DC 5.4 Roles
General information
Roles can be added to users in three ways:
Directly on the user (Role→User)
Inherited via a group which the user is a part of (Role→Group→User)
Inherited via a group that has the role inherited from another group (Role→Group→Group→User) (Technically, you can have unlimited groups in groups - but the groups must never create a circular reference)
Users can simultaneously have roles added directly and roles inherited via groups - having the same role added twice (or multiple times) doesn't have an impact. Removing e.g. a group with a duplicate role - will still leave your user with the role.
Roles and groups that have been inherited, will be greyed out. (You also inherit download qualities, but our current implementation does not make them show up. In a perfect world, the inherited download qualities would show up as greyed out)
If you have duplicate roles then the role will have a (+) appended
CRUD |
|
|---|---|
Create | Make new things |
Read | Retrieve existing things |
Update | Change existing things |
Delete | Delete existing things |
List of roles
This list is descriptive, meaning that it's not prescriptive.
Essentially, this means that this list describes what it currently does - not what it's supposed to do. As time goes on, these two things should align 100%.
# | Roles | DC | MM | OC | Marked for deletion by: | Description |
|---|---|---|---|---|---|---|
1 | Administrator | ✓ | ✗ |
|
| Used internally to access different internal apis, like loading workflows in a format that can actually be initialized. Should be given to the System user. |
2 | Ai_Add | ✗ | ✓ |
|
| Enables you to use AI tagging on images. Requires additional setup if you don't want to use Digizuite's Azure account for it. Requires an EditMultiComboVlaue to be defined in MM's config manager. |
3 | Ai_Translate | ✗ | ✓ |
|
| If you have AI tagging enabled, this role allows you to translate values into other languages automatically. |
4 | Asset_Can_Crop | ✗ | ✓ |
|
| Is the gateway to use crop. On its own, it only supports sending out "crops" via email. This role can be combined with "Asset_Can_Revise" to make an asset have crops as children - and "Asset_Can_Replace" which enables the crop to supersede the asset being cropped- |
5 | Asset_Can_Delete_Permanently | ✓ | ✗ |
|
| Enables one to remove an asset + all its metadata from all places (storage, Azure storage, database) |
6 | Asset_Can_Download | ✗ | ✓ |
|
| Enables one to download an asset and print published assets (assets without a lock). You need to have download qualities added, to be able to download assets. These are assigned via groups. Groups with download qualities are: "Guest", "Light Users", "Content Creators", "Administrators", and "Super Administrators" |
7 | Asset_Can_Download_Custom_Quality | ✗ | ✓ |
|
| Gives one the option to download an asset in either another colorspace (e.g. sRGB, greyscale) or another filetype (jpg, png) |
8 | Asset_Can_Replace | ✓ | ✓ |
|
| Enables assets to be replaced via the MM. It requires "write rights" to the asset to work. It also allows for assets to be replaced by crops + it enables restoring older versions of the asset via the "Asset history" (Effectively reverting a replace) |
9 | Asset_Can_Revise | ✗ | ✓ |
|
| Enables one to make crops into child assets |
10 | AuditTrail_View | ✗ | ✓ |
|
| Enables one to look at all assets' audit trail (basically metadata history). Please be aware that very few things are "audited" out of the box |
11 | Can_Change_Styling_And_Theming | ✗ | ✓ |
|
| Gives one the ability to change the channel's logo and color (theming/styling) via the MM |
12 | Can_Edit_Automation_Workflow | ✗ | ✓ |
|
| Allows the user to see and edit automations |
13 | Can_Live_Export_Asset_Only | ✗ | ✓ |
|
| Allows the user to create an export that contains only assets. Also required to enable sharing by zip. |
14 | Can_Live_Export_Assets_And_Metadata | ✗ | ✓ |
|
| Allows the user to create an export that contains both assets and metadata |
