DC 5.5 Roles

General information

Roles can be added to users in three ways:

  1. Directly on the user (Role→User)
  2. Inherited via a group which the user is a part of (Role→GroupUser)
  3. Inherited via a group that has the role inherited from another group (Role→Group→Group→User) (Technically, you can have unlimited groups in groups - but the groups must never create a circular reference)

Users can simultaneously have roles added directly and roles inherited via groups - having the same role added twice (or multiple times) doesn't have an impact. Removing e.g. a group with a duplicate role - will still leave your user with the role.

Roles and groups that have been inherited, will be greyed out. (You also inherit download qualities, but our current implementation does not make them show up. In a perfect world, the inherited download qualities would show up as greyed out)

If you have duplicate roles then the role will have a (+) appended


CRUD
CreateMake new things
ReadRetrieve existing things
UpdateChange existing things
DeleteDelete existing things

List of roles

This list is descriptive, meaning that it's not prescriptive.

Essentially, this means that this list describes what it currently does - not what it's supposed to do. As time goes on, these two things should align 100%.

#

Roles

DCMMCCCOCMarked for deletion by:Description
1Administratorāœ“āœ—


Used internally to access different internal apis, like loading workflows in a format that can actually be initialized. Should be given to the System user. 
2Ai_Addāœ—āœ“


Enables you to use AI tagging on images. Requires additional setup if you don't want to use Digizuite's Azure account for it. Requires an EditMultiComboVlaue to be defined in MM's config manager.

3Ai_Translateāœ—āœ“


If you have AI tagging enabled, this role allows you to translate values into other languages automatically.
4Asset_Can_Cropāœ—āœ“


Is the gateway to use crop. On its own, it only supports sending out "crops" via email. This role can be combined with "Asset_Can_Revise" to make an asset have crops as children - and "Asset_Can_Replace" which enables the crop to supersede the asset being cropped-
5Asset_Can_Delete_Permanentlyāœ“āœ—


Enables one to remove an asset + all its metadata from all places (storage, Azure storage, database)
6Asset_Can_Downloadāœ—āœ“


Enables one to download an asset and print published assets (assets without a lock).

You need to have download qualities added, to be able to download assets. These are assigned via groups. Groups with download qualities are: "Guest", "Light Users", "Content Creators", "Administrators", and "Super Administrators"

7Asset_Can_Download_Anyāœ—āœ“


Enables the user to download any asset.
8Asset_Can_Download_Custom_Qualityāœ—āœ“


Gives one the option to download an asset in either another colorspace (e.g. sRGB, greyscale) or another filetype (jpg, png)
9Asset_Can_Replaceāœ“āœ“


Enables assets to be replaced via the MM. It requires "write rights" to the asset to work. It also allows for assets to be replaced by crops + it enables restoring older versions of the asset via the "Asset history" (Effectively reverting a replace)
10Asset_Can_Reviseāœ—āœ“


Enables one to make crops into child assets
11AuditTrail_Viewāœ—āœ“


Enables one to look at all assets' audit trail (basically metadata history). Please be aware that very few things are "audited" out of the box
12Business_Workflow_CRUDāœ—āœ“


Enables one to create, read, update, delete workflows (Aka. the BW editor) - requires Business_Workflow_View to function
13

Business_Workflow_General_Transition_Executor

āœ—āœ“


Enables users to bypass the "transition executor" constraints on workflow transitions. There are 3 "transition executor" constrains. They are the constraints that start with "Only" in their names.
14Business_Workflow_Instance_Assignāœ—āœ“


Enables the user to assign a workflow instance or stage to another user. Unused in MM5
15Business_Workflow_Instance_Deleteāœ—āœ“


Enables the user to delete any workflow instance
16Business_Workflow_Instance_Transitionāœ—āœ“


Enables the user to create or transition a  workflow instance overall. Transitions also require an "transition executor" constraint to allow for transitioning. There are 3 "transition executor" constrains. They are the constraints that start with "Only" in their names.
17Business_Workflow_Instance_Viewāœ—āœ“


Enables the user to see it's own workflow instances (aka. tasks)
18Business_Workflow_Instance_View_Othersāœ—āœ“


Enables one to view the workflow instances of other users
19Business_Workflow_Viewāœ—āœ“


Enables the user to view the workflows in the system - however, not access to them, for this you need Business_Workflow_CRUD
20Can_Change_Styling_And_Themingāœ—āœ“


Gives one the ability to change the channel's logo and color (theming/styling) via the MM

21

Can_Configure_Members

āœ—

āœ“




Allows the user to configure MM to use a Member Approval business workflow.

