DC 5.3.0 3.9 Roles
Roles can be added to users in three ways:
Directly on the user (Role→User)
Inherited via a group which the user is a part of (Role→Group→User)
Inherited via a group that has the role inherited from another group (Role→Group→Group→User) (Technically, you can have unlimited groups in groups - but the groups must never create a circular reference)
Users can simultaneously have roles added directly and roles inherited via groups - having the same role added twice (or multiple times) doesn't have an impact. Removing e.g. a group with a duplicate role - will still leave your user with the role.
Roles and groups that have been inherited, will be greyed out. (You also inherit download qualities, but our current implementation does not make them show up. In a perfect world, the inherited download qualities would show up as greyed out)
If you have duplicate roles then the role will have a (+) appended
CRUD |
|
|---|---|
Create | Make new things |
Read | Retrieve existing things |
Update | Change existing things |
Delete | Delete existing things |
# | Roles | DC | MM | Marked for deletion by: | Description |
|---|---|---|---|---|---|
1 | Administrator | ✓ | ✗ | LS | Not implemented - to be deleted |
2 | Ai_Add | ✗ | ✓ |
| Enables you to use AI tagging on images. Requires additional setup if you don't want to use Digizuite's Azure account for it. Requires an EditMultiComboVlaue to be defined in MM's config manager. |
3 | Ai_Translate | ✗ | ✗ |
| Not yet implemented |
4 | Asset_Can_Crop | ✗ | ✓ |
| Is the gateway to use crop. On its own, it only supports sending out "crops" via email. This role can be combined with "Asset_Can_Revise" to make an asset have crops as children - and "Asset_Can_Replace" which enables the crop to supersede the asset being cropped- |
5 | Asset_Can_Delete_Permanently | ✓ | ✗ |
| Enables one to remove an asset + all its metadata from all places (storage, Azure storage, database) |
6 | Asset_Can_Download | ✗ | ✓ |
| Enables one to download an asset and print published assets (assets without a lock). You need to have download qualities added, to be able to download assets. These are assigned via groups. Groups with download qualities are: "Guest", "Light Users", "Content Creators", "Administrators", and "Super Administrators" |
7 | Asset_Can_Download_Custom_Quality | ✗ | ✓ |
| Gives one the option to download an asset in either another colorspace (e.g. sRGB, greyscale) or another filetype (jpg, png) |
8 | Asset_Can_Replace | ✓ | ✓ |
| Enables assets to be replaced via the MM. It requires "write rights" to the asset to work. It also allows for assets to be replaced by crops + it enables restoring older versions of the asset via the "Asset history" (Effectively reverting a replace) |
9 | Asset_Can_Revise | ✗ | ✓ |
| Enables one to make crops into child assets |
10 | AuditTrail_View | ✗ | ✓ |
| Enables one to look at all assets' audit trail (basically metadata history). Please be aware that very few things are "audited" out of the box |
11 | Can_Change_Styling_And_Theming | ✗ | ✓ |
| Gives one the ability to change the channel's logo and color (theming/styling) via the MM |
12 | Can_Edit_Automation_Workflow | ✗ | ✓ |
| Allows the user to edit automation workflows |
13 | Can_Live_Export_Asset_Only | ✗ | ✓ |
| Allows the user to create an export that contains only assets |
14 | Can_Live_Export_Assets_And_Metadata | ✗ | ✓ |
| Allows the user to create an export that contains both assets and metadata |
15 | Can_Live_Export_Metadata_Only | ✗ | ✓ |
| Allows the user to create an export that contains only metadata |
16 | Can_View_Automation_Workflow_Status | ✗ | ✓ |
| Allows the user to view the status of running workflows |
17 | Can_View_Logs | ✗ | ✓ |
| Allows the user to view some logs directly in the MM UI |
18 | Can_Force_Unlock_Office_Document (Added with OC) | ✗ | ✓ |
