| Info |
|---|
Roles can be added to users in two ways:
As of 5.2.0, groups can also inherit roles via other groups, meaning that users can also inherit their roles (and rights for that matter) via a group that inherits from another group. Users can simultaneously have roles added directly and roles inherited via groups. |
...
| CRUD | |
|---|---|
| Create | Make new things |
| Read | Retrieve existing things |
| Update | Change existing things |
| Delete | Delete existing things |
...
| # | Roles | DC | MM | Marked for deletion by: | New Description | Old Description | ||
|---|---|---|---|---|---|---|---|---|
| 1 | Administrator | ✓ | ✗ | LS | Not implemented - to be deleted | |||
| 2 | Ai_Add | ✗ | ✓ | Enables you to use AI tagging on images. Requires additional setup if you don't want to use Digizuite's Azure account for it. Requires an EditMultiComboVlaue to be defined in MM's config manager. | ||||
| 3 | Ai_Translate | ✗ | ✓✗ | Not yet implemented | ||||
| 4 | Asset_Can_Crop | ✗ | ✓ | Is the gateway to use crop. On its own, it only supports sending out "crops" via email. This role can be combined with "Asset_Can_Revise" to make an asset have crops as children - and "Asset_Can_Replace" which enables the crop to supersede the asset being cropped- | ||||
| 5 | Asset_Can_Delete_Permanently | ✓ | ✗ | Enables one to remove an asset + all its metadata from all places (storage, Azure storage, database) | ||||
| 6 | Asset_Can_Download | ✗ | ✓ | Enables one to download an asset and print published assets (assets without a lock). You need to have download qualities added, to be able to download assets. These are assigned via groups. Groups with download qualities are: "Guest", "Light Users", "Content Creators", "Administrators", and "Super Administrators" | ||||
| 7 | Asset_Can_Download_Custom_Quality | ✗ | ✓ | Gives one the option to download an asset in either another colorspace (e.g. sRGB, greyscale) or another filetype (jpg, png) | ||||
| 8 | Asset_Can_Replace | ✓ | ✓ | Enables assets to be replaced via the MM. It requires "write rights" to the asset to work. It also allows for assets to be replaced by crops + it enables restoring older versions of the asset via the "Asset history" (Effectively reverting a replace) | ||||
| 9 | Asset_Can_Revise | ✗ | ✓ | Enables one to make crops into child assets | ||||
| 10 | AuditTrail_View | ✗ | ✓ | Enables one to look at all assets' audit trail (basically metadata history). Please be aware that very few things are "audited" out of the box | ||||
| 11 | Can_Change_Styling_And_Theming | ✗ | ✓ | Gives one the ability to change the channel's logo and color (theming/styling) via the MM | ||||
| 12 | Can_Edit_Automation_Workflow | ✗ | ✓ | Allows the user to edit automation workflows | ||||
| 13 | Can_Live_Export_Asset_Only | ✗ | ✓ | Allows the user to create an export that contains only assets | ||||
| 14 | Can_Live_Export_Assets_And_Metadata | ✗ | ✓ | Allows the user to create an export that contains both assets and metadata | ||||
| 15 | Can_Live_Export_Metadata_Only | ✗ | ✓ | Allows the user to create an export that contains only metadata | ||||
| 16 | Can_View_Automation_Workflow_Status | ✗ | ✓ | Allows the user to view the status of running workflows | ||||
| 17 | Can_View_Logs | ✗ | ✓ | Allows the user to view some logs directly in the MM UI | ||||
| 18 | Can_Force_Unlock_Office_Document (Added with OC) | ✗ | ✓ | Enables one to remove a lock off of a locked Office document. If an Office asset is locked, then opening it via the Office Connector will not enable one to update/replace the asset via the connector. If the asset is unlocked, one can update/replace an asset. | ||||
| 19 | Can_Open_Office_Documents (Added with OC) | ✗ | ✓ | Enables one to open Office documents in the Office Connector via the MM. Supports PowerPoints, Word, and Excel formats (incl. macros and templates) | ||||
| 20 | Comments_Admin_Delete | ✗ | ✓ | Enables one to Delete other peoples' comments - e.g. to remove spam | ||||
| 21 | Comments_CRUD | ✗ | ✓ | Enables one to Create, Read (all), Update (your own), Delete (your own) comments | ||||
| 22 | Comment_View | ✗ | ✓ | Enables one to Read all comments | ||||
| 23 | Editor_Catalogs | ✓ | ✗ | Enables "Catalog" in the left side menu | Access to the catalog folders | |||
| 24 | Editor_Portal | ✓ | ✗ | Enables "Channels" in the left side menu | Has access to channel folders. Can issue and amend data in channels. | |||