22Can_Edit_Automation_Workflowāœ—āœ“


Allows the user to see and edit automations
23

Can_Force_Job_Status_Change

āœ“āœ“


Allows the user to cancel or delete jobs in both AW and DigiBatch. 

24Can_Live_Export_Asset_Onlyāœ—āœ“


Allows the user to create an export that contains only assets
25Can_Live_Export_Assets_And_Metadataāœ—āœ“


Allows the user to create an export that contains both assets and metadata
26Can_Live_Export_Metadata_Onlyāœ—āœ“


Allows the user to create an export that contains only metadata
27Can_Open_Office_Documentāœ—āœ“


Enables one to open Office documents in the Office Connector via the MM. Supports PowerPoints, Word, and Excel formats (incl. macros and templates) 
28

Can_Rerun_Workflows

āœ“

āœ“




Allows the user to use the "ManualTrigger" AW trigger to start workflows based on simple input data. 

29

Can_See_Grafana_Shortcut

āœ—

āœ“




Allows the user to see the shortcut to Grafana in the MM ui. The login to grafana is separate from their Digizuite login, and has nothing to do with this role. 

30Can_View_Automation_Workflow_Statusāœ—āœ“


Allows the user to view the status of running automations
31Can_View_Logsāœ—āœ“


Allows the user to view some logs directly in the MM UI
32

CanImpersonate

āœ“

āœ—




Allows the user to generate access keys for other users. Should only be given to the "System" user, unless you have very good reason for anything else.

33Comments_Admin_Deleteāœ“āœ“


Enables one to Delete other peoples' comments - e.g. to remove spam
34Comments_Admin_Updateāœ“āœ“


Enables one to Update other people's comments

35Comments_CRUDāœ“āœ“


Enables one to Create (own), Update (own), Delete (own) comments (for tasks and images) and Create (own), Update (own), Delete (own), annotations on images.

It requires Comment_View to function.

36Comments_Viewāœ“āœ“


Enables one to Read (all) comments (assets and tasks) and Read (all) annotations

Gives you the option to access comments directly from the asset overview

37Copyright_Notification_Bypassāœ—āœ“


Enables the user to download an asset, bypassing the copyright notification in MM5.
5.5.2 onlyCreative_Cloud_Connectorāœ—āœ—āœ“āœ—
Grants users access to the new Creative Cloud Connector
38Download_Approval_Admināœ—āœ“


Enables the user to edit download request approval configuration within MM5.
39Download_Approval_Bypassāœ—āœ“


Enables the user to download an asset, bypassing the download approval process in MM5.
40

Editor_Catalogs

āœ“āœ—


Enables "Catalog" in the left side menu
41

Editor_Portal

āœ“āœ—


Enables "Channels" in the left side menu
42Editor_Portal_Admināœ“āœ—

LSDoes nothing beyond what "Editor_Portal" already does. Deprecated.
43Editor_SystemTools_AlwaysAllowItemSecurityEditāœ“āœ“


This role at its purest

  1. Every time the user reads, it'll skip the mandatory security check.
  2. It'll grant you access to change rights for all items.

Gives you read access to everything you've added - e.g. makes all Catalog and Channel folders appear if you've added "Editor_Catalogs" and "Editor_Portal".

It only gives read access to assets in the DC - I.e. it does not give you read access to assets in the MM (even though it appears that you have read access to them when you look at the channels in DC).

With this, you can give yourself (and others) write access to folders you don't have write access to.

It also adds "System Tools" to the left side menu - but it is blank - meaning that there are not any system tools in it.

