/
Managing access rights

Managing access rights

Owned by Magnus Frank
Feb 27, 2025

As mentioned in the terminology section on rights management access are split into two entities

  • Objects

  • Accessors

Where the objects are assets, channels (a group of assets) or metafields and accessors are users and groups.

Editing access rights is an action available on the objects on which access rights can be controlled. For assets it is found in the more menu (if the user has the correct access) and for channels and metadata it is found in the configuration area for the given entity in the list overview.

The icon for the action is a small padlock located in the Actions column in the list overview

image-20250227-143356.png

managing the access is always initiated from the object on which the accessors can be assigned. The access dialog looks as follows

image-20250227-143521.png

Where either users or groups can be assigned with read and/or write access.

Resolving the access

As access rights can be given through channels and/or directly to the assets by giving access to users and/or groups and users can be member of multiple groups there are cases where multiple access rights can be defined for the same entity. In this situation, the access rights are resolved as the set of actions for the given entity where the highest access level takes precedence. The order of access rights are as follows

  1. Write

  2. Read

  3. No access

Which means if one access right gives write and another gives read, then the user is given read access and by this notion inherently have read access as well.

No access can be given by flipping the read and/or write flags or by entirely removing the access right.

Notice how no access has lower precedence than read and write. This means the only way to truly restrict access is to ensure that the user does not have read or write at all. It is not enough to specify no-access by flipping the read/write flags.

Assets and metadata access

Having write access to an assets allows the user to change the asset and for instance create new versions of it. However, having write access to assets is not enough to also change the associated metadata. The access to the metadata is controlled by the access to the metadata field and the asset it self.

This means, if the user only has read access to the asset, then no metadata can be changed regardless of the access rights to the metadata fields. Additionally, if the user has write access to the asset, but not the metadata field then the metadata field cannot be altered.

Therefore, write access to both the asset and the metadata field is required in order for the user to be able to edit the asset metadata.