| 25 | Editor_Portal_Admin | ✓ | ✗ | LS | Does nothing beyond what "Editor_Portal" already does. Deprecated. | |||
| 26 | Editor_SystemTools_AllwaysAllowItemSecurityEdit | ✗✓ | ✓ | Gives you read access to everything you've added - e.g. makes all Catalog and Channel folders appear if you've added "Editor_Catalogs" and "Editor_Portal". It only in the DC - It does not give you read access to the added assets in the MM, even though you seemingly have read access to them when you look at it Channels in DC. With this, you can give yourself (and others) write access to folders you don't have write access to. It also adds "System Tools" to the left side menu - but it is blank - meaning that there are not any system tools in it. | Gives the user read access to all items and the possibility to always edit rights for these itemsIt opens up for access to content in Media Manager. Here this role gives you high-level access. | |||
| 27 | Editor_SystemTools_Config | ✓ | ✗ | Enables System Tools → ConfigManager | Has access to the Config manager||||
| 28 | Editor_SystemTools_Dam | ✓ | ✗ | Enables one to select all catalog and channel folders in System tools → Workflow → AssetSyncFolder → "Sync rootfolder"/"Destination folder". Without this role, one can only select folders that you have read-access to. | Has access to the DAM administration (Metadata). | |||
| 29 | Editor_SystemTools_Destinations | ✓ | ✗ | Enables System Tools → Destinations | Has access to Destinations. | |||
| 30 | Editor_SystemTools_DigizuiteConfig | ✓ | ✗ | Enables System Tools → Digizuite™ configuration AND Enables System Tools → Asset type configuration | Has access to allowconfiguration | .|||
| 31 | Editor_SystemTools_License | ✓ | ✗ | Enables System Tools → License | Admin Rights for License | |||
| 32 | Editor_SystemTools_MediaFormat | ✓ | ✗ | Enables System Tools → Formats | Can access the Media formats. | |||
| 33 | Editor_SystemTools_MediaFormatType | ✓ | ✗ | Enables System Tools → Format types | Admin rights for format types | |||
| 34 | Editor_SystemTools_Metadata | ✓ | ✗ | Enables System Tools → Metadata | Can configure the Metadata fields and groups | |||
| 3535 | Editor_SystemTools_MetaDataLanguage | ✓ | ✗ | Enables System Tools → Language | Admin rights for MataDataLanguages||||
| 36 | Editor_SystemTools_PlayerTemplate | ✓ | ✗ | LS | Deprecated with the deprecation of player templates. There is a cleanup task already for player template. | Admin Rights for PlayerTemplates|||
| 37 | Editor_SystemTools_Profiles | ✓ | ✗ | Enables System Tools → Profiles | Can see and edit profiles. | |||
| 38 | Editor_SystemTools_Status | ✓ | ✗ | Enables System Tools → Status | Admin Rights forStatus | |||
| 39 | Editor_SystemTools_Stopwords | ✓ | ✗ | Enables System Tools → Search stop words | Admin Rights for Stopwords | |||
| 40 | Editor_SystemTools_TranscodeSetting | ✓ | ✗ | Enables System Tools → Transcode settings | Can see and edit transcode Settings. | |||
| 41 | Editor_SystemTools_UserManager_Groups | ✓ | ✗ | Enables System Tools → Users and groups → Groups | Can see and edit local and frontend groups||||
| 42 | Editor_SystemTools_UserManager_Users | ✓ | ✗ | Enables System Tools → Users and groups → Users | Can see and edit local and frontend users | |||
| 43 | Editor_SystemTools_Workflow | ✓ | ✗ | Enables System Tools → Workflow | Admin Rights for Workflow | |||
| 44 | GDPR_Admin | ✗ | ✗ | It gives you the right to Read and Delete other users' data. There is no UI for this. | ||||
| 45 | Integration_Endpoints_CRUD | ✗ | ✓ | Gives one the ability to Create, Read, Update, Delete integration endpoints | ||||
| 46 | Integration_Endpoints_View | ✗ | ✓ | Gives one the ability to Read existing integration endpoints | ||||
| 47 | ItemControlAdmin | ✓ | ✗ | LS | Unused. | |||
| 48 | MediaPortal_Admin_Log | ✗ | ✓ | SF | Not implemented - to be deleted | |||
| 49 | MediaPortal_Admin_StartScreen | ✗ | ✓ | Enables one to change the start screen from the MM | Gives access to administer the splash screen. | 50 | MediaPortal||
| 50 | MediaPortal_Admin_Trash | ✗ | ✓ | SF | Not implemented - to be deleted | |||
| 51 | MediaPortal_Admin_Users | ✗ | ✓ | SF | Not implemented - to be deleted | |||
| 52 | MediaPortal_Asset_Replacer | ✗ | ✓ | SF | Not implemented - to be deleted - Use "Asset_Can_Replace" insteadAllows the user to replace or restore assets | |||
| 53 | MediaPortal_Asset_Unpublisher | ✗ | ✓ | SF | Not implemented - to be deletedAllows the user to remove(unpublish) assets | |||