It opens up for access to content in Media Manager. Here this role gives you high-level access.

It gives you access to all collections for all users in the system

44

Editor_SystemTools_Config

āœ“āœ—


Enables System Tools → ConfigManager
45

Editor_SystemTools_Dam

āœ“āœ—


Enables one to select all catalog and channel folders in System tools → Workflow → AssetSyncFolder → "Sync rootfolder"/"Destination folder". Without this role, one can only select folders that you have read-access to.

46

Editor_SystemTools_Destinations

āœ“āœ—


Enables System Tools → Destinations
47

Editor_SystemTools_DigizuiteConfig

āœ“āœ—


Enables System Tools → Digizuite™ configuration AND Enables System Tools → Asset type configuration
48

Editor_SystemTools_License

āœ“āœ—


Enables System Tools → License
49

Editor_SystemTools_MediaFormat

āœ“āœ—


Enables System Tools → Formats
50

Editor_SystemTools_MediaFormatType

āœ“āœ—


Enables System Tools → Format types
51

Editor_SystemTools_Metadata

āœ“āœ—


Enables System Tools → Metadata
52

Editor_SystemTools_MetaDataLanguage

āœ“āœ—


Enables System Tools → Language
53

Editor_SystemTools_PlayerTemplate

āœ“āœ—

LSDeprecated with the deprecation of player templates. There is a cleanup task already for player template.
54

Editor_SystemTools_Profiles

āœ“āœ—


Enables System Tools → Profiles
55

Editor_SystemTools_Status

āœ“āœ—


Enables System Tools → Status
56

Editor_SystemTools_Stopwords

āœ“āœ—


Enables System Tools → Search stop words
57

Editor_SystemTools_TranscodeSetting

āœ“āœ—


Enables System Tools → Transcode settings
58

Editor_SystemTools_UserManager_Groups

āœ“āœ—


Enables System Tools → Users and groups → Groups
59

Editor_SystemTools_UserManager_Users

āœ“āœ—


Enables System Tools → Users and groups → Users
60

Editor_SystemTools_Workflow

āœ—āœ—


Obsolete - To be deleted

61

EditSso

āœ“

āœ“




Allows the user to change the systems SSO settings. Should probably only be given to a select set of super administrators

62FileRepository_Deleteāœ—āœ—


Enables the user to delete files from the file repository. Currently a pure API function for the time being, as there is no UI that uses this.
63FileRepository_Readāœ—āœ“


Enables the user to read file from the file repository
64FileRepository_Read_Secretāœ—āœ“


Enables the user to read secret files from the file repository.
65FileRepository_Uploadāœ—āœ“


Enables the user to upload files to the file repository.
66GDPR_Admināœ—āœ—


It gives you the right to Read and Delete other users' data. There is no UI for this.
67Integration_Endpoints_CRUDāœ—āœ“


Gives one the ability to Create, Read, Update, Delete integration endpoints
68Integration_Endpoints_Viewāœ—āœ“


Gives one the ability to Read existing integration endpoints
5.5.1/2 onlyItemCheckInOut_CRUDāœ—āœ—āœ“āœ—
Enables the user to check out and check in assets, to block others from making changes to assets you're editing.
69ItemControlAdmināœ“āœ—

LSUnused.
70MailTemplates_CRUDāœ—āœ“


Enables the user to manage mail templates from MM5.
71MediaPortal_Admin_Logāœ—āœ“

SFNot implemented - to be deleted
72

MediaPortal_Admin_StartScreen

āœ—āœ“


Enables one to change the start screen from the MM
73MediaPortal_Admin_Trashāœ—āœ“

SFNot implemented - to be deleted
74MediaPortal_Admin_Usersāœ—āœ“

SFNot implemented - to be deleted
75

MediaPortal_Asset_Replacer

āœ—āœ“

SFNot implemented - to be deleted - Use "Asset_Can_Replace" instead
76

MediaPortal_Asset_Unpublisher

āœ—āœ“

SFNot implemented - to be deleted
77MediaPortal_Can_Preview_Officeāœ—āœ“


Enables one to use Online Office to preview Office documents. This requires the site to be accessible from the outside (i.e. only works on sites where VPN isn't needed to access the site). It can be accessed by previewing, the same way you would an image.
78

