/
DFS 9.2.0 - How to create new roles and map access rights

DFS 9.2.0 - How to create new roles and map access rights

Feb 19, 2019

This guide describes how to create a new role and map it to a Digizuite group in order to control access to assets and metadata.

1 - Create new role in Sitecore

Create a new role in Sitecore. Note the domain (i.e. Sitecore, Default or Extranet) and the username (e.g testrole).

2 - Create a new Group in Digizuite

Create a new group in Digizuite with the same name as the role just created in Sitecore. It is important that it also has the domain name. If the new role in Sitecore is called 'testrole' and is in the 'sitecore' domain, then the corresponding Digizuite group must be called 'sitecore\testrole'.

Digizuite groups are created under System tools → Users and Groups → Groups → Folder in which group should be placed → Add.

3 - Setup access rights in Digizuite

Setup read/write access rights in Digizuite on assets and metadata.

Access rights on assets can be set individually on each asset or it can be applied to the channel folder in which the asset is located and recursively applied to all assets in it.

  • To see assets, the group must have access to asset(s) and the metadata field used as menu (Standard configuration uses Media Manager Menu).

  • To see metadata, the group must have access to the metafield and the metagroup (i.e. the tab in which the field is located).

4 - Synchronize the silo (optional)

Once the access rights are setup correctly in Digizuite, they need to be synchronized into Sitecore. The auto synchronization pipeline does pick up security changes and thereby does update and map it correctly, however, to speed things up, it is also possible to run a full synchronization of the silo.

5 - Grant user new role and role 'sitecore\Digizuite DAM for Sitecore Explorer Access' in Sitecore

Once the access rights are synced, grant user(s) the new role and the role 'sitecore\Digizuite DAM for Sitecore Explorer Access'. The latter is used as a base role and it grants access the DAM Explorer. So if the user needs access to that, it is important that the user also has the 'sitecore\Digizuite DAM for Sitecore Explorer Access' role.