| 54 | MediaPortal_Can_Preview_Office | ✗ | ✓ | Enables one to use Online Office to preview Office documents. This requires the site to be accessible from the outside (i.e. only works on sites where VPN isn't needed to access the site). It can be accessed by previewing, the same way you would an image. | ||||
| 55 | MediaPortal_Collection | ✗ | ✓ | Enables users to Create, Update (their own), and Delete (their own) collections. All users can Read collections - though they have to be accessed via mail | Gives access to collections view (right panel). | |||
| 56 | MediaPortal_CustomQuality | ✗ | ✓ | SF | Not implemented - to be deleted - Use "Asset_Can_Download_Custom_Quality" instead | |||
| 57 | MediaPortal_Downloader | ✗ | ✓ | SF | Not implemented - to be deleted - Use "Asset_Can_Download" instead | |||
| 58 | MediaPortal_Edit_Account | ✗ | ✓ | SF | Not implemented - to be deleted | |||
| 59 | MediaPortal_Member_Viewer | ✗ | ✓ | Allows the user to see other members of the portal (e.g. during the "asset status", "comment", and "sharing" processes, where it's needed to see internal users) | Allows the user to see other members of the portal (e.g. during the sharing process as auto-completion suggestions) | |||
| 60 | MediaPortal_See_Asset_Info_Default | ✗ | ✓ | SF | Not implemented - to be deleted | |||
| 61 | MediaPortal_See_Profile_Images | ✗ | ✓ | SF | Not implemented - to be deleted - Use config manager instead | |||
| 62 | MediaPortal_See_Uploader_Name | ✗ | ✓ | SF | Not implemented - to be deleted - Use config manager instead | |||
| 63 | MediaPortal_Share | ✗ | ✓ | Enables one to share via the MM UI. Enabling this gives you the ability to share assets via: URL, Zip (email), social media - and if collections are enabled one can also share assets via: New collection (create new), and Existing collection (add to existing). If collections are enabled, one can share them via: Zip (a package over mail), Social media, and Collection (give people rights to preview the collection from MM) If the following is enabled "Give new recipients of non-social collections (e.g. not Facebook collections) access to manipulate collections:" via config manager, the recipient will be able to CRUD the collection, else the recipient will only be able to Read the collection. Sharing over social media makes the shared asset publicly available. One needs to manually revoke the read rights on the asset level, to make it internal again. | ||||
| 64 | MediaPortal_Uploader | ✗ | ✓ | Gives one the ability to upload via the MM (one still needs "write rights" to the Upload folder though - the "Trusted" role will give you this) + shows the "your uploads" | Allows user to upload new assets. | 65 | MediaPortal | |
| 65 | MediaPortal_User | ✗ | ✓ | Required to access to MM | Gives access to the application. Without this role, users will only be allowed to access certain public previews (e.g. social media sharing). | |||
| 66 | MediaPortal_Video_Embed | ✗ | ✓ | Requires "MediaPortal_Share" + some settings in CondigManager to work (See the table in the bottom of this page - ctrl+f "embed") Adds embed as a sharing option. It only works with videos. | ||||
| 67 | RunningJobs_AdminViewSubmitXML | ✓ | ✗ | Makes "Create XML" show in the "Info" tab. Requires at least | Controls whether the user has the right to see the JobChain XML for the selected job. | |||
| 68 | RunningJobs_ChangePriority | ✓✗ | ✗ | Changing job priority is not currently possible but something that might be reintroduced at a later date. | Controls whether the user has the right to change the priority of a running JobChain.Might be reintroduced in the future | |||
| 69 | RunningJobs_EditAll | ✓ | ✗ | Gives you Write rights to all jobs in "Running jobs". It gives you the ability to press "Upload again" and "Retry". It does not require "RunningJobs_EditOwn" in order to work. Requires "RunningJobs_View" - else you won't see any jobs. Controls whether the user has the right to modify in any running jobs. | ||||
| 70 | RunningJobs_EditOwn | ✓ | ✗ | Gives you Write rights to all jobs in "Running jobs" → "[Your user]". It gives you the ability to press "Upload again" and "Retry". Requires "RunningJobs_ViewAll" - else you won't see any jobs.Controls whether the user has the right to change the job he has started't see any jobs. | ||||
