DFS 10.1.0 - Security

Owned by Brian Bak Laursen
Jan 07, 2022
2 min read

This section describes how security is mapped between Digizuite and Sitecore.

The standard configuration has the following access roles:

User type

Role name

Description

Basesitecore\Digizuite DAM for Sitecore Explorer Access
  • Access to DAM Explorer

Users

sitecore\Digizuite DAM for Sitecore Users

  • Access to assets in read only view with no editing rights.
  • No access to the DAM Explorer
  • Access to Asset Browser
  • The extranet\anonymous should be member of this role

Editors

sitecore\Digizuite DAM for Sitecore Editors

  • Access DAM Explorer and Asset Browser
  • Read / write to all assets
  • Upload

Admin

sitecore\Digizuite DAM for Sitecore Administrators

  • Access DAM Explorer and AssetBrowser
  • Read / write all assets
  • Upload
  • Create / delete silo
  • Synchronize silo
  • Access to all DFS configuration

1.1 Creating new roles

The standard configuration provides a basic set of roles that can be used to control access to assets. It is also possible to create new roles and map them to a set of Digizuite access rights.

To create a new role, one has to create a new role (e.g. sitecore\test) in Sitecore and create a new group in Digizuite with the same name. The name of the role is what controls the mapping between Digizuite and Sitecore, which means that if there exist a group in Digizuite with the same name as a role in Sitecore, then the access rights are synchronized.

Digizuite groups corresponds to Sitecore roles

 For examples of how this is achieved, see configuration guide DFS 10.1.0 - How to create new roles and map access rights

1.2 Understanding the rights between Sitecore and Digizuite™ DAM

Sitecore has an extensive set of access rights. It is out of the scope of this documentation to explain them all. We refer to Sitecore for a detailed description of this. Digizuite™ DAM Center has two access rights, read and write, and these can be used for users or groups of users. This means that the mapping between the security rights are between Sitecore read and write, and the DAM Centers read and write. Any other access right available in Sitecore is overwritten by Digizuite™ DAM Center as it is the owner of the assets. Below are examples of how the mapping works:

  • If a user has read access to an asset, then the following rights on the item in Sitecore is set: 

  • If the user has write access, then:

Digizuite™ DAM owns the assets and thereby the rights. This means that when an asset is synchronized, the rights from Digizuite™ DAM overwrites any unknown Sitecore rights (i.e. everything else than read and write) on the Sitecore item. For example, if there are any rights on the Sitecore item which is not a DAM related user/role, it is removed the next time the item synchronizes.