MediaPortal_Collection

āœ—āœ“


Enables users to Create, Update (their own), and Delete (their own) collections. All users can Read collections - though they have to be accessed via mail
79MediaPortal_Custom_Qualityāœ—āœ“

SFNot implemented - to be deleted - Use "Asset_Can_Download_Custom_Quality" instead
80MediaPortal_Downloaderāœ—āœ“

SFNot implemented - to be deleted - Use "Asset_Can_Download" instead
81MediaPortal_Edit_Accountāœ—āœ“

SFNot implemented - to be deleted
82MediaPortal_See_Asset_Info_Defaultāœ—āœ“

SFNot implemented - to be deleted
83MediaPortal_See_Profile_Imagesāœ—āœ“

SFNot implemented - to be deleted - Use config manager instead
84MediaPortal_See_Uploader_Nameāœ—āœ“

SFNot implemented - to be deleted - Use config manager instead
85MediaPortal_Shareāœ—āœ“


Enables one to share via the MM UI. Enabling this gives you the ability to share assets via: URL, Zip (email), social media - and if collections are enabled one can also share assets via: New collection (create new), and Existing collection (add to existing).

If collections are enabled, one can share them via: Zip (a package over mail), Social media, and Collection (give people rights to preview the collection from MM)

If the following is enabled "Give new recipients of non-social collections (e.g. not Facebook collections) access to manipulate collections:" via config manager, the recipient will be able to CRUD the collection, else the recipient will only be able to Read the collection.

Sharing over social media makes the shared asset publicly available. One needs to manually revoke the read rights on the asset level, to make it internal again.

86

MediaPortal_Uploader

āœ—āœ“āœ—

Gives one the ability to upload via the MM (one still needs "write rights" to the Upload folder though - the "Trusted" role will give you this) + shows the "your uploads"
87

MediaPortal_User

āœ—āœ“


Required to access to MM
88MediaPortal_Video_Embedāœ—āœ“


Requires "MediaPortal_Share" + some settings in CondigManager to work (See the table in the bottom of this page - ctrl+f "embed")

Adds embed as a sharing option. It only works with videos.

89

Member_Viewer

āœ—āœ“


Allows the user to see other members of the portal (e.g. during the "asset status", "comment", and "sharing" processes, where it's needed to see internal users)
90Office_Can_Replaceāœ—āœ—
āœ“
Enables the user to replace an existing Office document with the Office Connector.
91

RunningJobs_AdminViewSubmitXML

āœ“āœ—


Obsolete - To be deleted
92

RunningJobs_ChangePriority

āœ—āœ—


Obsolete - To be deleted
93

RunningJobs_EditAll

āœ“āœ—


Obsolete - To be deleted

94

RunningJobs_EditOwn

āœ“āœ—


Obsolete - To be deleted

95

RunningJobs_View

āœ“āœ—


Obsolete - To be deleted. It gives you the ability to see your own running jobs. With this, you'll also be able to see how many jobs are failed/waiting/running - just now which jobs it is and who's jobs it is. Only gives Read access.
96

RunningJobs_ViewAll

āœ“āœ—


Obsolete - To be deleted. Gives you Read access to all running jobs. Meaning that you cannot e.g. restart them if you've failed. Doesn't require "RunningJobs_View" in order to work. 
97Saved_Searches_CRUDāœ—āœ“


Enables one to CRUD one's own saved searches. One can also share them without having the "share role" enabled
98Upload_Onlyāœ“āœ—


If this is enabled, accessing the DC will put you into a "write-only" mode - e.g. for photographers, who should not have read access but write access. Requires "write access" to the Uploads folder in order to work.
99Office_Can_Upload_Newāœ—āœ—
āœ“
Enables the user to save new Office documents with the Office Connector. 
100Uploaderāœ—āœ—