| Enables one to remove a lock off of a locked Office document. If an Office asset is locked, then opening it via the Office Connector will not enable one to update/replace the asset via the connector. If the asset is unlocked, one can update/replace an asset. |
19 | Can_Open_Office_Documents (Added with OC) | ✗ | ✓ |
| Enables one to open Office documents in the Office Connector via the MM. Supports PowerPoints, Word, and Excel formats (incl. macros and templates) |
20 | Comments_Admin_Delete | ✗ | ✓ |
| Enables one to Delete other peoples' comments - e.g. to remove spam |
21 | Comments_CRUD | ✗ | ✓ |
| Enables one to Create, Read (all), Update (your own), Delete (your own) comments |
22 | Comment_View | ✗ | ✓ |
| Enables one to Read all comments |
23 | Editor_Catalogs | ✓ | ✗ |
| Enables "Catalog" in the left side menu |
24 | Editor_Portal | ✓ | ✗ |
| Enables "Channels" in the left side menu |
25 | Editor_Portal_Admin | ✓ | ✗ | LS | Does nothing beyond what "Editor_Portal" already does. Deprecated. |
26 | Editor_SystemTools_AllwaysAllowItemSecurityEdit | ✓ | ✓ |
| Gives you read access to everything you've added - e.g. makes all Catalog and Channel folders appear if you've added "Editor_Catalogs" and "Editor_Portal". It only in the DC - It does not give you read access to the added assets in the MM, even though you seemingly have read access to them when you look at it Channels in DC. With this, you can give yourself (and others) write access to folders you don't have write access to. It also adds "System Tools" to the left side menu - but it is blank - meaning that there are not any system tools in it. It opens up for access to content in Media Manager. Here this role gives you high-level access. |
27 | Editor_SystemTools_Config | ✓ | ✗ |
| Enables System Tools → ConfigManager |
28 | Editor_SystemTools_Dam | ✓ | ✗ |
| Enables one to select all catalog and channel folders in System tools → Workflow → AssetSyncFolder → "Sync rootfolder"/"Destination folder". Without this role, one can only select folders that you have read-access to. |
29 | Editor_SystemTools_Destinations | ✓ | ✗ |
| Enables System Tools → Destinations |
30 | Editor_SystemTools_DigizuiteConfig | ✓ | ✗ |
| Enables System Tools → Digizuite™ configuration AND Enables System Tools → Asset type configuration |
31 | Editor_SystemTools_License | ✓ | ✗ |
| Enables System Tools → License |
32 | Editor_SystemTools_MediaFormat | ✓ | ✗ |
| Enables System Tools → Formats |
33 | Editor_SystemTools_MediaFormatType | ✓ | ✗ |
| Enables System Tools → Format types |
34 | Editor_SystemTools_Metadata | ✓ | ✗ |
| Enables System Tools → Metadata |
35 | Editor_SystemTools_MetaDataLanguage | ✓ | ✗ |
| Enables System Tools → Language |
36 | Editor_SystemTools_PlayerTemplate | ✓ | ✗ | LS | Deprecated with the deprecation of player templates. There is a cleanup task already for player template. |
37 | Editor_SystemTools_Profiles | ✓ | ✗ |
| Enables System Tools → Profiles |
38 | Editor_SystemTools_Status | ✓ | ✗ |
| Enables System Tools → Status |
39 | Editor_SystemTools_Stopwords | ✓ | ✗ |
| Enables System Tools → Search stop words |
40 | Editor_SystemTools_TranscodeSetting | ✓ | ✗ |
| Enables System Tools → Transcode settings |
41 | Editor_SystemTools_UserManager_Groups | ✓ | ✗ |
| Enables System Tools → Users and groups → Groups |
42 | Editor_SystemTools_UserManager_Users | ✓ | ✗ |
| Enables System Tools → Users and groups → Users |
43 | Editor_SystemTools_Workflow | ✓ | ✗ |
| Enables System Tools → Workflow |
44 | GDPR_Admin | ✗ | ✗ |
| It gives you the right to Read and Delete other users' data. There is no UI for this. |
45 | Integration_Endpoints_CRUD | ✗ | ✓ |
| Gives one the ability to Create, Read, Update, Delete integration endpoints |
46 | Integration_Endpoints_View | ✗ | ✓ |
| Gives one the ability to Read existing integration endpoints |
47 | ItemControlAdmin | ✓ | ✗ | LS | Unused. |
48 | MediaPortal_Admin_Log | ✗ | ✓ | SF | Not implemented - to be deleted |
49 | MediaPortal_Admin_StartScreen | ✗ | ✓ |
| Enables one to change the start screen from the MM |
50 | MediaPortal_Admin_Trash | ✗ | ✓ |