15 | Can_Live_Export_Metadata_Only | ✗ | ✓ |
|
| Allows the user to create an export that contains only metadata |
16 | Can_View_Automation_Workflow_Status | ✗ | ✓ |
|
| Allows the user to view the status of running automations |
17 | Can_View_Logs | ✗ | ✓ |
|
| Allows the user to view some logs directly in the MM UI |
19 | Can_Open_Office_Documents | ✗ | ✓ |
|
| Enables one to open Office documents in the Office Connector via the MM. Supports PowerPoints, Word, and Excel formats (incl. macros and templates) |
20 | Comments_Admin_Delete | ✓ | ✓ |
|
| Enables one to Delete other peoples' comments - e.g. to remove spam |
94 | Comments_Admin_Update | ✓ | ✓ |
|
| Enables one to Update other people's comments |
21 | Comments_CRUD | ✓ | ✓ |
|
| Enables one to Create (own), Update (own), Delete (own) comments (for tasks and images) and Create (own), Update (own), Delete (own), annotations on images. It requires Comment_View to function. |
22 | Comment_View | ✓ | ✓ |
|
| Enables one to Read (all) comments (assets and tasks) and Read (all) annotations |
23 | Editor_Catalogs | ✓ | ✗ |
|
| Enables "Catalog" in the left side menu |
24 | Editor_Portal | ✓ | ✗ |
|
| Enables "Channels" in the left side menu |
25 | Editor_Portal_Admin | ✓ | ✗ |
| LS | Does nothing beyond what "Editor_Portal" already does. Deprecated. |
26 | Editor_SystemTools_AllwaysAllowItemSecurityEdit | ✓ | ✓ |
|
| This role at its purest
Gives you read access to everything you've added - e.g. makes all Catalog and Channel folders appear if you've added "Editor_Catalogs" and "Editor_Portal". It only in the DC - It does not give you read access to the added assets in the MM, even though you seemingly have read access to them when you look at it Channels in DC. With this, you can give yourself (and others) write access to folders you don't have write access to. It also adds "System Tools" to the left side menu - but it is blank - meaning that there are not any system tools in it. It opens up for access to content in Media Manager. Here this role gives you high-level access. It gives you access to all collections for all users in the system |
27 | Editor_SystemTools_Config | ✓ | ✗ |
|
| Enables System Tools → ConfigManager |
28 | Editor_SystemTools_Dam | ✓ | ✗ |
|
| Enables one to select all catalog and channel folders in System tools → Workflow → AssetSyncFolder → "Sync rootfolder"/"Destination folder". Without this role, one can only select folders that you have read-access to. |
29 | Editor_SystemTools_Destinations | ✓ | ✗ |
|
| Enables System Tools → Destinations |
30 | Editor_SystemTools_DigizuiteConfig | ✓ | ✗ |
|
| Enables System Tools → Digizuite™ configuration AND Enables System Tools → Asset type configuration |
31 | Editor_SystemTools_License | ✓ | ✗ |
|
| Enables System Tools → License |
32 | Editor_SystemTools_MediaFormat | ✓ | ✗ |
|
| Enables System Tools → Formats |
33 | Editor_SystemTools_MediaFormatType | ✓ | ✗ |
|
| Enables System Tools → Format types |
34 | Editor_SystemTools_Metadata | ✓ | ✗ |
|
| Enables System Tools → Metadata |
35 | Editor_SystemTools_MetaDataLanguage | ✓ | ✗ |
|
| Enables System Tools → Language |
36 | Editor_SystemTools_PlayerTemplate | ✓ | ✗ |
| LS | Deprecated with the deprecation of player templates. There is a cleanup task already for player template. |
37 | Editor_SystemTools_Profiles | ✓ | ✗ |
|
| Enables System Tools → Profiles |
38 | Editor_SystemTools_Status | ✓ | ✗ |
|
| Enables System Tools → Status |
39 | Editor_SystemTools_Stopwords | ✓ | ✗ |
|
| Enables System Tools → Search stop words |
40 | Editor_SystemTools_TranscodeSetting | ✓ | ✗ |
|
| Enables System Tools → Transcode settings |
41 | Editor_SystemTools_UserManager_Groups | ✓ | ✗ |
|
| Enables System Tools → Users and groups → Groups |
42 | Editor_SystemTools_UserManager_Users | ✓ | ✗ |
|
| Enables System Tools → Users and groups → Users |
43 | Editor_SystemTools_Workflow | ✓ | ✗ |
|
| Enables System Tools → Workflow |
44 | GDPR_Admin | ✗ |