LSUnused.
101Uploader_ReplaceWithArchiveāœ“āœ—

LSUnused.
102Uploader_ReplaceWithoutArchiveāœ—āœ—


It enables a user to replace assets without archiving the old version. Cannot be accessed via the UI
103

Uploader_ShowFolderSelector

āœ—āœ—


Only implemented in DFS. Is used to give users access to upload to the catalog area while using the embedded upload component

104Viewer_Catalogsāœ“āœ—

LSDoes nothing beyond what Editor_Catalogs already does. Deprecated.
105VP3_Portal_Admin_StartScreenāœ—āœ—

SFNot implemented - to be deleted
106VP3_Portal_Admin_VideoSlidesāœ—āœ—

SFNot implemented - to be deleted
107WorkStages_Edit_Othersāœ—āœ“


Enables you to change statuses on assets that are assigned to other users than yours.
108WorkStages_Viewāœ—āœ“


Enables you to get the "Asset Status --> My tasks"
109WorkStages_View_Othersāœ—āœ“


Enables you to get the "Asset Status --> All tasks". It requires that "WorkStages_View" is also set to work.
110Youtube_Admināœ—āœ“


Enables the user to configure the YouTube integration from MM5.
111Can_configure_portalsāœ—āœ“


Enables the user (with other roles enabled)  to configure the brand portal styles in 5.6+
112Can_view_portalsāœ—āœ“


Enables the user to view brand portals in 5.6+

Note: If both Uploader_ReplaceWithArchive and Uploader_ReplaceWithoutArchive are enabled the user will be asked what he wants to do with the old asset: archive it or delete it.

Features

The other way around - what roles and rights need to be added to enable a feature

MediaPortal_User is needed to access MM - so for all MM features below, it's given that MediaPortal_User is already enabled.

In a lot of instances, you also need read access to assets. I only scarcely add this as a right sometimes. Usually, it's self-evident that one should have read access to an asset to add it to a collection.

The Upload folder (46) is the default folder for uploading. This can be changed - and if changed, use this other folder instead.

For Keywords - Keywords (10192) is default. This can of course also be changed - where you should use this new metadata field instead.

Green = OK

Yellow = Might not be OK

Features in MM

RolesRightsConfigManager
Upload assets via MM + see "Your uploads"MediaPortal_Upload Write access to "Upload" folder (Usually granted through the "Trusted" group)


Enable users to change their profile information

Enable users to see and edit their account information = True
Upload/change profile image via MMMediaPortal_Upload 

Enable profile images = True

Enable users to see and edit their account information = True

Restore old asset version via MMAsset_Can_ReplaceWrite access to "Upload" folder (Usually granted through the "Trusted" group) (Having write access to Content does nothing)
Replace asset + See "Asset History" (Not audit trail)Asset_Can_ReplaceWrite access to the asset
See asset statuses + Enable the "My tasks" viewWorkStages_ViewRead access to the asset
Enable the "All tasks" view

WorkStages_View

WorkStages_View_Others

Read access to the asset
Change/set assets' statuses (on assets not already assigned to other users - Meaning only assets where you or none is assigned)

Member_Viewer

WorkStages_View

Write access to the asset

Write rights to the metadata fields in "Metadata > Asset > Shared > Tasks" (usually granted via trusted)


Change/set assets' statuses (regardless of who they're assigned to)

Member_Viewer

WorkStages_View

WorkStages_Edit_Others

Write access to the asset

Write rights to the metadata fields in "Metadata > Asset > Shared > Tasks" (usually granted via trusted)


PrintingAsset_Can_DownloadThe asset is "public" (no padlock)

Enable (single- and multi-) download of an asset's predefined qualities

Enable (single- and multi-) download of assets and metadata

Enable download of collections as zip

Asset_Can_Download

Can_Live_Export_Assets_And_Metadata


The asset is "public" (no padlock)

Should be added to a group with download qualities: "Guest", "Light Users", "Content Creators", "Administrators", or "Super Administrators"


