Controlling user access to folders and assets in Elvis 5
Before they can do this, they need to be given access to these clients and the stored assets. This is done by adding the users or user groups to Elvis and subsequently defining Permissions for these users or user groups. Such Permissions control access to:
- Client applications and their features
- Folders and assets in Elvis
- Metadata fields
This article describes how to control user access to folders and assets.
Note: See the full process demonstrated in this short video:
Access to folders and/or assets and controlling the actions that can be performed on them is done through 'Rules'.
The process of managing Rules comes in two parts:
- Setting up a Rule. Here you will define the folders and/or assets that should be given access to.
- Assigning a Rule to users or user groups. Here you will define which actions can be performed on the folders and/or assets.
Setting up a Rule
Before you can assign a Rule, it needs to be set up.
This can be done in the following ways:
- By specifying a folder within the Elvis structure. Access will then be granted to the folder including all its subfolders and assets.
- By constructing a metadata query. This is a way of fine-tuning access, for instance by only allowing access to files that have a status of 'Production'.
- By specifying a folder and constructing a metadata query. Similar to the separate rules above, but now combined into one rule.
Step 1. In the Elvis Desktop client, access the Manage Rules tab by choosing System > Manage Rules.
Figure: Managing Rules is done in the Manage Rules tab.
Step 2. Click the + sign to access the New Query window.
Figure: Access the New Query window (A) by clicking the + sign (B).
Step 3. Set up your Rule by entering a descriptive name, setting up a folder restriction, setting up a query restriction, or setting up combined folder and query restriction.
Step 3a. Click Add folder(s).
Step 3b. Browse to the folder that you want to give access to.
Step 3c. Click Select.
Step 3d. (Optional) Add additional folder locations.
Step 3a. Click the check box Restrict permissions with a metadata query.
Step 3b. Enter your query in the Query box.
Tip: Quickly locate metadata fields to include by searching for them in the Fields overview list. Clicking a found field will automatically add it to the Query box.
For information about constructing queries, see The Elvis 5 query syntax.
Note: Using wildcard queries in a query restriction is not supported; these slow down searches too much and will affect every search done on the system.
Example: To restrict access only to assets that have a status of 'production', add the following query:
Step 4. (Optional) Test your Rule by clicking Test query.
Step 5. Click Save.
Step 6. (Optional) Set up additional Rules.
Rules are assigned to users and user groups as part of assigning Permissions. This is done in the Manage Permissions tab.
Step 1. In the Elvis Desktop client choose System > Manage Permissions.
Step 2. Use the search options to search for users and/or user groups.
In certain scenarios, the following error can appear:
LDAP search failed: The number of search results exceeds the Active Directory limit. Modify your search to limit the number of results.
For more information, see "LDAP search failed" error when searching for users in Elvis 5.
Step 3. Select the user or user group to which you want to assign a Rule.
Step 4. Choose the Rules tab.
Step 5. Click the + sign to access the Select rules window.
Figure: Access the Select Rules window (A) by clicking the + sign (B).
Step 6. Select one or more Rules and click Select.
Permissions that can be applied to that rule appear (see Permission types below).
Step 7. For each permission that should be granted, select its check box.
Step 8. Click Save.
Step 9. (Optional) Assign additional rules.
- View. Allows users to view content.
Note: Be careful assigning View permissions to Rules that only contain a query restriction (and not a folder restriction). Doing so allows users to view all assets, including those in other users' zones (a long as the assets match the query).
- View preview. Allows user to view content in ‘preview’ size.
- Hide watermarks. (Requires Elvis 5.13 or higher, only available when applying watermarks to images is enabled in Elvis Server). Allows users to see images without a watermark.
- Use original. (Can only be set when 'Hide watermarks' is also set, see above.) Allows the user to perform the following tasks:
- Check-out 1
- Restoring a previous version of an asset 1
1 Also requires the 'Edit' permission to be set.
- Edit metadata. Allows the user to edit metadata of assets, such as modifying data in metadata fields.
Note: Which metadata fields can be edited is controlled by assigning Edit permission for each field.
- Edit. Allows the user to perform the following tasks:
- Opening files for editing (through a process of checking-out and checking-in that file) 1
- Restoring a previous version of an asset 1
- Editing Collections (such as adding or removing assets)
- Rotating images
1 Also requires the 'Use original' permission to be set.
- Rename. Allows user to rename assets or Collections.
Note: To rename folders users need 'Move' permission because it changes the location of all the assets within the folder.
- Move. Allows user to move assets or folders.
Note: The user needs to have permission on the source folder and the destination folder.
- Create. Allows the user to perform the following tasks:
- Create content (such as folders or Collections)
- Import content
- Delete. Allows the user to delete content, versions of files or Collections.
Tip: Applying rules to users affects the time it takes to do searches and get search results. Assigning many or complex rules to a single user or user group will negatively impact search performance for that user or user group.
In the following examples, 4 Rules have been set up:
- A query restriction based on Status = 'Production'
- A folder restriction on the Archive folder
- A folder restriction on the Images & Video folder
- A folder restriction on the Documents folder
Consider that we have the following user groups to assign permissions to:
During our preparation it was decided that the these groups should have the following permissions:
- All groups should be able to view content in the Archive folder.
- Designers should be able to view, preview, create, rename and move content in the Images & Videos folder.
- Photographers should be able to view, preview, create and rename content in the Images & Videos folder. They should also be able to edit the metadata of their files.
- Editors should be able to view, preview and create content in the Documents folder.
- Designers and editors should be able to preview, download, copy, check-out and restore versions of all assets that have the status 'Production' assigned. They should also be able to edit the metadata of these files.
This results in the following setup: