| Table of Contents |
|---|
General information
...
| # | Roles | DC | MM | CCC | OC | Marked for deletion by: | Description | |||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 1 | Administrator | ✓ | ✗ | Used internally to access different internal apis, like loading workflows in a format that can actually be initialized. Should be given to the System user. | ||||||||||
| 2 | Ai_Add | ✗ | ✓ | Enables you to use AI tagging on images. Requires additional setup if you don't want to use Digizuite's Azure account for it. Requires an EditMultiComboVlaue to be defined in MM's config manager. | ||||||||||
| 3 | Ai_Translate | ✗ | ✓ | If you have AI tagging enabled, this role allows you to translate values into other languages automatically. | ||||||||||
| 4 | Asset_Can_Crop | ✗ | ✓ | Is the gateway to use crop. On its own, it only supports sending out "crops" via email. This role can be combined with "Asset_Can_Revise" to make an asset have crops as children - and "Asset_Can_Replace" which enables the crop to supersede the asset being cropped- | ||||||||||
| 5 | Asset_Can_Delete_Permanently | ✓ | ✗ | Enables one to remove an asset + all its metadata from all places (storage, Azure storage, database) | ||||||||||
| 6 | Asset_Can_Download | ✗ | ✓ | Enables one to download an asset and print published assets (assets without a lock). You need to have download qualities added, to be able to download assets. These are assigned via groups. Groups with download qualities are: "Guest", "Light Users", "Content Creators", "Administrators", and "Super Administrators" | ||||||||||
| 7 | Asset_Can_Download_Any | ✗ | ✓ | Enables the user to download any asset. | ||||||||||
| 8 | Asset_Can_Download_Custom_Quality | ✗ | ✓ | Gives one the option to download an asset in either another colorspace (e.g. sRGB, greyscale) or another filetype (jpg, png) | ||||||||||
| 9 | Asset_Can_Replace | ✓ | ✓ | Enables assets to be replaced via the MM. It requires "write rights" to the asset to work. It also allows for assets to be replaced by crops + it enables restoring older versions of the asset via the "Asset history" (Effectively reverting a replace) | ||||||||||
| 10 | Asset_Can_Revise | ✗ | ✓ | Enables one to make crops into child assets | ||||||||||
| 11 | AuditTrail_View | ✗ | ✓ | Enables one to look at all assets' audit trail (basically metadata history). Please be aware that very few things are "audited" out of the box | ||||||||||
| 12 | Business_Workflow_CRUD | ✗ | ✓ | Enables one to create, read, update, delete workflows (Aka. the BW editor) - requires Business_Workflow_View to function | ||||||||||
| 13 | Business_Workflow_General_Transition_Executor | ✗ | ✓ | Enables users to bypass the "transition executor" constraints on workflow transitions. There are 3 "transition executor" constrains. They are the constraints that start with "Only" in their names. | ||||||||||
| 14 | Business_Workflow_Instance_Assign | ✗ | ✓ | Enables the user to assign a workflow instance or stage to another user. Unused in MM5 | ||||||||||
| 15 | Business_Workflow_Instance_Delete | ✗ | ✓ | Enables the user to delete any workflow instance | ||||||||||
| 16 | Business_Workflow_Instance_Transition | ✗ | ✓ | Enables the user to create or transition a workflow instance overall. Transitions also require an "transition executor" constraint to allow for transitioning. There are 3 "transition executor" constrains. They are the constraints that start with "Only" in their names. | ||||||||||
| 17 | Business_Workflow_Instance_View | ✗ | ✓ | Enables the user to see it's own workflow instances (aka. tasks) | ||||||||||
| 18 | Business_Workflow_Instance_View_Others | ✗ | ✓ | Enables one to view the workflow instances of other users | ||||||||||
| 19 | Business_Workflow_View | ✗ | ✓ | Enables the user to view the workflows in the system - however, not access to them, for this you need Business_Workflow_CRUD | ||||||||||
| 20 | Can_Change_Styling_And_Theming | ✗ | ✓ | Gives one the ability to change the channel's logo and color (theming/styling) via the MM | ||||||||||
21 | Can_Configure_Members | ✗ | ✓ | Allows the user to configure MM to use a Member Approval business workflow. | ||||||||||
| 22 | Can_Edit_Automation_Workflow | ✗ | ✓ | Allows the user to see and edit automations | ||||||||||
| 23 | Can_Force_Job_Status_Change | ✓ | ✓ | Allows the user to cancel or delete jobs in both AW and DigiBatch. | ||||||||||
| 24 | Can_Live_Export_Asset_Only | ✗ | ✓ | Allows the user to create an export that contains only assets | ||||||||||
| 25 | Can_Live_Export_Assets_And_Metadata | ✗ | ✓ | Allows the user to create an export that contains both assets and metadata | ||||||||||
| 26 | Can_Live_Export_Metadata_Only | ✗ | ✓ | Allows the user to create an export that contains only metadata | ||||||||||
| 27 | Can_Open_Office_Document | ✗ | ✓ | Enables one to open Office documents in the Office Connector via the MM. Supports PowerPoints, Word, and Excel formats (incl. macros and templates) | ||||||||||
| 28 | Can_Rerun_Workflows | ✓ | ✓ | Allows the user to use the "ManualTrigger" AW trigger to start workflows based on simple input data. | ||||||||||
29 | Can_See_Grafana_Shortcut | ✗ | ✓ | Allows the user to see the shortcut to Grafana in the MM ui. The login to grafana is separate from their Digizuite login, and has nothing to do with this role. | ||||||||||
| 30 | Can_View_Automation_Workflow_Status | ✗ | ✓ | Allows the user to view the status of running automations | ||||||||||
| 31 | Can_View_Logs | ✗ | ✓ | Allows the user to view some logs directly in the MM UI | ||||||||||
| 32 | CanImpersonate | ✓ | ✗ | Allows the user to generate access keys for other users. Should only be given to the "System" user, unless you have very good reason for anything else. | ||||||||||
| 33 | Comments_Admin_Delete | ✓ | ✓ | Enables one to Delete other peoples' comments - e.g. to remove spam | ||||||||||
| 34 | Comments_Admin_Update | ✓ | ✓ | Enables one to Update other people's comments | ||||||||||
| 35 | Comments_CRUD | ✓ | ✓ | Enables one to Create (own), Update (own), Delete (own) comments (for tasks and images) and Create (own), Update (own), Delete (own), annotations on images. It requires Comment_View to function. | ||||||||||
| 36 | Comments_View | ✓ | ✓ | Enables one to Read (all) comments (assets and tasks) and Read (all) annotations Gives you the option to access comments directly from the asset overview | ||||||||||
| 37 | Copyright_Notification_Bypass | ✗ | ✓ | Enables the user to download an asset, bypassing the copyright notification in MM5. | ||||||||||
| 5.5.2 only | Creative_Cloud_Connector | ✗ | ✗ | ✓ | ✗ | Grants users access to the new Creative Cloud Connector | ||||||||
| 38 | Download_Approval_Admin | ✗ | ✓ | Enables the user to edit download request approval configuration within MM5. | ||||||||||
| 39 | Download_Approval_Bypass | ✗ | ✓ | Enables the user to download an asset, bypassing the download approval process in MM5. | ||||||||||
| 40 | Editor_Catalogs | ✓ | ✗ | Enables "Catalog" in the left side menu | ||||||||||
| 41 | Editor_Portal | ✓ | ✗ | Enables "Channels" in the left side menu | ||||||||||
| 42 | Editor_Portal_Admin | ✓ | ✗ | LS | Does nothing beyond what "Editor_Portal" already does. Deprecated. | |||||||||
| 43 | Editor_SystemTools_AlwaysAllowItemSecurityEdit | ✓ | ✓ |
