Role configuration
- Tobias Thornfeldt Wolters
The following roles can be assigned to users and user groups:
id | Role | Description |
|---|---|---|
2 | Uploader | Gives access to create and upload new assets |
27 | Editor_SystemTools_UserManager_Users | Gives access to see and edit users in the system administration view |
36 | Editor_SystemTools_UserManager_Groups | Gives access to see and edit user groups in the system administration view |
37 | Editor_SystemTools_Metadata | Gives access to see and edit metadata definitions |
38 | Administrator | Administrator role used for all administration APIs |
43 | Editor_SystemTools_DigizuiteConfig | Gives access to see and edit service configurations in the system administration view |
44 | Editor_SystemTools_MediaFormat | Gives access to see the format system administration UI. Gives access to see the connector administration UI for portals |
52 | RunningJobs_View | Gives access to see the progress of their own running jobs, such as transcode jobs |
54 | RunningJobs_ViewAll | Gives access to see the progress of all running jobs, such as transcode jobs |
65 | Editor_SystemTools_Config | Gives access to product configuration, including labels and configuration fields |
74 | Editor_SystemTools_AlwaysAllowItemSecurityEdit | Allows the user to bypass all item security checks - use carefully! |
76 | MediaPortal_Admin_StartScreen | Allows editing of the start screen in Media Manager |
80 | MediaPortal_User | Gives access to login into MediaManager |
81 | MediaPortal_Collection | Gives access to collections |
91 | Editor_SystemTools_MetaDataLanguage | Gives access to managing languages |
95 | Member_Viewer | Allows users to see basic information about other users, such as usernames. Please be aware that this role has no impact on master item reference metafields, which can contain references to other users. |
101 | MediaPortal_Video_Embed | Allows the user to embed videos from the Media Manager. |
103 | Comments_CRUD | Gives access to see, add, delete and edit own comments |
104 | Comments_View | Gives access to see comments |
105 | Comments_Admin_Delete | Gives access to delete all comments |
106 | Asset_Can_Download | Gives access to download assets - Please note that download is controlled by a set of roles and download qualities |
107 | Asset_Can_Download_Custom_Quality | Gives access to download custom renditions if enabled by configuration |
108 | Asset_Can_Replace | Allows users to replace assets |
109 | Asset_Can_Revise | Allows users to replace an asset with a trim or crop |
110 | Asset_Can_Crop | Allows users to crop and trim assets |
111 | AuditTrail_View | Allows users to view audit trail for assets |
112 | Ai_Add | Allows users to use AI capabilities if enabled and configured |
113 | Can_Change_Styling_And_Theming | Allows users to change the styling and theming when Brand portal is not enabled |
114 | WorkStages_View | This role allows the user to see the statuses of tasks they're assigned to |
115 | WorkStages_Edit_Others | This role allows editing of asset status' they are not assigned to |
116 | WorkStages_View_Others | This role allows users to always see asset status |
121 | Saved_Searches_CRUD | Gives access to saved searches |
122 | Ai_Translate | Gives access to use metadata translation APIs |
123 | Integration_Endpoints_View | Allows users to see integration endpoints |
124 | Integration_Endpoints_CRUD | Allows users to edit integration endpoints |
125 | Asset_Can_Delete_Permanently | Allows users to permanently delete assets |
126 | Can_Edit_Automation_Workflow | Allows editing of automations |
127 | Can_View_Logs | Allows users to see system logs |
128 | Can_View_Automation_Workflow_Status | Allows users to see the status of automations |
129 | Can_Live_Export_Assets_And_Metadata | Full access for downloading and exporting assets and its metadata |
130 | Can_Live_Export_Asset_Only | Gives access to download assets |
131 | Can_Live_Export_Metadata_Only | Gives access to export metadata for assets |
132 | Business_Workflow_View | Gives access to see the workflow definitions |
133 | Business_Workflow_CRUD | Gives access to edit the workflow definitions |
134 | Download_Approval_Bypass | If download approval is enabled, this role bypasses it |
135 | Download_Approval_Admin | Gives access to configure download approval |
136 | Copyright_Notification_Bypass | If copyright notification is enabled, this role bypasses it |
138 | Youtube_Admin | Gives access to configure Youtube integrations |
139 | Business_Workflow_Instance_View_Others | This role allows the users to see tasks in Workflows they are not assigned to |
140 | Asset_Can_Download_Any | Bypasses all download rules |
141 | Can_See_Grafana_Shortcut | Gives access to system monitoring |
142 | Comments_Admin_Update | Gives access to edit all comments |
143 | Business_Workflow_General_Transition_Executor | Allows users to do transitions in workflow tasks that have no user constraints on transition |
144 | Business_Workflow_Instance_Delete | Allows users to delete workflow tasks |
147 | Business_Workflow_Instance_View | Allows users to see workflow tasks they are assigned to |
148 | Business_Workflow_Instance_Transition | Allows users to see transitions |
149 | Business_Workflow_Instance_Assign | Allows assigning workflow tasks to other people |
150 | EditSso | Allows editing of SSO settings |
151 | CanImpersonate | Allows a user to create access keys for other users. Be careful with this role as it allows bumping user access. Should only be used for System user |
152 | FileRepository_Read | Used for files in workflows. This gives the users access to see attached files |
153 | FileRepository_Read_Secret | Used for files in workflows. This gives the users access to see secret attached files |
