook collections) access to manipulate collections = true | |
Enable non-pre-existing users to read collections on an SSO site | MediaPortal_Collection | Allow shared collection users to bypass login required screen = true | |
Enable users to use AI Tagging + your site has external access | Ai_Add | Write access to the asset (only images) | Enable AI tagging functionality for metadata field = Keywords(10192) (Keywords must be autotranslate = true) |
If you want AI tagging but don't have external access | Ai_Add | Write access to the asset (only images) | Enable AI tagging functionality for metadata field = Keywords(10192) (Keywords must be autotranslate = true) Use local analysis for AI services = true |
Enable CRUD of own saved searches | Saved_Searches_CRUD | ||
Enable crop/trim (share it via email) | Asset_Can_Crop | ||
Enable crop/trim + Replace original asset with crop/trim + Restore to an older version of an asset | Asset_Can_Crop Asset_Can_Replace | Write access to the asset Write access to the Uploads folder OR the Content folder (The option to restore requires "write access" to the Uploads folder) | |
Enable crop/trim + Make new child asset with crop/trim | Asset_Can_Crop Asset_Can_Revise | Write access to the asset Write access to the Uploads folder OR the Content folder | |
Have the filter open every time you access the MM | Automatically expand filter pane in asset list = true | ||
Make all filters be expanded every time you access MM | Automatically expand filter pane in asset list = true Automatically expand individual filters in asset list = true | ||
Make asset ID shown | Show asset ID in asset list = true | ||
Enable password reset | Enable the option to reset one's password = true | ||
Enable self sign-up where users can choose their own password | Enable self sign up = true Template user for self sign up users = A user with all the rights, roles, and groups your users should have (User must be enabled) Allow users to choose a password on signup = true Auto-created user folder ID = the ID of the folder where you want your users to go. | ||
Enable email verification for self-sign-up (when self-sign-up already is enabled) where users can choose their own password | Enable self sign up = true Template user for self sign up users = A user with all the rights, roles, and groups your users should have (User must be disabled) Allow users to choose a password on signup = true Verification when a user is created using self sign up = Email verification | ||
Enable admin verification for self-sign-up (when self-sign-up already is enabled) where users can choose their own password | Enable self sign up = true Template user for self sign up users = A user with all the rights, roles, and groups your users should have (User must be disabled) Allow users to choose a password on signup = true Verification when a user is created using self sign up = Admin verification Administrative verification email = the admin's email | ||
Enable that refreshing MM will log one out | Enable persistent login = false | ||
Enable reading other peoples' comments and annotations | Comment_View | ||
Enable commenting and annotating | Comment_View Comment_CRUD | ||
Enable commenting and annotating + tagging other users | Comment_View Comment_CRUD Member_Viewer | ||
Access the task list | Business_Workflow_Instance_View | ||
Edit workflows | Business_Workflow_CRUD Business_Workflow_View | ||
Request download of an asset's predefined formats. Can single download approved assets. Can single download if bypassed with a bit field. | Business_Workflow_Instance_Transition Business_Workflow_Instance_View Asset_Can_Download | Download approval must be set up The asset is "public" (no padlock) | |
Request download of an asset's predefined formats. Can single download approved assets. Can single and multi download if bypassed with a bit field. | Business_Workflow_Instance_Transition Business_Workflow_Instance_View Asset_Can_Download Can_Live_Export_Asset_Only | Download approval must be set up The asset is "public" (no padlock) | |
Request a custom-quality download | Business_Workflow_Instance_Transition Business_Workflow_Instance_View Asset_Can_Download_Custom_Quality | Download approval must be set up The asset is "public" (no padlock) | |
Circumvent the download approval process | Download_Approval_Bypass | Download approval must be set up Have enabled either standard or custom download | |
Approve or deny download requests | Business_Workflow_Instance_View Business_Workflow_Instance_Transition Download_Approval_Admin | You must be auto-assigned via the accompanying workflow as per the documentation | |
Enable copyright notification | Follow the documentation: In short, you need to set it up via the config manager settings + metadata settings | ||
Circumvent the copyright notification | Copyright_Notification_Bypass | Have copyright notifications enabled | |
Upload both insecure and secure attachments on tasks. Required for upload file constraints | FileRepository_Upload | ||
View own and others' insecure attachments on tasks | FileRepository_Read | ||
View insecure and own secure attachments on tasks | FileRepository_Read | The upload constraint you upload with must have the "secret" bit set to true | |
View own and others' secure attachments on tasks + insecure attachments | FileRepository_Read FileRepository_Read_Secret | ||
Enable intro screen | Choose intro screen mode: Splashscreen or Disclaimer | ||
Enable configuration of the brand portals + styles | FileRepository_Upload FileRepository_Delete Editor_systemTools_config Can_configure_portals Can_Change_Styling | ||
Enable viewing of the brand portals | Can_view_portals | ||
See other users in notifications. | Member_Viewer | ||
Remove access to upload without setting upload required metadata fields | Upload_with_required_metadata | The metadata field has "Upload required" = enabled |
...
Info |
---|
The CCC (DACCC or Digizuite Adobe Creative Cloud Connector) requires all its users to have read access to assets + the following roles.
|
Features in CCC | Roles | Rights | ConfigManager |
---|---|---|---|
Check-out assets + check-in assets you've checked out yourself (This does not make sense if you do not have the replace role) | ItemCheckInOut_CRUD | Write access to the asset | Enable check-in/out = true |
See who has checked out assets (both own and others') | Member_Viewer (OR Administrator) | ||
Check-in assets that other people have checked out | Administrator Member_Viewer | ||
Upload active documents or, e.g., image files | MediaPortal_Upload | Write access to the "Upload" folder (Usually granted through the "Trusted" group) | |
Replace (INDD, PSD, AI, AEP, PRPROJ) | Asset_Can_Replace | Write access to the "Upload" folder (Usually granted through the "Trusted" group) (?) Write access to the asset |
...