Enable (single- and multi-) download of an asset's predefined qualities

Enable (single- and multi-) download of metadata

Enable download of collections as zip

Asset_Can_Download

Can_Live_Export_Metadata_Only


The asset is "public" (no padlock)

Should be added to a group with download qualities: "Guest", "Light Users", "Content Creators", "Administrators", or "Super Administrators"


Enable (single- and multi-) download of an asset's predefined qualities

Enable (single- and multi-) download of assets

Enable download of collections as zip

Asset_Can_Download

Can_Live_Export_Asset_Only


The asset is "public" (no padlock)

Should be added to a group with download qualities: "Guest", "Light Users", "Content Creators", "Administrators", or "Super Administrators"


Download custom qualities

Asset_Can_Download

Asset_Can_Download_Custom_Quality

The asset is "public" (no padlock)

Custom quality color spaces = must have content

Custom quality image types = must have content

Enable custom quality download = true

Enable sharing (URL, Social)MediaPortal_ShareThe asset is "public" (no padlock)
Enable sharing (Zip)

MediaPortal_Share

Can_Live_Export_Asset_Only

OR

MediaPortal_Share

Can_Live_Export_Assets_And_Metadata

The asset is "public" (no padlock)
Enable sharing (Zip) 
(From MM5.5.7)

MediaPortal_Share

Asset_Can_Download

Can_Live_Export_Asset_Only OR Can_Live_Export_Assets_And_Metadata

The asset is "public" (no padlock)
Enable embed as a sharing option for videos

MediaPortal_Video_Embed

MediaPortal_Share

The "Embed player user" has read rights to the video assets

Choose available embed video sizes = must have content

Choose available embed video qualities = must have content

Embed player user = must have content (usually "Guest")

Enable sharing assets to/via collections (Create new, Add to existing)

MediaPortal_Share

MediaPortal_Collection

The asset is "public" (no padlock)
Add asset to own collectionMediaPortal_CollectionThe asset is "public" (no padlock)
Enable ability to CRUD own collectionsMediaPortal_Collection

Enable ability to CRUD own collections + CRUD collections shared to oneself/OthersMediaPortal_Collection
Give new recipients of non-social collections (e.g. not Facebook collections) access to manipulate collections = true
Enable non-pre-existing users to read collections on an SSO siteMediaPortal_Collection
Allow shared collection users to bypass login required screen = true
Enable user to use AI Tagging + your site has external accessAi_Add

Write access to the asset (only images)

Enable AI tagging functionality for metadata field = Keywords(10192) (Keywords must be autotranslate = true)
If you want AI tagging but don't have external accessAi_Add

Write access to the asset (only images)

Enable AI tagging functionality for metadata field = Keywords(10192) (Keywords must be autotranslate = true)

Use local analysis for AI services = true

Enable CRUD of own saved searchesSaved_Searches_CRUD

Enable crop/trim (share it via email)

Asset_Can_Crop



Enable crop/trim + Replace original asset with crop/trim + Restore to an older version of an asset

Asset_Can_Crop

Asset_Can_Replace

Write access to the asset

Write access to the Uploads folder OR the Content folder (The option to restore requires "write access" to the Uploads folder)


Enable crop/trim + Make new child asset with crop/trim

Asset_Can_Crop

Asset_Can_Revise

Write access to the asset

Write access to the Uploads folder OR the Content folder


Have filter open every time you access the MM

Automatically expand filter pane in asset list = true
Make all filters be expanded every time you access MM

Automatically expand filter pane in asset list = true

Automatically expand individual filters in asset list = true

Make asset ID shown

Show asset ID in asset list = true
Enable password reset

Enable the option to reset one's password = true

Enable self sign-up

where users can choose their own password



Enable self sign up = true

Template user for self sign up users = A user with all the rights, roles, and groups your users should have (User must be enabled)

Allow users to chose a password on signup = true

Auto-created user folder ID = the ID of the folder where you want your users to go.