Gives you read access to everything you've added - e.g. makes all Catalog and Channel folders appear if you've added "Editor_Catalogs" and "Editor_Portal". It only gives read access to assets in the DC - I.e. it does not give you read access to assets in the MM (even though it appears that you have read access to them when you look at the channels in DC). With this, you can give yourself (and others) write access to folders you don't have write access to. It also adds "System Tools" to the left side menu - but it is blank - meaning that there are not any system tools in it. It opens up for access to content in Media Manager. Here this role gives you high-level access. It gives you access to all collections for all users in the system | ||||||||||
| 44 | Editor_SystemTools_Config | ✓ | ✗ | Enables System Tools → ConfigManager | ||||||||||
| 45 | Editor_SystemTools_Dam | ✓ | ✗ | Enables one to select all catalog and channel folders in System tools → Workflow → AssetSyncFolder → "Sync rootfolder"/"Destination folder". Without this role, one can only select folders that you have read-access to. | ||||||||||
| 46 | Editor_SystemTools_Destinations | ✓ | ✗ | Enables System Tools → Destinations | ||||||||||
| 47 | Editor_SystemTools_DigizuiteConfig | ✓ | ✗ | Enables System Tools → Digizuite™ configuration AND Enables System Tools → Asset type configuration | ||||||||||
| 48 | Editor_SystemTools_License | ✓ | ✗ | Enables System Tools → License | ||||||||||
| 49 | Editor_SystemTools_MediaFormat | ✓ | ✗ | Enables System Tools → Formats | ||||||||||
| 50 | Editor_SystemTools_MediaFormatType | ✓ | ✗ | Enables System Tools → Format types | ||||||||||
| 51 | Editor_SystemTools_Metadata | ✓ | ✗ | Enables System Tools → Metadata | ||||||||||
| 52 | Editor_SystemTools_MetaDataLanguage | ✓ | ✗ | Enables System Tools → Language | ||||||||||
| 53 | Editor_SystemTools_PlayerTemplate | ✓ | ✗ | LS | Deprecated with the deprecation of player templates. There is a cleanup task already for player template. | |||||||||
| 54 | Editor_SystemTools_Profiles | ✓ | ✗ | Enables System Tools → Profiles | ||||||||||
| 55 | Editor_SystemTools_Status | ✓ | ✗ | Enables System Tools → Status | ||||||||||
| 56 | Editor_SystemTools_Stopwords | ✓ | ✗ | Enables System Tools → Search stop words | ||||||||||
| 57 | Editor_SystemTools_TranscodeSetting | ✓ | ✗ | Enables System Tools → Transcode settings | ||||||||||
| 58 | Editor_SystemTools_UserManager_Groups | ✓ | ✗ | Enables System Tools → Users and groups → Groups | ||||||||||
| 59 | Editor_SystemTools_UserManager_Users | ✓ | ✗ | Enables System Tools → Users and groups → Users | ||||||||||
| 60 | Editor_SystemTools_Workflow | ✗ | ✗ | Obsolete - To be deleted | ||||||||||
61 | EditSso | ✓ | ✓ | Allows the user to change the systems SSO settings. Should probably only be given to a select set of super administrators | ||||||||||
| 62 | FileRepository_Delete | ✗ | ✗ | Enables the user to delete files from the file repository. Currently a pure API function for the time being, as there is no UI that uses this. | ||||||||||
| 63 | FileRepository_Read | ✗ | ✓ | Enables the user to read file from the file repository | ||||||||||
| 64 | FileRepository_Read_Secret | ✗ | ✓ | Enables the user to read secret files from the file repository. | ||||||||||
| 65 | FileRepository_Upload | ✗ | ✓ | Enables the user to upload files to the file repository. | ||||||||||
| 66 | GDPR_Admin | ✗ | ✗ | It gives you the right to Read and Delete other users' data. There is no UI for this. | ||||||||||
| 67 | Integration_Endpoints_CRUD | ✗ | ✓ | Gives one the ability to Create, Read, Update, Delete integration endpoints | ||||||||||
| 68 | Integration_Endpoints_View | ✗ | ✓ | Gives one the ability to Read existing integration endpoints | ||||||||||
| 5.5.1/2 only | ItemCheckInOut_CRUD | ✗ | ✗ | ✓ | ✗ | Enables the user to check out and check in assets, to block others from making changes to assets you're editing. | ||||||||
