This section describes how security is handled in the Digizuite.
Recommendation
Digizuite is recommended to be installed as a https site using the most recent tls protocols.
Token based security
Digizuite uses a token based security, where a token is validated on each API request. The token contains information about the user and access rights are resolved based on this. Security tokens expires after a configurable time interval thereby removing access to content accessed directly using a security token.
Digizuite has three different access rights:
- Read
- Write
- None
If a user has read, the user is allowed to see content, but not alter. If the user has write, it can see and alter content. Lastly having none of the before mentioned rights disallows access.
Access rights can be set directly on the user or on a user group. It can be set directly on individual asset or on the folder in which the asset is placed.
Role based security
On top of the token based security, Digizuite uses a role based security system, to protect access to certain features and functions. An example of this is allowing upload from frontends, which is protected by a role.
A role can be assigned directly to a user or a user group.