| 71 | RunningJobs_View | ✓ | ✗ | It gives you the ability to see your own running jobs. With this, you'll also be able to see how many jobs are failed/waiting/running - just now which jobs it is and who's jobs it is. Only gives Read access.Controls whether the user has the right to see his running jobs. | ||||
| 72 | RunningJobs_ViewAll | ✓ | ✗ | Gives you Read access to all running jobs. Meaning that you cannot e.g. restart them if you've failed. Doesn't require "RunningJobs_View" in order to work. | Controls whether the user has the right to see all running jobs. | |||
| 73 | Saved_Searches_CRUD | ✗ | ✓ | Enables one to CRUD one's own saved searches. One can also share them without having the "share role" enabled | ||||
| 74 | Upload_Only | ✓ | ✗ | If this is enabled, accessing the DC will put you into a "write-only" mode - e.g. for photographers, who should not have read access but write access. Requires "write access" to the Uploads folder in order to work. | ||||
| 75 | Uploader | ✗ | ✗ | LS | Unused.Enables the user to upload assets on Digizuite Video Portal | |||
| 76 | Uploader_ReplaceWithArchive | ✓ | ✗ | LS | Unused. | |||
| 77 | Uploader_ReplaceWithoutArchive | ✗ | ✗ | It enables a user to replace assets without archiving the old version. Cannot be accessed via the UI | ||||
| 78 | Uploader_ShowFolderSelector | ✗ | ✗ | Only implemented in DFS. Is used to give users access to upload to the catalog area while using the embedded upload component | ||||
| 79 | Viewer_Catalogs | ✓ | ✗ | LS | Does nothing beyond what Editor_Catalogs already does. Deprecated. | |||
| 80 | VP3_Portal_Admin_StartScreen | ✗ | ✗ | SF | Not implemented - to be deleted | Enables the user to change the splash screen image/video | ||
| 81 | VP3_Portal_Admin_VideoSlides | ✗ | ✗ | SF | Not implemented - to be deletedEnables the user to configure the video slider | |||
| 82 | WorkStages_Edit_Others | ✗ | ✓ | Enables you to change statuses on assets that are assigned to other users than yours. | ||||
| 83 | WorkStages_View | ✗ | ✓ | Enables you to get the "Asset Status --> My tasks" | ||||
| 84 | WorkStages_View_Others | ✗ | ✓ | Enables you to get the "Asset Status --> All tasks". It requires that "WorkStages_View" is also set to work. |
...
| Features in MM | Roles | Rights | ConfigManager |
|---|---|---|---|
| Upload assets via MM + see "Your uploads" | MediaPortal_Upload | Write access to "Upload" folder (Usually granted through the "Trusted" group) | |
| Enable users to change their profile information | Enable users to see and edit their account information = True | ||
| Upload/change profile image via MM | MediaPortal_Upload | Enable profile images = True Enable users to see and edit their account information = True | |
| Restore old asset version via MM | Asset_Can_Replace | Write access to "Upload" folder (Usually granted through the "Trusted" group) (Having write access to Content does nothing) | |
| Replace asset + See "Asset History" (Not audit trail) | Asset_Can_Replace | Write access to the asset | |
| See asset statuses + Enable the "My tasks" view | WorkStages_View | Read access to the asset | |
| Enable the "All tasks" view | WorkStages_View WorkStages_View_Others | Read access to the asset | |
| Change/set assets' statuses (on assets not already assigned to other users - Meaning only assets where you or none is assigned) | MediaPortal_Member_Viewer WorkStages_View | Write access to the asset Write rights to the metadata fields in "Metadata > Asset > Shared > Tasks" (usually granted via trusted) | |
| Change/set assets' statuses (regardless of who they're assigned to) | MediaPortal_Member_Viewer WorkStages_View WorkStages_Edit_Others | Write access to the asset Write rights to the metadata fields in "Metadata > Asset > Shared > Tasks" (usually granted via trusted) | |
| Printing | Asset_Can_Download | The asset is "public" (no padlock) | |
| Download predefined qualities | Asset_Can_Download | The asset is "public" (no padlock) Should be added to a group with download qualities: "Guest", "Light Users", "Content Creators", "Administrators", or "Super Administrators" | Custom quality color spaces = must have content Custom quality image types = must have content Enable custom quality download = true |
| Download custom qualities | Asset_Can_Download Asset_Can_Download_Custom_Quality | The asset is "public" (no padlock) | |
| Enable sharing (URL, ZIP, Social) | MediaPortal_Sharing | The asset is "public" (no padlock) | |