| 69 | ItemControlAdmin | ✓ | ✗ | LS | Unused. | |||||||||
| 70 | MailTemplates_CRUD | ✗ | ✓ | Enables the user to manage mail templates from MM5. | ||||||||||
| 71 | MediaPortal_Admin_Log | ✗ | ✓ | SF | Not implemented - to be deleted | |||||||||
| 72 | MediaPortal_Admin_StartScreen | ✗ | ✓ | Enables one to change the start screen from the MM | ||||||||||
| 73 | MediaPortal_Admin_Trash | ✗ | ✓ | SF | Not implemented - to be deleted | |||||||||
| 74 | MediaPortal_Admin_Users | ✗ | ✓ | SF | Not implemented - to be deleted | |||||||||
| 75 | MediaPortal_Asset_Replacer | ✗ | ✓ | SF | Not implemented - to be deleted - Use "Asset_Can_Replace" instead | |||||||||
| 76 | MediaPortal_Asset_Unpublisher | ✗ | ✓ | SF | Not implemented - to be deleted | |||||||||
| 77 | MediaPortal_Can_Preview_Office | ✗ | ✓ | Enables one to use Online Office to preview Office documents. This requires the site to be accessible from the outside (i.e. only works on sites where VPN isn't needed to access the site). It can be accessed by previewing, the same way you would an image. | ||||||||||
| 78 | MediaPortal_Collection | ✗ | ✓ | Enables users to Create, Update (their own), and Delete (their own) collections. All users can Read collections - though they have to be accessed via mail | ||||||||||
| 79 | MediaPortal_Custom_Quality | ✗ | ✓ | SF | Not implemented - to be deleted - Use "Asset_Can_Download_Custom_Quality" instead | |||||||||
| 80 | MediaPortal_Downloader | ✗ | ✓ | SF | Not implemented - to be deleted - Use "Asset_Can_Download" instead | |||||||||
| 81 | MediaPortal_Edit_Account | ✗ | ✓ | SF | Not implemented - to be deleted | |||||||||
| 82 | MediaPortal_See_Asset_Info_Default | ✗ | ✓ | SF | Not implemented - to be deleted | |||||||||
| 83 | MediaPortal_See_Profile_Images | ✗ | ✓ | SF | Not implemented - to be deleted - Use config manager instead | |||||||||
| 84 | MediaPortal_See_Uploader_Name | ✗ | ✓ | SF | Not implemented - to be deleted - Use config manager instead | |||||||||
| 85 | MediaPortal_Share | ✗ | ✓ | Enables one to share via the MM UI. Enabling this gives you the ability to share assets via: URL, Zip (email), social media - and if collections are enabled one can also share assets via: New collection (create new), and Existing collection (add to existing). If collections are enabled, one can share them via: Zip (a package over mail), Social media, and Collection (give people rights to preview the collection from MM) If the following is enabled "Give new recipients of non-social collections (e.g. not Facebook collections) access to manipulate collections:" via config manager, the recipient will be able to CRUD the collection, else the recipient will only be able to Read the collection. Sharing over social media makes the shared asset publicly available. One needs to manually revoke the read rights on the asset level, to make it internal again. | ||||||||||
| 86 | MediaPortal_Uploader | ✗ | ✓ | ✗ | Gives one the ability to upload via the MM (one still needs "write rights" to the Upload folder though - the "Trusted" role will give you this) + shows the "your uploads" | |||||||||
| 87 | MediaPortal_User | ✗ | ✓ | Required to access to MM | ||||||||||
| 88 | MediaPortal_Video_Embed | ✗ | ✓ | Requires "MediaPortal_Share" + some settings in CondigManager to work (See the table in the bottom of this page - ctrl+f "embed") Adds embed as a sharing option. It only works with videos. | ||||||||||
| 89 | Member_Viewer | ✗ | ✓ | Allows the user to see other members of the portal (e.g. during the "asset status", "comment", and "sharing" processes, where it's needed to see internal users) | ||||||||||
| 90 | Office_Can_Replace | ✗ | ✗ | ✓ | Enables the user to replace an existing Office document with the Office Connector. | |||||||||