Enable email verification for self-sign up (when self sign-up already is enabled)

where users can choose their own password



Enable self sign up = true

Template user for self sign up users = A user with all the rights, roles, and groups your users should have (User must be disabled)

Allow users to chose a password on signup = true

Verification when a user is created using self sign up = Email verification

Enable admin verification for self-sign up (when self sign-up already is enabled)

where users can choose their own password



Enable self sign up = true

Template user for self sign up users = A user with all the rights, roles, and groups your users should have (User must be disabled)

Allow users to chose a password on signup = true

Verification when a user is created using self sign up = Admin verification

Administrative verification email = the admin's email

Enable that refreshing MM will log one out

Enable persistent login = false
Enable reading other peoples' comments and annotationsComment_View

Enable commenting and annotating

Comment_View

Comment_CRUD



Enable commenting and annotating + tagging other users

Comment_View

Comment_CRUD

Member_Viewer



Access the task list

Business_Workflow_Instance_View



Edit workflows

Business_Workflow_CRUD

Business_Workflow_View



Request download of an asset's predefined formats.

Can single download approved assets.

Can single download if bypassed with a bit field.

Business_Workflow_Instance_Transition

Business_Workflow_Instance_View

Asset_Can_Download

Download approval must be set up

The asset is "public" (no padlock)


Request download of an asset's predefined formats.

Can single download approved assets.

Can single and multi download if bypassed with a bit field.

Business_Workflow_Instance_Transition

Business_Workflow_Instance_View

Asset_Can_Download

Can_Live_Export_Asset_Only

Download approval must be set up

The asset is "public" (no padlock)


Request a custom quality download

Business_Workflow_Instance_Transition

Business_Workflow_Instance_View

Asset_Can_Download_Custom_Quality

Download approval must be set up

The asset is "public" (no padlock)


Circumvent the download approval processDownload_Approval_Bypass

Download approval must be set up

Have enabled either standard or custom download


Approve or deny download requests

Business_Workflow_Instance_View

Business_Workflow_Instance_Transition

Download_Approval_Admin

You must be auto-assigned via the accompanying workflow as per the documentation
Enable copyright notification
Follow the documentation: In short, you need to set it up via the config manager settings + metadata settings



Circumvent the copyright notificationCopyright_Notification_BypassHave copyright notifications enabled
Upload both insecure and secure attachments on tasks

FileRepository_Upload



View own and others' insecure attachments on tasks

FileRepository_Read



View insecure and own secure attachments on tasks

FileRepository_Read

The upload constraint you upload with must have the "secret" bit set to true


View own and others' secure attachments on tasks + insecure attachments

FileRepository_Read

FileRepository_Read_Secret



Enable intro screen

Choose intro screen mode: Splashscreen or Disclaimer
Make an asset public
Set the "Is Public" bit field on the "Media Manager" metagroup = true. (Usually done with automations)

Enable configuration of the brand portals + styles

FileRepository_Upload

FileRepository_Delete

Editor_systemTools_config

Can_configure_portals



Enable viewing of the brand portals

Can_view_portals




The CCC (DACCC or Digizuite Adobe Creative Cloud Connector) requires all its users to have the "Creative_Cloud_Connector" and the "Asset_Can_Download" roles + read access to assets.


Features in CCC (DACCC)

RolesRightsConfigManager
Check out asset + check in asset you've checked out yourselfItemCheckInOut_CRUDWrite access to the assetEnable check in/out = true
See who have checked out assets (both own and others')Member_Viewer (OR Administrator)

Check in assets that other people have checked out

Administrator

Member_Viewer



Upload active document or e.g. image filesMediaPortal_UploadWrite access to "Upload" folder (Usually granted through the "Trusted" group)
Replace (INDD, PSD, AI, AEP, PRPROJ)Asset_Can_Replace

Write access to "Upload" folder (Usually granted through the "Trusted" group) (?)

Write access to the asset


Features in DC

RolesRightsConfigManager
Upload only (e.g. for photographers)Upload_OnlyWrite access to the Uploads folder
SuperAdministrator rightsEditor_SystemTools_AllwaysAllowItemSecurityEdit

Changes in roles from the last version to this

Added

NameNote

Can_Force_Job_Status_Change
















Removed

NameNote








Changed

OldNewNote