154 | FileRepository_Upload | Used for files in workflows. This gives the users access to see uploaded files |
155 | FileRepository_Delete | Used for files in workflows. This gives the users access to see delete uploaded files |
156 | MailTemplates_CRUD | Allows users to edit mail templates |
157 | Can_Force_Job_Status_Change | Allows users to change job status, for example restarting a failed job |
159 | Can_Rerun_Workflows | This allows users to run automations with a manual trigger |
160 | ItemCheckInOut_CRUD | This gives access to check-in and check-out |
161 | ChannelFolder_CRUD | Allows the user to edit Channel folders. As of this release, this is a new API not being used in any UI and therefore this role is not needed by users |
162 | ChannelFolder_View | Allows the user to see Channel folders. As of this release, this is a new API not being used in any UI and therefore this role is not needed by users |
163 | ConfigManagement_Admin | Allows users to edit the configuration for products. This is a new API and is not available through UI yet. |
171 | Can_See_Generic_Job_Status | Allows users to see generic job status - for instance elastic re-indexing |
172 | Can_Admin_Accelerated_Search | Allows users to see the status for search administration in Media Manager |
174 | Can_configure_portals | Allows editing of Digizuite portals. Requires FileRepository_Upload and FileRepository_Delete to work |
175 | Can_view_portals | Allows users to see Digizuite portals |
176 | Can_view_metadata_tab | Allows users to see the metadata tab on asset details |
177 | Can_view_related_assets | Allows users to see the related assets tab on asset details |
178 | Can_manage_filters_and_fields | Allows users to set up filters and free text searching. Requires Editor_systemTools_config to work |
180 | Can_view_service_health | Allows users to see the health status of the DigizuiteCore services |
181 | Asset_Can_Archive | Allows users to archive (soft delete) assets |
182 | Can_view_rabbit_health | Allows users to see the RabbitMQ queues |
183 | Can_crud_rabbit_health | Allows users to perform move and pruge messages also create and delete temp queues in RabbitMQ |
184 | Collection_Super_Administrator | Allows the user to access the apis defined under "DigizuiteCore/CollaborationService/api/collection/admin". These are currently only used by AW. So only the System user really needs this role, though by default it is given to the Super Administrator group. |
187 | Can_crop_email | Allows the user to make a crop and e-mail it to someone |
191 | Collection_can_share_mail | Allows the user to share with an external e-mail can be turned on through Media Manager Settings → collections → Enable external collection sharing |
192 | Collection_can_share_zip | Allows the user to share asset(s) as a zip can be turned on through Media Manager Settings → collections → Enable external collection sharing |
193 | Collection_can_share_user | Allows the user to share collections with other users can be turned on through Media Manager Settings → collections → Enable external collection sharing |
194 | Collection_can_share_group | Allows the user to share with groups can be turned on through Media Manager Settings → collections → Enable external collection sharing |
195 | Collection_can_share_link | Allows the user to share a collection as a link can be turned on through Media Manager Settings → collections → Enable external collection sharing |
196 | Can_Configure_Importer | Allows the user to configure the importer |
197 | Can_change_password | Allows the user to change it's own password |
198 | Can_embed_assets | Allows the user to use the embed video feature |
199 | Can_embed_assets_admin | Allows the user to manage active embeds |
200 | Can_edit_combo_nodes | Instead of granting access individually per CV, this gives the user write rights to all combo values. This role functions as an OR; adding this changes nothing if you already have write rights. |
201 | Can_edit_tree_nodes | Instead of granting access individually per tree, this gives the user write rights to all tree nodes. This role functions as an OR; adding this changes nothing if you already have write rights. However, even if you have write rights to the MM folders, this is still required for users to edit MM folders via brand portal. |
203 | Analytics_viewer | Allows the user to view analytics. |
204 | Analytics_writer | Allows the user to create, update, and delete dashboards. |
205 | Formats_CRUD | Allows the user to create, read, update, and delete formats. NB: Since users with this role can define image formats with custom ImageMagick commands, the role must only be given to very trusted users to avoid command injection attacks. |
206 | SystemAdministrationAuditTrail_View | Allows the user to watch audit trail information on system configs. |
207 | Can_Switch_To_Database_Mode | Allows the user to switch to "Database Mode" in the advanced search UI in the Media Manager. NB: This only affect the visibility of the "Database Mode" button in the UI. The user can still use database mode by calling the API manually. |
208 | AssetCategories_reader | Gives access to viewing the asset category definitions in the system. |
209 | AssetCategories_writer | Gives access to creating, updating and deleting asset category definitions. |
210 | Analytics_exporter | Allows exporting data from the analytics service via the api. |
211 | MediaPortal_Audio_Embed | Allows the user to embed audio from the Media Manager. |
212 | AssetRelationTypes_reader | Gives access to viewing asset relation type definitions |
213 | AssetRelationTypes_writer | Gives access to edit asset relation type definitions |
214 | Can_Live_Export_System_Data | Allows the user to export system data for assets (added in 6.3) |