| 91 | RunningJobs_AdminViewSubmitXML | ✓ | ✗ | Obsolete - To be deleted | ||||||||||
| 92 | RunningJobs_ChangePriority | ✗ | ✗ | Obsolete - To be deleted | ||||||||||
| 93 | RunningJobs_EditAll | ✓ | ✗ | Obsolete - To be deleted | ||||||||||
| 94 | RunningJobs_EditOwn | ✓ | ✗ | Obsolete - To be deleted | ||||||||||
| 95 | RunningJobs_View | ✓ | ✗ | Obsolete - To be deleted. It gives you the ability to see your own running jobs. With this, you'll also be able to see how many jobs are failed/waiting/running - just now which jobs it is and who's jobs it is. Only gives Read access. | ||||||||||
| 96 | RunningJobs_ViewAll | ✓ | ✗ | Obsolete - To be deleted. Gives you Read access to all running jobs. Meaning that you cannot e.g. restart them if you've failed. Doesn't require "RunningJobs_View" in order to work. | ||||||||||
| 97 | Saved_Searches_CRUD | ✗ | ✓ | Enables one to CRUD one's own saved searches. One can also share them without having the "share role" enabled | ||||||||||
| 98 | Upload_Only | ✓ | ✗ | If this is enabled, accessing the DC will put you into a "write-only" mode - e.g. for photographers, who should not have read access but write access. Requires "write access" to the Uploads folder in order to work. | ||||||||||
| 99 | Office_Can_Upload_New | ✗ | ✗ | ✓ | Enables the user to save new Office documents with the Office Connector. | |||||||||
| 100 | Uploader | ✗ | ✗ | LS | Unused. | |||||||||
| 101 | Uploader_ReplaceWithArchive | ✓ | ✗ | LS | Unused. | |||||||||
| 102 | Uploader_ReplaceWithoutArchive | ✗ | ✗ | It enables a user to replace assets without archiving the old version. Cannot be accessed via the UI | ||||||||||
| 103 | Uploader_ShowFolderSelector | ✗ | ✗ | Only implemented in DFS. Is used to give users access to upload to the catalog area while using the embedded upload component | ||||||||||
| 104 | Viewer_Catalogs | ✓ | ✗ | LS | Does nothing beyond what Editor_Catalogs already does. Deprecated. | |||||||||
| 105 | VP3_Portal_Admin_StartScreen | ✗ | ✗ | SF | Not implemented - to be deleted | |||||||||
| 106 | VP3_Portal_Admin_VideoSlides | ✗ | ✗ | SF | Not implemented - to be deleted | |||||||||
| 107 | WorkStages_Edit_Others | ✗ | ✓ | Enables you to change statuses on assets that are assigned to other users than yours. | ||||||||||
| 108 | WorkStages_View | ✗ | ✓ | Enables you to get the "Asset Status --> My tasks" | ||||||||||
| 109 | WorkStages_View_Others | ✗ | ✓ | Enables you to get the "Asset Status --> All tasks". It requires that "WorkStages_View" is also set to work. | ||||||||||
| 110 | Youtube_Admin | ✗ | ✓ | Enables the user to configure the YouTube integration from MM5. | ||||||||||
| 111 | Can_configure_portals | ✗ | ✓ | Enables the user to view and (with other roles enabled) configure the brand portal styles in 5.6+ |
Note: If both Uploader_ReplaceWithArchive and Uploader_ReplaceWithoutArchive are enabled the user will be asked what he wants to do with the old asset: archive it or delete it.
...
Features in CCC (DACCC) | Roles | Rights | ConfigManager |
|---|---|---|---|
| Check out asset + check in asset you've checked out yourself | ItemCheckInOut_CRUD | Write access to the asset | Enable check in/out = true |
| See who have checked out assets (both own and others') | Member_Viewer (OR Administrator) | ||
| Check in assets that other people have checked out | Administrator Member_Viewer | ||
| Upload active document or e.g. image files | MediaPortal_Upload | Write access to "Upload" folder (Usually granted through the "Trusted" group) | |
| Replace (INDD, PSD, AI, AEP, PRPROJ) | Asset_Can_Replace | Write access to "Upload" folder (Usually granted through the "Trusted" group) (?) Write access to the asset |
...