DFS 9.0.0 - Security
This section describes how security is mapped between Digizuite and Sitecore.
The standard configuration has the following access roles:
User type | Role name | Description |
---|---|---|
Base | sitecore\Digizuite DAM for Sitecore Explorer Access |
|
Users | sitecore\Digizuite DAM for Sitecore Users |
|
Editors | sitecore\Digizuite DAM for Sitecore Editors |
|
Admin | sitecore\Digizuite DAM for Sitecore Administrators |
|
1.1 Creating new roles
The standard configuration provides a basic set of roles that can be used to control access to assets. It is also possible to create new roles and map them to a set of Digizuite access rights.
To create a new role, one has to create a new role (e.g. sitecore\test) in Sitecore and create a new group in Digizuite with the same name. The name of the role is what controls the mapping between Digizuite and Sitecore, which means that if there exist a group in Digizuite with the same name as a role in Sitecore, then the access rights are synchronized.
Digizuite groups corresponds to Sitecore roles
For examples of how this is achieved, see configuration guide DFS 9.0.0 - How to create new roles and map access rights
1.2 Understanding the rights between Sitecore and Digizuite™ DAM
Sitecore has an extensive set of access rights. It is out of the scope of this documentation to explain them all. We refer to Sitecore for a detailed description of this. Digizuite™ DAM Center has two access rights, read and write, and these can be used for users or groups of users. This means that the mapping between the security rights are between Sitecore read and write, and the DAM Centers read and write. Any other access right available in Sitecore is overwritten by Digizuite™ DAM Center as it is the owner of the assets. Below are examples of how the mapping works:
- If a user has read access to an asset, then the following rights on the item in Sitecore is set:
- If the user has write access, then:
Digizuite™ DAM owns the assets and thereby the rights. This means that when an asset is synchronized, the rights from Digizuite™ DAM overwrites any unknown Sitecore rights (i.e. everything else than read and write) on the Sitecore item. For example, if there are any rights on the Sitecore item which is not a DAM related user/role, it is removed the next time the item synchronizes.