DFS 8.0.2 - 1 Security and Roles

Owned by Mathias Mattson (MHM)
Mar 14, 2017

Out of the box, the DAM for Sitecore module comes with the following roles:

User type

Role name

Description

Users

sitecore\Digizuite DAM for Sitecore Users

  • Access to assets in read only view with no editing rights.
  • No access to the DAM Explorer
  • Access to Asset Browser
  • The extranet\anonymous is member of this role

Editors

sitecore\Digizuite DAM for Sitecore Editors

  • Access DAM Explorer and Asset Browser
  • Read / write to all assets
  • Upload

Contributors

sitecore\Digizuite DAM for Sitecore Contributors

  • Access DAM Explorer and AssetBrowser
  • Read / write to own assets
  • Upload
  • Only read access to other assets

Admin

sitecore\Digizuite DAM for Sitecore Administrators

  • Access DAM Explorer and AssetBrowser
  • Read / write all assets
  • Upload
  • Create / delete silo
  • Synchronize silo
  • Access to all DFS configuration


1.1 Understanding the rights between Sitecore and Digizuite™ DAM

Sitecore has a very extensive set of access rights. It is out of the scope of this document to explain them all. We refer to Sitecore for a detailed description of this. Digizuite™ DAM Center has two access rights, read and write, and these can be used for users or groups of users. This means that the mapping between the security rights are between Sitecore read and write, and the DAM Centers read and write. Any other access right available in Sitecore is overwritten by Digizuite™ DAM Center as it is the owner of the assets. Below are some examples of how the mapping works:

  • If a user has read access to an asset, then the following rights on the item in Sitecore is set: 

  • If the user has write access, then:

Digizuite™ DAM owns the assets and thereby the rights. This means that when an asset is synchronized, the rights from Digizuite™ DAM will overwrite any unknown Sitecore rights (i.e. everything else than read and write) on the Sitecore item. For example, if there are any rights on the Sitecore item which is not a DAM related user/role, it will be removed the next time the item synchronizes.

1.2 Saving rights back to Digizuite™ DAM

When changing rights on a DAM related item in Sitecore, it is also changed in the DAM asset. The only rights that are affected are the read and write settings from Sitecore because Digizuite™ DAM only has read or write permissions. Below is an example of how this works:

  • Setting the below will set both read and write

  • Setting the below will set both read and write

  • Setting the below will deny both read and write

  • Setting the below will allow read, but deny write

  • Setting the below will set both read and write, because write access to an item in Digizuite™ DAM also allows read

  • Setting the below will be ignored by Digizuite™ DAM, which means nothing has been changed. However, changing the below is different from what is available in the DAM, which means that it will be reset to what it was upon next syncronization.

  • Setting the below will allow read, ignore write and leave it unchanged in Digizuite™ DAM. The Sitecore item will be reset when synchronizing by the same argument as above.

  • Setting the below will ignore read and leave it unchanged. Deny write. Again, the Sitecore item will be reset when the synchronization is done.

  • Setting the below will ignore write and deny read if the write is not allowed. Again, the Sitecore item is reset when the synchronization is done.

1.3 Example

A user in Sitecore changes the rights on an asset item to:

  • Read: Allow
  • Write: Allow
  • Rename: Allow
  • The rest is denied

The changes are saved in Digizuite™ DAM. The next time the asset is synchronized to Sitecore, the rights are reset to the below, because Digizuite™ DAM owns the rights and the mapping between rights is done as in section 1.1.

Table of Contents