| Enable embed as a sharing option for videos | MediaPortal_Video_Embed MediaPortal_Sharing | Choose available embed video sizes = must have content Choose available embed video qualities = must have content Embed player user = must have content (usually "Guest") | |
| Enable sharing assets to/via collections (Create new, Add to existing) | MediaPortal_Sharing MediaPortal_Collection | The asset is "public" (no padlock) | |
| Add asset to own collection | MediaPortal_Collection | The asset is "public" (no padlock) | |
| Enable ability to CRUD own collections | MediaPortal_Collection | ||
| Enable ability to CRUD own collections + CRUD collections shared to oneself/Others | MediaPortal_Collection | Give new recipients of non-social collections (e.g. not Facebook collections) access to manipulate collections = true | |
| Enable non-preexisting users to read collections on an SSO site | MediaPortal_Collection | Allow shared collection users to bypass login required screen = true | |
| Enable user to use AI Tagging + your site has external access | Ai_Add | Write access to the asset (only images) | Enable AI tagging functionality for metadata field = Keywords(10192) (Keywords must be autotranslate = true) |
| If you want AI tagging but don't have external access | Ai_Add | Write access to the asset (only images) | Enable AI tagging functionality for metadata field = Keywords(10192) (Keywords must be autotranslate = true) Use local analysis for AI services = true |
| Enable CRUD of own saved searches | Saved_Searches_CRUD | ||
| Enable crop/trim (share it via email) | Asset_Can_Crop Asset_Can_Replace OR Asset_Can_Revise | ||
| Enable crop/trim + Replace original asset with crop/trim | Asset_Can_Crop Asset_Can_Replace | Write access to the asset Write access to the Uploads folder OR the Content folder (The option to restore requires "write access" to the Uploads folder) | |
| Enable crop/trim + Make new child asset with crop/trim | Asset_Can_Crop Asset_Can_Revise | Write access to the asset Write access to the Uploads folder OR the Content folder | |
| Have filter open every time you access the MM | Automatically expand filter pane in asset list = true | ||
| Make all filters be expanded every time you access MM | Automatically expand filter pane in asset list = true Automatically expand individual filters in asset list = true | ||
| Make asset ID shown | Show asset ID in asset list = true | ||
| Enable password reset | Enable the option to reset one's password = true | ||
Enable self sign-up where users can choose their own password | Enable self sign up = true Template user for self sign up users = A user with all the rights, roles, and groups your users should have (User must be enabled) Allow users to chose a password on signup = true Auto created user folder ID = the ID of the folder where you want your users to go. | ||
Enable email verification for self-sign up (when self sign-up already is enabled) where users can choose their own password | Enable self sign up = true Template user for self sign up users = A user with all the rights, roles, and groups your users should have (User must be disabled) Allow users to chose a password on signup = true Verification when a user is created using self sign up = Email verification | ||
Enable admin verification for self-sign up (when self sign-up already is enabled) where users can choose their own password | Enable self sign up = true Template user for self sign up users = A user with all the rights, roles, and groups your users should have (User must be disabled) Allow users to chose a password on signup = true Verification when a user is created using self sign up = Admin verification Administrative verification email = the admin's email | ||
| Enable that refreshing MM will log one out | Enable persistent login = false | ||
| Enable multi-download of assets | Asset_Can_Download Can_Live_Export_Asset_Only | Should be added to a group with download qualities: "Guest", "Light Users", "Content Creators", "Administrators", or "Super Administrators" | |
| Enable multi-download of metadata | Asset_Can_Download Can_Live_Export_Metadata_Only | Should be added to a group with download qualities: "Guest", "Light Users", "Content Creators", "Administrators", or "Super Administrators" | |
| Enable multi-download of assets and metadata | Asset_Can_Download Can_Live_Export_Assets_And_Metadata | Should be added to a group with download qualities: "Guest", "Light Users", "Content Creators", "Administrators", or "Super Administrators" |
...